7 Ways To Keep Your Systems Secure

eBook - Business Security Guide - 7 Ways to Keep Your Systems SecureCyber-attacks on your business can be crippling, but there are easy ways to keep the bad guys out. We have written a great eBook listing 7 simple but effective ways to reduce your risk of malware or hacking.

Click here to subscribe to our monthly newsletter and access your copy of this book – don’t worry we won’t share your details and you can unsubscribe at anytime.

If you are already a subscriber and would like a copy please email david@dpcomputing.com.au.

You will also receive a free copy of our other great eBooks including the following so sign up now!

  • 5 Reasons Your Business Needs Office365 Today!
  • Is Your Old Tech Dragging You Down?
  • Spectre and Meltdown: How you’ll be affected.
  • 10 Tips to Stay Safe Online
  • Digital Transformation – What’s In It For You?

As always, if you want to talk about ways you can save on your IT, give us a call on 08 8326 4364 or support@dpcomputing.com.au.

It’s Official: Your Website NEEDS to Use HTTPS

HTTPSYou may have noticed many business websites now have a green padlock in the address bar next to the letters ‘https’. Until recently, you would have only see that on shopping or banking sites, but it is now become the expected norm for all business websites – even if you don’t need users to log in or enter credit cards. Simply put, the ‘s’ in https stands for secure and means any data sent and / or received by the visitor is encrypted.

Clearly, this is an essential feature for e-commerce sites, but why have all the info-only websites started using https too?

The New Google Rule

As of July 2018, Google will mark your website as insecure unless you use https. It is a movement they started a few years ago to make the internet a more secure place by default. Since Google pretty much rule the internet search and increasing security is always a good idea, business websites have been gradually switching over. Without https protection, someone with access to your internet connection, whether from digital eavesdropping or hacking, could intercept the information. They could also place malware onto otherwise legitimate sites and infect innocent visitors. That is why eighty-one of the top 100 sites online have already switched to https and a very large majority of others are following suit.

The Browser Bar Says It All

In the same way a green padlock in the browser bar indicates a trustworthy site, you can expect that non-https sites will be marked with a “not secure” warning. Previously, users had to click an information symbol to actively investigate the security status of sites. This shift to plain sight markers will be most noticeable on Chrome, however it is expected that other browsers will follow suit. Future visitors to your site may then be alarmed by seeing that the connection isn’t secure.

The fact that you may not be asking them to log in, enter personal details or payment is irrelevant as perceptions matter. Eventually that warning will be changed to an alarming red as Google declares war on insecure sites. As the common understanding is that a warning is bad, you may get more visitors bouncing straight away or even contacting you to report that your site has a problem.

Boosts for Secure Sites

Google is also taking its commitment to safe web browsing further by favouring https websites. This means that Google’s search algorithm is taking your site security into account, preferring https results. Since https status get preference in search results, you may find yourself climbing in the ranking while other businesses drop. It really is a win-win situation for you to implement https..

How to proceed?

It is a little more complicated than just changing a setting within your web hosting environment. You have to order an install a SSL (Secure Sockets Layer) certificate and then install it within your hosting environment. The easiest way to do this is to contact your IT technician or web developer, as they will be able to make sure that it is all done correctly and thus will keep Google happy.

We can help secure your website by migrating it to https – contact us today at 08 83264 364 or support@dpcomputing.com.au.

4 Ways to Avoid IT Downtime

Avoid computer downtime

Technology is a wonderful thing, but what happens when the IT stops working? In today’s world IT is a necessity. Unfortunately, this means when downtime inevitably hits, you have a BIG problem.

Maybe it’s from a malware or virus attack, a bug in the system, hardware failure or something else… Whatever the cause, the impact is real and measurable and you need it fixed ASAP. Research firm Gartner, reports that 43% of small businesses close their doors right after a major data loss, and only a tiny 6% survive long term. The financial cost of each hour can be in the thousands, and the damage to your brand could be irreparable. While downtime will occasionally strike every business, there are things you can do to minimize the duration, frequency and interruption to your business.

Taking a few simple actions now may result in your business staying open while your competitor gives up.

1. Use monitored antivirus and firewalls

While most businesses have these protections, not all have embraced the idea of monitored antivirus and firewalls. Instead most small business setups have more in common with a home network than a robust professional system. Given that SMB are a primary target for malware and cyber-attack, you should seriously consider moving to the monitored versions. Our experts set up custom protection to block all attacks, both known and emerging. All updates are taken care of and company-wide protections applied.

