Technological Advances Call for More Advanced Digital Security Measures

3d people - man person with a laptopBusiness technology changes every two years, and while we usually stay with the same provider Moore’s Law about doubling in speed while cutting the price in half is well known in business. Everyone is constantly looking for the best new product, amazing technological advances that provides better results and what we can get that will change our perception of business or improve the bottom line. We are always looking for better equipment, better tools, better technology and anything that will help us grow business.

Technology that provides better results are known to change the perception of business and improve the bottom line. That slight advantage can be critical in today’s business world. Unfortunately, we have the mindset to forget that there are digital criminals in our midst waiting for the right moment to strike. These people are prepared to use the best and latest technology available to compromise the technology of others and to attack anyone who is connected to the digital world. As criminals, they steal, bribe, sneak and compromise anyone or anything in order to get their hands on their new technology.

After those cyber criminals have access to that technology, they dismantle it and break it down so they can gain a better understanding of how it works. They also work toward understanding the manufacturer so they can make “hacks” and access the information or data of others. They work to find out what it can do, not just what the manufacturer thinks it can do. While you may not recognize it now, there is a distinguishable distinction between those two.

As an example, if it is software that is used by a large proportion of digital users, the thieves can get access to a SDK (software development kit) they will immediately take action to take it apart, see how it functions, see what has been overlooked and determine how they can utilise it for their own nefarious needs. After that hands-on research, they can easily discover ways to compromise the program.

We Can Make A Difference

By incorporating the fundamentals of high quality digital security, we can stop these thieves in their tracks. Examples are using passwords, patching, firewalls, AV and backups while some people just exhibit paranoia. The more that technology changes, those are the basics that give you a platform from which to work. With the continuing technological advances, we have to find a better way to improve digital security. By using the fundamentals, you will start to think outside the box and work to discover other solutions and more effective answers to challenge these criminal masterminds.

The fundamentals are the basis for your protection from those criminals that lurk in cyberspace just waiting to catch you with your guard down. As users of technology, we need to take a stand and work to find the right security solutions to protect our equipment, our data and all of our information. By staying up to date on the advances and the latest security digital security options available, you can take a step in the right direction by blocking out digital thieves who are waiting to disrupt your business.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

17 reasons why we should be listening to the digital security expert

The same way that we listen to accountants, solicitors and motor mechanics, the digital security expert has an important role to play in supporting your organisation.

Digital security is becoming one of the most important areas of modern business.

For some reason we believe technology in business is easy.  So easy in fact, that we just install it and forget about it.

Anyone can do it.

Like other professions what you do and what you can do are total opposites.  An accountant, for instance, can make you more money by legally changing your tax requirements, or a solicitor can get you a reduced fine or jail sentence better than you could if you were representing yourself.

So a digital security expert can make your organisation more secure because they have studied business and technology, but more importantly they have a better understanding of what the bad guys are doing.

Here are 17 ways that a digital security expert can make your organisation more secure:

  1. They study the bad guys – being a digital security expert is not about selling the next best thing (if there is such a thing).   Being a digital security expert is more about understanding your enemy.   The more you study the cybercriminal the better you get at predicting their next move and being able to be one step ahead.
  2. They keep abreast of what the bad guys are doing  – digital security experts use the same world that the cybercriminal uses to perpetrate their trade.   They are in the dark web, watching, recording and documenting what the bad guys are going to do next.
  3. They understand business requirements  – what most people do not understand is that the digital security expert has to understand business.   They have to understand marketing, management and cash flow.   They need this information to ensure the recommendations that they give to their clients will not impact their business, or have minimal impact on the way business functions.
  4. They understand technology  – in most cases a digital security expert is at the same level of technology understanding that the bad guys are.   To ensure that your business is not vulnerable to a cyber-attack they have to know the technology to ensure it is safe.
  5. There is no such thing as being too small to be a target  – if you have a digital footprint,(yes we all have one) no matter how small, then you are automatically a target of cybercrime.   If you have a smart device, an email address or an Internet connection then you are a target.
  6. There is no such thing as 100% secure  – against popular belief, there is no such thing as being totally secure.   The digital world is ever changing, so are the tactics, strategies and targets of the cybercriminal.   There is always someone else out there who knows that little bit more.
  7. Everyone is a target  – if you have a smart device – you are a target.   If you have an email address – you are a target.   if you have a web site – you are a target.   The larger your digital footprint the bigger the target you are.  The more your footprint will be targeted by the automated systems that are sold by the criminal gangs.
  8. Technology is not the only answer  – there are four components of being secure in the digital world.   Technology is one of them.   The other three are management, adaptability and compliance.   All four components together make a more secure environment than just technology alone.
  9. People are your best defence  – your staff and users can be either your best Defence or your biggest problem.   If you educate them with proper digital hygiene then you will not only get them to protect themselves but also the flow on effect is that they protect your organisation.
  10. Complex, unique and long passwords are good for business  – we all hate these.   To access the digital world we need a username and password combination.   The more we rely on the digital world the more important these components are.   All passwords should always be complex (letters, numbers, symbols, capitals), more than 8 characters long and they have to be unique for each site.  That’s pretty easy isn’t it?
  11. Penetration testing will prove you have it right  – penetration testing is one of the best ways to test your defences.   Penetration testing should also be carried out across all components of the business.   From websites, to cloud Infrastructure, from social media to smart devices.   A contracted penetration tester should have carte Blanche across the whole network.   You are not on a witch hunt or targeting the IT department, you are finding holes in your organisation and finding ways to resolve the risks before you are compromised or hacked by the bad guy.
  12. Think when using social media  – social media is great.   It is also one of the best systems used for social engineering by the bad guys.   Information that is posted to social media sites is there forever.   Educate your staff about the dangers of social media.   Put a social media process in place to ensure that trade secrets and intellectual property is not posted out there, and each post is checked before going live.   In the heated exchange of a social media discussion, think before posting.
  13. Get paranoid  – paranoia is the understanding that everyone is against you.   In the digital world this is truer than our normal world.   Does that make you paranoid? Not really but having the understanding that everyone in the digital world is out to get you makes you more secure.
  14. Use common sense  – everyone remembers the old Nigerian Prince scam, people are still getting caught by it.   There are a number of things to remember on the digital world – if it is free then it is not (you always have to give something to get something), if it’s free it could be infected with malware, if it’s free somewhere along the line you will have to pay a lot more than what you expected.   Using common sense to make that decision is critical.
  15. Email is a broadcast medium – We often forget that although email is targeted, sent specifically to individuals or groups of people, it can go astray.   It could be sent to the wrong person via the email fields being filled in automatically.   Email can also be forwarded, printed and scanned, sent to people who it was not intended.   Like all types of communication be careful with email.
  16. Digital security is a whole of business endeavor  – we are constantly told that digital security is an IT problem.   No it’s not, it is a whole of business endeavor.   Everyone and every department has an impact and input on the digital security of the organisation.
  17. Have a mantra  – I have a mantra “digital security is my problem”. What that means is that I take personal responsibility for protecting myself and protecting others.   The more people who change their attitude to this mantra the more secure your organisation will be

A digital security expert can and will make your business more secure and like any other profession, what they bring to the table is well above normal expectations.   Like accountants and solicitors their expertise can save you substantial amounts of money, sleepless nights and angst, just by them doing their job.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME digital security framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.

 

10 things that any business can do to fight the insider threat – cybersecurity

protect your business informationWe have all heard about the threat to an organisation that a staff member can do.   From having stealing critical information, running an embezzlement scheme or just being a pain in the ass, an insider threat can cripple an organisation in a minimum amount of time.

So what can you do to protect yourself from an employee going rogue?

Background checks

It is critically important, in today’s business world that you make sure you are getting the person that appears on paper.   So after the basic weeding out process and before the offer of the interview you need to check the truth behind the resume.   In most cases, a quick check of references and a look at social media will give you an inkling into a person’s character, capability and attitude.   If there are no obvious contradictions then it is safe to proceed to the next level.   (You could also use a psychology test as supplied by www.thewhitehousereport.com.au)

In addition to this when someone leaves, cancel their access as soon as possible.   Relationships can sour and it is best that when someone has left that they no longer have access to any part of the organisation.