2. Have backups you can count on

A backup can not only protect you from digital threats like viruses and ransomware, they also protect you against physical threats like robbery, fire or natural disasters. The last thing you want is for your business to be crippled by data loss. A robust backup system can be as simple as asking our team to take care of it, or if you have an on-site technician, using the rule of 3: one backup on the server, one unplugged from the server, and one off-site. If anything ever goes wrong, you’ll be able to pull up the most recent backup and continue as normal. Businesses without good backups tend to be down for days, if not weeks. You also need to regularly test your backups to confirm they are working and also backing up the correct data.

3. Planning

Nobody likes to think about their business flooding or being hit with ransomware, but do you and your employees know what to do if the worst happens? Having a comprehensive Disaster Recovery Plan helps you get up and running quicker and  minimises downtime. Everyone knows what their role is, what steps they need to take, who to tell and which systems take priority.

4. Monitor hardware for early signs of problems

Computer hardware is like any piece of equipment – when it’s getting old it will let you know! This could be anything from making noises, being louder or slower than normal or even system crashes. Each symptom is your early warning sign that allows you to take action before a crash that sends everything into downtime. We can even implement hardware monitoring to look for signs of impending issues. If the signs point to imminent failure, we can let you know and often repair or replace the affected hardware with little or no downtime.

Downtime is an unavoidable part of all modern businesses but your preparation can dictate whether it goes for one minute or one week and how often it happens. According to one study, most firms experience 43 hours average downtime per year, a number much too high for most peoples comfort. While scheduled downtime can sometimes be unavoidable, your business will appreciate being able to skip the panic of surprise downtime events. Reducing your risk is the best action you can take, making downtime a truly rare occasion. Even better, our Proactive or Managed Services can take care of this for you, stopping many downtime events before they occur.

Talk to us about ways to reduce your downtime. Contact us today on 08 8326 4364 or at support@dpcomputing.com.au.

Think Before Clicking – 5 Red Flags of Phishing Emails

Just one click can be the difference between maintaining computer security and suffering massive financial losses. All it takes is just one employee to click on a link in an email for your business to be vulnerable.

Here are a list of 5 red flags that point out a potential phishing email:

1. Poor spelling and grammar

The occasional typo happens to even the best of us, an email filled with errors (both in grammar and spelling) is a clear warning sign of a phishing attempt. Most companies push their email campaigns through multiple reviews where errors are fixed and the language is refined. Errors throughout the entire message indicate that the same level of care was not taken and therefore the message is more than likely fraudulent.

2. An offer too good to be true

Free items or a lottery win sound great, but does the offer comes out of nowhere and with no catch? Then there is definitely cause for concern. Take care not to get carried away with the message and don’t click without investigating further.

3. Random sender who knows too much

Spear phishing is when an email or offer is designed and crafted especially for your business. Culprits take personal details from your public channels (Facebook, Twitter, Linkedin and even offline documents such as annual company reports etc) and then use it against you. The only clues? The sender is unknown – they weren’t at the event or involved in any way. Take a moment to see if their story checks out. Even check the email address of the sender to confirm that it is correct and not just a similar sounding or looking address (see #4 below).

4. The URL or email address is not quite right

One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com] Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text then delete the email.

5. It asks for personal, financial or business details

Alarms should ring when a message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels (ie phone the person on their known number not one contained within the email).

While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that your business has the best protection available.

DP Computing can help secure your business and can even organise a fake phishing attack to see if further staff training is required. Give us a call to discuss how we can help you on 08 8326 4364 or support@dpcomputing.com.au.

Do You Have a Bad Case of Password Exhaustion?

Passwords

You’re not alone! Most people use the same password everywhere – home, work, Twitter, Facebook, email and even for banking. Considering how many passwords we use everyday and are expected to remember them, password exhaustion is a real thing. It is no wonder that when yet another prompt for a password appears, users enter very easily guessed combinations like ‘abcd’ or ‘password’.

Trouble is, even if your password conforms to strict password rules, hackers are taking regular strolls around the internet and collecting logins and passwords, from either leaked details or sites with security flaws.

Then, they will try their luck with that login/password combination on other sites. They know more than half the users only have only one password and email combination, so the chance of gaining access into another one of your accounts is quite high.

As the same password is used elsewhere, one site breach follows another and another until hackers have nothing more to gain. The only way to break this chain reaction is to use a different password for each site.

How to Create Easily Remembered Passwords

Have a system or template for creating your own unique passwords, that you’ll be able to remember, but is not obvious to hackers. For example:

<character><word><something about the site><numbers><character>

Becomes:

 !K1ttyFB75!

At first it might seem complicated, but the above is really just based around the words ‘kitty’ (with an upper case K and a number 1 for the i) and ‘FB’ for Facebook. For other sites change the FB to something else.