This is doubly important, if you are firing someone.   Before you go through the actual process of firing them make sure they have no access to your systems.

Acceptable use

The insider can quite easily steal your time and money by not actually doing anything illegal.   Staff members who spend a lot of time on social media, especially when they are supposed to be working can have a detrimental effect on not only the business but also on staff morale.

Make sure that you have policies in place that specifies what people can and cannot do with business assets.

Least privileges

Staff members should only have access to information that they need access to do their jobs.   In the case of small and medium business, you have to make a conscious decision that you cannot trust everyone.   By not trusting everyone you are actually protecting your business.   The larger the organisation the more need there is to separate working areas and capability.

Administrator privilege

In any Organisation there should be only a minimal number of administrators.   In most areas there is a need to ensure that staff and users only have access to what they need to do the job.   The administrator account should not be used except for administration.   It should never be associated with an email or webmail account.

All administrators should have separate logins to do normal work.   This reduces the risk of being compromised as well as ensuring that only minimal access to the administration of the business.

Separation of duties

In a really small organisation this is very hard to do but in larger Organisations there should be an action process to spend money from credit cards and bank accounts.   There should be a separation to ensure that one person is not authorizing and acquitting invoices and payments.

Job rotation

There are 2 reasons for this.   It allows you to build resilience into the business because a backup person has access to the processes that the business needs in an emergency.   The second reason is it allows for training of personnel in the roles and as an audit.

Mandatory holidays

Everyone needs to go on holiday.   In most cases 2 – 4 weeks is mandatory.   It allows for recharging batteries as well as protecting the organisation from someone going rogue.

Auditing

Most if not all accounting packages have an auditing feature.   This feature needs to be running at all times to ensure that you can check all transactions occurring within the organisation.

Auditing can also be employed to track other components of the business including information being passed through email, cloud based technologies and cloud based storage.

Data loss prevention technologies

There are number of software packages and hardware systems that allow you to monitor and manage information leaving your organisation.   From restricting USB devices, to cloud storage systems are available to ensure that your trade secrets are not leaving your organisation.

End point protection

This last point is more a solution to one of your people getting infected through malware.   If you have done all of the other nine point’s then malware will have little impact on the organisation if it does get past the end point protection systems.

In addition there should always be 2 levels of end point protection – at the firewall and on the devices, preferably using different vendors.   If malware gets past one it may not get past the second.

These 10 Ideas will ensure that your organisation is better protected from an attack from an employee or staff member.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.

Onion protection system – critical data, layer protection from any point of access

bigstock-Businessman-jumping-a-hurdle-36831797The problem with today’s digital security is not that most systems can be accessed or hacked with programs and systems bought straight from the cyber criminals.   Most Organisations understand that.

We still have to make it as hard as possible to break in, with secure front facing systems, anti-virus, strong passwords, best practice and patching.   But digital security is only as good as the weakest link.

By understanding your business infrastructure, your risk components, your data requirements and who has access to it you can make it very hard for a hacker who has managed to compromise that weakness to get anything out.

No matter the size, all Organisations need to do a risk management plan.   They need to create a blueprint of what data is important, how it will be protected, who has access to it and who can move it around.   This plan then allows management to base cohesive risk strategies around that data.

This risk management plan will also show, how that information will be protected.   Will the more important data have more complex systems around it.   Will the infrastructure have to evolve from a flat network to a more complex levelled network with internal firewalls and complex processes.   Will the data be removed from single sign on capabilities to a more complex system of protection?

Balancing convenience and security will be the major problems in the protection of your data.

All of these questions need to be answered before your organisation becomes another Internet statistic.

Managed Service or outsourcing for the small Business!

It’s about time you put your Sales person back to work!

EngineerMany small and medium business and not for profit Organisations (SME) are too small to have a full time ICT person.   When this happens, these organisations have three choices.

All for one and one for all

Not have anyone do the job and just for everyone to look after themselves.   This may sound stupid but this is what happens when a very small business doesn’t understand the technological requirements of the business.   They are quite happy to use only 5% of their digital expertise and equipment to do their job.

Use someone on staff as the “go to” person who “knows computers”

In a large number of Organisations there is someone who knowns computers and is in turn delegated to the role of IT manager.   The delegated person may be there because they have an aptitude for ICT or they have made their own computer or in most cases they are gamers and that’s because gamers know business.

There are three problems with this:

  • They may know computers, have built them or played with them in their own time but in today’s digital world there is a vast difference between someone who knows computers and someone who is TRAINED in computers and technology.
  • The second one is a soft skills problem.   Small businesses have limited resources, and those limited resources have to be utilised to the best of the Organisations abilities.       In some places you have accounts people – both inbound and outbound, or you have sales and marketing person, they are employed to do that specific job within the organisation.       If they are also the computer guy then the original skills and resources will no longer be utilised to the best of their ability.   I.E. If they are the sales person how many months will you allow them to not meet their sales targets because they were fixing computers.
  • The computer person focussed more and more on the IT of the business and less on their original job requirement.   The more fun they have with fixing computer problems the less they like doing their original work – have you got someone like that in your organisation.

Get a professional to manage your computers.

In most small Organisations the resources are not in the budget to allow for a single person to manage the IT so the business has two options:

  • Hire a part timer, someone who will come in when something is broken and stay until it is fixed.   This can create monumental cash flow problems.   In addition, this solution will not give you the in-depth knowledge that every organisation needs in today’s digital world.       Yes they could fix a computer problem, a printer problem or even a server problem, but will they know how to use the cloud for the business, know what is needed to secure the organisation against the bad guys, know what apps or mobile devices are going to make your business more profitable using today’s technology?
  • The second alternative is to get a service level agreement with a MANGED service provider (MSP).   A MSP will monitor your network 24/7, give you access to a helpdesk system, fix problems remotely or on site, deliver monthly Management reports to you and be a proactive force, catching small things before they have a major impact on your business.   In most cases a MSP is a single monthly cost depending on your organisation size, your requirements and the MSP you are talking to.

Computers and the digital world are the mainstay of business in today’s world.   Get it right and the benefits can be stunning but get it wrong and the detrimental impact can be just as devastating.

 

Why we use Fortinet Products

Recommending products to clients is always a tricky proposition.  When most of us hear someone suggest we spend a lot of our own money, we tend to think, “that’s easy for you to say.”  That’s doubly true if there are cheaper alternatives out there.  In our line of work, we often have to recommend business security systems to our clients.  They’re usually not for profit organisations and small to medium businesses who have little excess money to spend, and we have to justify every recommendation.  Nevertheless, we try to persuade them to use Fortigage products—here’s why.

The managed services process starts with implementing some inexpensive recommendations.  This allows us to get the basics right.  Those basics include policies, procedures and processes: creating a disaster recovery, business continuity process and business resilience.  And in some cases, we need to change the culture through training and awareness programs. 

But none of these improvements can provide their full benefit without a state-of-the-art internet connection device.  That’s where clients sometimes balk at the cost.  It may seem like we’re pushing certain products, but we’re just looking out for the customer’s best interest.  Fortinet and the Fortigate products have the best return on investment of any security vendor on the market

Over six years of working with Fortinet, we have found that they have the best and most inexpensive enterprise-ready systems available for businesses.  There is a vast leap in technology from a modem/router that is purchased from a retail store to the modem/router made by a high-end security vendor like Cisco and Juniper but the fortigate products are as easy to set up and as good as the high end systems that are available. 

Why am I saying this?  Well, with a Fortigate router, we can do so much more with your business at the cyber protection level than we ever could before. 

Let’s take Facebook, for instance.  Most businesses and organisations use Facebook as a marketing tool, so certain people need access to it during working hours—but does everyone?  Using simple rules, you can restrict users who don’t work with social media.  Or maybe you want your staff marketing through Facebook, but not wasting time on Farmville.  With other settings you can also make that happen.  But you don’t want to seem like an ogre—you want to allow full access to Facebook over lunch.  Once again, a simple addition of a rule can do that.