What to Do If Your Password Has Been Hacked

You can check to see if any of your accounts have been compromised by entering your email into a site like:

www.haveibeenpwned.com

If it alerts a breach, you will need to change your passwords immediately – all of them. Use the example system above to create a new set. If you’re struggling to remember your set of passwords, consider using a secure password tracker such as LastPass. (http://www.lastpass.com) or Keepass (https://keepass.info)

If you assistance changing your passwords or setting up a secure password system, let us know on (08) 8326 4364 and we will be more than happy to help you out.

Why Regular Security Assessments Should Be Your New Normal

Security AssesmentsBy now you know that improving your cyber security is just as important as improving your cash flow – both are essential to your success. While most businesses keep an eye on the financials, they tend to think cyber security is something they can ignore or just set and forget. Unfortunately, cybercriminals are constantly coming up with new methods of attack and the security you had in place yesterday may not be sufficient today.

Instead of reacting to breaches and taking on the costs of downtime, lost files and destroyed trust, a periodic security assessment can identify blind spots that place you at risk. Once you know about these issues, you can setup adequate protection before cybercriminals strike. It is best to use independent IT experts who can audit your security from an outside perspective, often seeing risks that you would otherwise miss.

Regulations change – Are you affected?

Many businesses need to comply with strict government regulations around the way they store, process and protect data. Their operating license depends on staying as secure as possible. All regulations require regular security assessments but they vary in scope and timeframe. As regulations change, so do the security assessment requirements. You can imagine how much stricter they are now compared to just 5 years ago. Our team can ensure your business is meeting the relevant regulations, diving deep to be certain you are safe.

Security patches and updates are vital

It’s so easy to fall behind on your security patches (both for software and hardware), after all, it seems like there’s a new update every week and each one takes precious time to apply. What we are seeing though, is that cybercriminals are targeting any business running up=patched hardware or software. If you are unpatched, you are an easy target and are inviting the bad guys in. When we conduct your security assessment, we take a look at your history and see if your business has a robust patch plan in place and make sure you are up to date. If there’s an issue that is placing you at risk we will find it.

Viruses are always evolving

Just like the human variety, computer viruses are constantly evolving to skip past anti-virus scans and do damage in new and interesting ways. Cybercriminals know people are more aware of the traditional infection methods like downloading an attachment or inserting an infected USB, so they’re getting more and more creative. Your security assessment doesn’t just include ticking that you have the latest anti-virus, it includes identifying where where your biggest vulnerabilities are. This type of precise awareness has a lasting impact on reducing your risks.

Your business may have changed

As your business has grown over the years your entire setup has changed. More employees, expanded remote access, additional vendors, other locations etc. With each change has come a new risk, particularly if your security has been growing around you. It might be your password policies that haven’t been updated since you began, or that you still have the old voicemail system even though phones are within easy reach of customers. This is perhaps one of the most useful areas a security assessment can help with, as you and your employees are accustomed to the business working in a certain way, whether that way leads to risk or not. Our experts will be able to see things from a different perspective, particularly as we make sure to think the same way a cybercriminal would.

What to do with your assessment results

While many experts might present you with a long list of problems and leave you feeling overwhelmed, our team ensures you have a benchmark for progress. You will know exactly what you need to do, what takes priority and how we can help. You will also know exactly what you’ve done well and where your security strengths lie. Employees will see how much you value security, which in turn helps to create a stable culture, and you’ll be able to report your commitment to customers, confirming they’re making the right choice by staying with you.

Book your security assessment today. Call us at 08 8326 4364 or support@dpcomputing.com.au.

Why Your Business Needs a Firewall With Unified Threat Management

Unified Threat Management - FirewallUnified Threat Management (UTM) is a special kind of firewall solution focused on proactive protection. Consider it like a team of virtual bodyguards that stand at the door between your business and the internet, keeping trouble out while your legitimate traffic can come and go normally.

With the increasing number of connected devices in your business network and the different ways your employees can now connect, it is more important than ever to set up dedicated security systems that give integrated protection. UTM is a series of solutions that work together, simultaneously layering your protection across the board. We’ll cover the four main inclusions here and show exactly what they can do for your business.

Robust Firewall

Put simply, a firewall keeps an eye on all the data coming in and out of your network and looks for anything abnormal. While every home PC comes with a software firewall built in, those ones pale in comparison to what a UTM firewall can do. Remember the team of virtual bodyguards? Imagine the home firewall asking nicely if the data should be doing that, while the UTM slams the data to the ground and demands answers. Its job it to make sure the data entering your network is safe, that it is not part of a cyber-attack, and that in the rare event your network becomes infected, your servers aren’t being used to attack another business.