A single Fortigate device can manage applications that precisely.  in addition to that, the standard Fortigate system using its UTM (Unified Threat Management) system comes with next-generation firewall capabilities, VPN Connection, web filtering, intrusion detection, malware protection, and a level of anti-SPAM.  It can also come with a high-end wireless system that is independent of the main network. 

Since all these functions are now combined in one connection device, you need to ensure that that your business will not suffer.  Fortigate supplies a four-hour replacement warranty, but in addition to that we also keep spares ready to go into a site at a moments notice.

Using Forticlient (a free AV product for PC, MAC, IPhone and Android) you can protect all of your devices, but when it’s combined with a Fortigate appliance you can use it to manage, monitor, and enforce your business policies on all connection devices in the system. 

You don’t have to believe Fortinet’s own hype; all of their systems hold their own when independently tested against others in their class.  In a number of cases—Forticlient AV, for instance—the product has proven better than most of the independent AV providers.

So the reason we use Fortinet products is threefold:

·         They have the best integrated product

·         Their support is top-quality

·         They have the best return on investment (ROI) of all other security vendors

I know—it’s easy for me to say.  But if you’re serious about security, you might want to consider Fortinet.

Can we help you and your business to a more stable and profitable business environment – A MSP can!

Most Businesses have an ICT investment of about 7% GDP  this can equate to a significant investment for any business.   Reducing that by just 1% can greatly increase your bottom line.   Most small and medium businesses and not for profit organisation need to find ways to increase profitability, reduce costs and use innovation to benefit the bottom line.  To do that the organisation needs to look at a number of available services and capabilities especially those supplied by external contractors.

The business drivers for reducing cost in all available areas of a business can be daunting so the use of a managed service provider could be beneficial to your business.

The managed services provider (MSP) should be able to do the following for a SME or not for profit organisation.

Reduce waste

By making sure that a business does not have duplicated systems, using virtualisation and increasing the capability and requirements of the in place infrastructure.   An MSP should bring considerable waste reduction to a enterprise with recommendation for better ICT infrastructure and the ability to change capital expenditure to operation expenses.

This alone will improve the organisations bottom line because the business is only paying for systems it is utilising to do business while not paying for large capital investments that put sever strain on the businesses cash flow.

[easy_contact_forms fid=3]

Increase productivity

Just like the old days where the just in time principle applied to mechanical spares, today’s business can leverage a similar capability.   The just in time principle relied on having spares in store when they were required and not eating money and storage on items that may not be used or may never be used.

When this principle is applied to today’s business it allows a enterprise to have the flexibility to add and remove storage, CPU cycles, RAM and business capability as required.   This comes from utilising cloud based systems, virtualisation of servers and desktops and the integration of BYOD into the business environment.

Increase business

Today’s business world needs to have the ability and agility to add and remove capability when required.   The ability can then be translated into your business requirements.   This allows your ICT infrastructure to be project based and deliver on those projects.   The creation and addition of required systems that can be shut down and removed on the completion of a project makes for a more flexible business environment.

It allows management and business to increase profits based on the business ideas.   No longer does a business have to expend capital to increase the capability of the business.   The use of a MSP allows for further savings for a business.   They will have the required expertise and capability on staff to allow the business to utilise them without have to increase the business spend on hardware, software, staff and training.

Enhance business agility

A good managed service provider will allow your business to be more agile in the work place.   This agility comes from the ability for the business to see opportunities and to leverage the ICT requirements to face and conquer that opportunity.

This allows the business to go off in tangents, creating better and more agile business processes and to work into newer and more versatile business environments.   An agile business can change its business direction, make profit, see further opportunities in the change and continue to change and morph to suit the business available.   This can be done with minimal changes to the ICT requirements.   Not having to put on more technical staff, more equipment or more resources makes the business more agile but by increasing your monthly cost makes for a better way to see the cost associated with your business requirements.

Enhance cyber resilience

The catch phrase of the new business world is to enforce security for all components of the business.   From the introduction of RFID to using SSL and TLS to secure information at rest as well as in transit.

Once again the MSP world can help you by knowing what your business requires to protect that critical business information.   From front facing firewalls to security access and business auditing the MSP can help secure your business data with a limited increase in the basic cost of doing business.

A Managed Security Service Provider (MSSP) can be an additional business resource with  a huge impact on the capability of the business with additional business processes and policies to enforce your business stability.

Its about the support

Most MSP’s are in the business of business support.   Yes, they are in the business to make money but most of them are looking to support small and medium business and not for profit organisations properly.   By  making sure that there is a flat fee for the technical support helps both the supported business as well as the supporting business.

The supported business knows exactly what they are going to get and how much it will cost per month.  The supporting company knows exactly how much they are going to receive and can budget and allocate resources based on their clients.   The supporting company can also allow its staff to meet stringent training and qualification requirements so that the support is always of the highest caliber.

Unlike the large support companies, IBM, Dell or IDS, most MSP’s are looking to make a profit but not at the detrimental of a really good business relationship based on mutual growth and respect.   This drives the requirements of both businesses.

To gain that respect they will often give more that they take.   From the technical support requirements to training staff in password etiquette, from disaster recovery to cloud computing advice a MSSP or MSP will make your business hum.

If you want someone to help make your business hum then contact us on this form.

[easy_contact_forms fid=3]

Protecting mobile devices here are four ideas!

The proliferation of the BYOD and business supplied devices makes it very easy to loose any of them.   Whether they are lost or stolen the final outcome is the same.   To make sure that your business is protected you need to make sure that they are protected at all times.

Keep it safe

This in the physical protection of your device.   Most mobile devices are accidentally lost or stolen at places where you have to relinquish normal levels of control over the device.   Most user will keep them safe but there are times when that personal protection is overcome by a lapse in thought.

To make sure that the device is safe then you need to make sure that you manage your level of oversight.   In places where you have to go though security, where you think it would be safe to not be watching your device is invariably where it will happen.   Keep your eyes on your device at all times when going through a security check.   Do not leave your device at a table when you go to get another cup of coffee.   Always keep it close to your person in crowded areas.

Keep it encrypted

The critical business information if it is on your tablet, phone or laptop should be encrypted.   This ensures that the loss of the device will not endanger your business.

Most businesses do not encrypt data because it is an extra level of inconvenience for the users, but the loss of this critical information will have a detrimental effect on your business if lost or stolen.

Keep it separated

In the world of BYOD you are often in the situation where the line between business and home blur.   If possible keep the two separated.   That can be done in a number of ways, different accounts and passwords for mail, separate business by using RDP or VDI so there is a definitive separation between work and home.

Keep people informed

This is critical, if your device is lost or stolen then you need to inform the authorities as soon as possible.   If the item was insured you will need to complete a police report.   If there was business information on the device then you need to ensure that that critical information is reported to the owner.

There are a number of systems available that will allow you to track your lost piece of kit and will also allow you to wipe it remotely if lost or stolen.   Do not hesitate to do this if you know it is stolen, the faster this system is activated the better will be the chance that business information has not been compromised.

So by keeping the device safe, keeping the information encrypted, keeping business and home information separated and keeping everyone informed you will have a better understanding of your business protections and how they apply to your mobile devices.

Why do big ICT companies have no idea of the requirements of not for profit organisations?

One of my clients recently received a proposal from a large ICT company based in Canberra that I found very interesting.

We manage a large number of not for profit organisations in the canberra and ACT area of Australia.   Our clients range from 3 users up to 50 users and 80% of them are not for profit organisations.   We are no means the cheapest managed services provider in the ACT but, I believe, we are one of the best and we deliver exceptional value for money with our blended managed service solutions.

I am not saying that to brag but our repour with our clients and our capability to deliver high level business and ICT support have given us glowing testimonials and references.   Why I am saying that is we deliver great value for money to those not for profit organisations based in Canberra.