Anti-virus Where it Matters

With so much new malware being released daily, it’s easy to fall behind in updates and discover you’ve been infected. Your employees are likely doing their best, but manually scanning each file can be exhausting and time-consuming. Your UTM anti-virus is built into the firewall, ensuring known or suspicious malware is stopped at the door removing any risk. Clearly that is the best outcome possible and will allow your employees to work at maximum efficiency, while you can run your business with confidence.

Spam Blocking

Most cyber-attacks come via email these days, with either an attachment or a link. Once clicked, the malware wreaks havoc in your network. Obviously, your employees are smart enough not to open random attachments/links, so hackers use phishing emails. These are emails that look legitimate and may refer to vendors you use, financial services you have accounts with or even seem to be from other employees. Your UTM strips down each email and checks it against high-tech legitimacy markers. If it sees anything suspicious, the email is marked as spam and either held for review or bounced away.

As the phoney emails are blocked, your employees never see the emails so they can’t accidentally open up the network for attack. While the UTM is monitoring for phishing/fake emails, it’s also culling out the general spam that clogs up inboxes. Employees will no longer have to spend precious minutes each day wading through the junk, and the likelihood of missing an important customer email has greatly dropped.

Content Filtering

In a perfect world, your employees would only access work-related sites and do work-related things online. Content filtering can help you limit the risk they’re bringing into your business via their Internet browsing. Your UTM can be set to restrict sites that infect computers, such as adult content, gambling or illegal downloads. It can also be used to restrict access to social media sites like Facebook, Twitter or Pinterest, either during work hours or completely. It’s up to your policies how much you’d like to filter and whether to add any flexibility. Some businesses allow social media during lunch breaks or have special reward hours each week. Simple tweaks like this can increase productivity overnight and give you the security you’re looking for.

You can see how a layered security solution like UTM provides a space for your business to thrive, where systems are secure, employees are able to maintain efficiency, and cyber problems stay outside the doors. The way the layers work together is more effective than a patchwork of separate systems, and a UTM is much easier to configure and maintain.

We can find the right UTM solution for your business. Call us today at 08 8326 4364 or support@dpcomputing.com.au!

How To Survive A Hard Disk Crash

How To Survive A Hard Disk CrashThere’s been a massive digitization within businesses but with that comes one gaping flaw – a hard drive crash could wipe out all your data in an instant. Nobody and no data is immune – accounts, quotes, documents, email etc. are ALL at risk.

If you’ve ever lost your data or had your computer stolen, you know the panic and rage that follows…turning your business upside down, hoping desperately to find that USB drive that might contain a backup of data…before collapsing onto the floor as it sinks in: it is all gone.

Currently your hard drive is probably still in a good shape but surprise failures do happen. The mechanics don’t last forever, and even brand-new drives can be blitzed by a power surge. Theft is always a risk, as is user error like deleting files accidentally, or even getting hit by a nasty virus that destroys or holds your files for ransom. Some businesses are using apps like Dropbox, iCloud or OneDrive as their backup, thinking if their hard drive crashes or gets stolen, they’ll just download the files from there. Unfortunately, those very handy apps are no help if you’ve been hit with ransomware. Almost instantly as the malware encrypts your local files, those sync apps upload the infected versions. Older, safe versions of the files no longer exist, as these apps are designed to give a constant mirror of your drive, not a proper backup.

Stop for a moment and think about what you’d lose right now if your hard drive failed. What’s on there? Accounts, orders, client details, financial records, tax info, photos, videos – your entire business. It’s not a feeling we would wish on anyone!

What You Can Do

Backing up at data used to be something only tech geeks did, but like everything cool, it has gone mainstream. We recommend at least a 3-2-1 approach: 3 copies of your data, with 2 local at your office and 1 offsite.

Typically, this means keeping your regular hard drive where your data is now, one copy of precious files on at least one (preferably 5 – one for each workday) backup USB drives, and one that automatically uploads to the secure cloud as you add new files. That way, the USB drives protects your data if your computer dies, and the cloud copy protects you if something happens to the computer and your USB drive, like fire, flood or theft. It’s a good idea to make sure you unplug that backup USB drive afterwards and lock it away in a fireproof safe or even better, taken offsite – as connected devices can easily become infected during an attack or stolen during a break-in.

Two of these methods require you to actually pay attention, which is where many businesses struggle. Not that it’s tricky, but unless you’re one of those cool geeks it’s pretty boring and not a high priority after a long day! That is why we recommend a cloud backup solution and also an automated local backup.

You’ll be able to retrieve files at will, without having to roll back your entire drive, and know your solution has caught even the smallest file change without you needing to flag or mark it in any way. Even better, because there is a copy in the cloud, you can access your secure backup from anywhere. So if the unfortunate happens (ie a fire or flood) and you can’t access your office at least you have your files safe backed up in the cloud.

We are able to get you set up with the perfect backup solution that meets your needs, both now and in case of emergency.

If you’re ready to protect your data before you lose it, give us a call at 08 8326 4364 or support@dpcomputing.com.au.

The True and Unexpected Costs of Being Hacked

Security BreechThere are the normal costs everyone associates with a computer breach, like employee downtime and the costs associated with getting your network and computers fixed. But really, most businesses that haven’t been hit with a security incident view it as more of an inconvenience than a bottom-line cost. For those businesses who have come out the other side though, it’s a very different story. They know from firsthand experience that the hidden and ongoing costs of a data breach can be crippling and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close down after a cyber-attack. Here are a few of the hard, but common cold hard realities of life after a hack.

Raiding the budget to reduce downtime

From the moment a cyber-attack compromises your system, things can get expensive, and the longer the attack goes, the more it costs. Latest statistics reveal most breaches aren’t identified for around 191 days and then it can take on average another 66 days to fix and contain the damage – during this time you are cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fees for IT professionals to fix everything up, the costs for new hardware and software to help prevent future incidents  and all the hours/days/weeks when your business is struggling with downtime, businesses will quickly exhaust any emergency funds they have.

The long arm of the law

Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. If medical data or legal files are leaked a particularly messy scenario may occur with fines coming from multiple sources.

New privacy laws also mean businesses are liable for large fines if they don’t disclose a data breach. Where this gets trickier is that the burden is on your business to know exactly what data has been stolen or illegally accessed, so that you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you will still need to hire an expert who can identify exactly data what the hackers took or accessed.

Customer retention measures

In a double crush to your bottom line, not only does your business bear the cost of fixing the hack and your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to spend more on advertising and public relations just to ensure they survive to fight another day.

The data breach disclosure may still come up in search results for many years to come. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.

All your secrets exposed

While you may not have high level secrets to protect, your business does have data that you would like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. While large corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret (databases, client info, financial records etc).

But simply avoiding a breach doesn’t cost much at all…

The thing is, it’s not expensive to stay on top of it all and keep your business protected. For a low monthly fee, we can reverse the entire scenario and secure your systems against the unknown. That means no need to raid other department budgets in a panic, pay crippling fines and make embarrassing public announcements.

DP Computing can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians implemented a firewall or UTM device to build a virtual fortress around your business that keeps the bad guys out while letting you thrive. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe.

Ready to secure your business against breaches? Give us a call on 08 8326 4364 or via email at support@dpcomputing.com.au.

Fake Invoice Attacks Are on the Rise – Here’s How to Spot Them

False Invoice Scam

Businesses around the world are being targeted with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most people. It is based on an old scam that used to see invoices faxed or mailed to the victims and now it has made its way into the digital world and instances are on the rise.

You may have already seen some of the less effective attempts – an email advising your domain is expiring (except it’s not from your host and your domain is nowhere near expiration) or others that describe a product or service you would never have purchased.

The new attacks though are much more advanced as they look completely legitimate and are often from contractors and suppliers you actually use. The logos are correct, spelling and grammar are spot on and they might even refer to actual work or products you regularly use. The senders name may also be the normal contact you deal with at that business as cyber criminals are able to ‘spoof’ real accounts and real people. While it is worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for.

Here are two types of invoice attacks you may receive:

1) The Payment Redirect

This style of fake invoice either explicitly states that the payment should be made to a certain account (perhaps with a friendly note listing the new details) or includes a payment link direct to a new account. Your accounts payable person believes they are doing the right thing by resolving the invoice without bothering you and unwittingly sends money to a third party. The problem may not be discovered until an invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cyber crime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

2) The Malware Link

Rather than an immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look exactly like the ones normally generated by popular accounting tools like Quickbooks, Xero or MYOB. Once your employee has clicked the link, malware is downloaded to your systems that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed (especially with new and undiscovered malware). If it does get through, the malware quickly embeds itself deep into your systems and often remains silent until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus, firewalls and spam filters up to date to minimize the risk of the emails getting through in the first place.

Secondly, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking the invoices against purchase orders, appointing a single administrator to restrict access to accounts or even two-factor authorization for payments. Simple preemptive checks like hovering the mouse over any links before clicking and quickly making sure it looks correct can also help. If anything looks off, hold back on payment / clicking until it has been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

We can help increase your security, talk to us today. Call us at 08 8326 4364 or on support@dpcomputing.com.au