One of our best features is that we go out of our way to deliver the best solution for businesses with little money to invest In their IT infrastructure.   We do not deliver sub standard and we always deliver over what we have promised, furthermore if we quote a price that is how much they pay.   We have NEVER gone back to a client and said it is going to cost more than we quoted so they have to pay more.

So to get to the crux of this article.   We were recently privy to a proposal from a large ICT company.    Our client is a large national charity that is separated into sub groups, individual locations and they all have separate budgets.   Like all not for profit organisations all of the money that they raise goes back into their cause.   They do not spend money outside their cause without some serious consideration.   Everything they do is for their cause

This group has a database system that creates reports that are used to justify government spending, the system tracks their business processes and is used to manage their staff and clients.   This system was purchased and installed  across the whole of the organisation for under $10,000.00.   One of the idiosyncrasies with the organisation is that although they are the same organisation they like to keep everything they do as separate and separated as possible.

Each of the areas of this national not for profit are so protective of their own little piece of Australia that they have their own boards and management structure, their own ICT support and their own way of delivering their benefits to the local community.   The only standard is the way they report to the government.   The ICT support for individual areas is delivered either internally or as a managed service, in most cases as a donation or at seriously reduced costs.

If you had this understanding of the not for profit organisation you would know that to approach them with a $150,000.00 initial cost and $17,000 per month proposal would be totally ludicrous.  Furthermore it shows that you have no understanding of the systems and politics of the organisation as well as showing a lack respect for their cause.   Maybe it was the sales team just putting the proposal out there, but a lot of work went into it.

So at a sales level it is a total fail, but at a technology level it is also a total fail. Not for profit organisations are looking to improve their technology but not at a cost and detriment to their cause.   In most cases they will invest in a solution as long as it fits certain criteria.   Like any organisation they are not looking for cheap, but they are looking for value for money, improved functionality and better ways of doing business so that the savings can be reinvested in the cause.   This proposal fails at both of these levels.

Who is going to keep australia safe online?

Small and medium business and not for profit organizations (SMB) are becoming an easier target than previously understood when it comes to cybercrime. One of the largest problems for these businesses to understand is that they are a very easy target because of their size.

SMB’s do not have the resources or the financial support to spend large amounts of time and money on the protection of their business.   This lack of investment means that they have a “just enough is good enough” attitude to the security of their business, this I am afraid, is false economy.   No matter what the business, the theft of money, clients and / or Intellectual property will have a detrimental effect on the business if not actually putting it out of business.

The introduction of IPv6 in the near future will make the protection of SMB business that much harder.   IPv6 is the next transmission protocol for the Internet and although it is understood by most technical people the basic understanding of the protocol is lost on 99% of the Internet user population.

The introduction of IPv6 as a transmission protocol will make it so much harder to protect your business and your users from the Internet.   The introduction that HAS to be done, IPv4 has already run out of addresses, is being delayed partly because of the security implications of the new protocol.

I really hate it when i have to put calculations into a post, but the primary difference of the transmission protocols is the number of addresses IPv4 has 2 to the power of 32 ( 2 x 2 x 2 (32 times) where IPv6 has 2 to the power of 128 (number of stars in the galaxy plus a couple of billion).

The address pool is huge, but the management of that address pool is going to require some serious computing power and management.   Is that management going to fall on government, industry or someone who is neutral?

I am not going to go into all of the difference but some of them are profound and will have major implications for all users but it will have the biggest effect on Government Departments, defence systems and business infrastructure.   From a technical point of view it will be a vast improvement and some believe that it will speed up the Internet but the down side is also profound.

Security is going to be a major problem.  The proliferation of attack vectors, spyware, malware, viruses and SPAM will mean that SMB’s will be under constant attack.   Is that protection going to fall directly on the shoulders of business to find more expensive or prohibitive security systems, processes and compliance requirements or is there going to be some level of Government  intervention.

I am sorry but I do not have the answer to that question and at the moment, to tell you the truth, I don’t believe that anyone else has either.   Hopefully the powers that be will have an answer in the near future, definitely prior to the global switch, so that everyone is playing on the same field.