A one man band, why you should worry about cybercrime?

3D Small People - AngryThis post is addressed to all of those small business, the businesses who have an email account, a laptop, an accounting package, a couple of smart phones and tablets and a desire to utilise them to their best.   So I am talking to Tradies, Mom and Pop businesses, small sub-contracting businesses and micro businesses.

Welcome to the digital world and it is nothing like the real world.   The digital world can be and is a very dangerous place.   The criminals only have to get their attack right once to win.   We have to protect ourselves and your information all the time.

Most cybercrime attacks in the digital world use malware to target all connections to the internet through automated systems.   These automated systems make up 85% of attacks and they are happening all of the time.     18 computers/devices get compromised every second through these automated systems and although they may not have anything of importance on them the actual hardware can be used to target others on the Internet.   This in the long run costs you money in traffic or reputation.

Here is the best way to protect yourself:

 Passwords

Every password that you use has to have the following features.

  • They have to be more than 8 characters long,
  • use numbers, letters and symbols and
  • have to be unique for every web site or location that you need a password.
  • Your email account is the keys to your kingdom, if you lose access to it then you are in very big trouble.

Using cloud technology

Cloud technology has come a long way in the last 3 years.   In a business sense we can now do a large amount, if not all, of our business in the cloud.   From cloud based CRM for client management to accounting software for billing and invoicing.   From web based email to project management for managing projects they are all there in the cloud.

The good thing about the cloud is that most of the products are accessed through a web browser and can be accesses from any system that has browser capability.   Although the underlying platforms security is managed by the vendor it is the user’s responsibility to have a secure password to ensure that no one else can access the information.

Bank accounts and credit cards.

There are so many ways that a criminal can gain access to your bank accounts.   A key logger through a virus or malware.   A RAT (remote access Trojan) that can actually take over your digital device and do whatever it is programmed to do.

But the bank accounts are not the only problem.   Pay wave is becoming a target for criminals, to a level where an RFID scanner can access your credit card, in your wallet, from 30 feet away.

End point protection

All devices that have a connection to the Internet have to have some sort of personal protection.   You can go with a licensed copy of an anti-virus or you can go with a free system, no matter what they have to be protected at all times.   We recommend the free AV – Forticlient as it does most of things that you need.

In addition to real time protection you also need to to a regular scan of the whole system.

Patching

How annoying is it when the system comes up and tells you that it has updates to apply.   This is a good thing.   The systems are updating code that has been found to have errors or inaccuracies in it that will allow an attacker to gain full control of your machine, phone or tablet.   These errors are what malicious code targets through viruses and worms.

All systems use subsystems like Java and Adobe and these are also regularly updated by their manufacturers.

Backing up / business continuity

Even when you think that nothing can go wrong, that when something does.   Having all your information in the cloud, email, accounts, CRM or project management, what happens if you can no longer access your information?   How long will your business last without email, or the ability to invoice clients.

This is why some level of backup, disaster recovery and business continuity is required.   Thinking through to a point where if this happened what will my business look like, how will it work is very important for the everyday operations of the business.

When it comes to cyber and digital security, what happens if you get a virus from an email on your laptop, or visit a website and get a malware infection on your smart device?   Where is a copy of your schedule, or your contacts?   This is why you need some level of backup.

Paranoia and awareness

Have I instilled a little bit of paranoia in you yet.   To tell you the truth, that is good.   On the Internet everyone is targeting you, so in fact you are not actually paranoid, just being very aware.

Small operations have enough to worry about when it comes to business.   By being aware that cybercrime is a legitimate threat to that business is important.   Being aware of the problem means you will make additional decisions based on those threats.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.

Why we use Fortinet Products

Recommending products to clients is always a tricky proposition.  When most of us hear someone suggest we spend a lot of our own money, we tend to think, “that’s easy for you to say.”  That’s doubly true if there are cheaper alternatives out there.  In our line of work, we often have to recommend business security systems to our clients.  They’re usually not for profit organisations and small to medium businesses who have little excess money to spend, and we have to justify every recommendation.  Nevertheless, we try to persuade them to use Fortigage products—here’s why.

The managed services process starts with implementing some inexpensive recommendations.  This allows us to get the basics right.  Those basics include policies, procedures and processes: creating a disaster recovery, business continuity process and business resilience.  And in some cases, we need to change the culture through training and awareness programs. 

But none of these improvements can provide their full benefit without a state-of-the-art internet connection device.  That’s where clients sometimes balk at the cost.  It may seem like we’re pushing certain products, but we’re just looking out for the customer’s best interest.  Fortinet and the Fortigate products have the best return on investment of any security vendor on the market

Over six years of working with Fortinet, we have found that they have the best and most inexpensive enterprise-ready systems available for businesses.  There is a vast leap in technology from a modem/router that is purchased from a retail store to the modem/router made by a high-end security vendor like Cisco and Juniper but the fortigate products are as easy to set up and as good as the high end systems that are available. 

Why am I saying this?  Well, with a Fortigate router, we can do so much more with your business at the cyber protection level than we ever could before. 

Let’s take Facebook, for instance.  Most businesses and organisations use Facebook as a marketing tool, so certain people need access to it during working hours—but does everyone?  Using simple rules, you can restrict users who don’t work with social media.  Or maybe you want your staff marketing through Facebook, but not wasting time on Farmville.  With other settings you can also make that happen.  But you don’t want to seem like an ogre—you want to allow full access to Facebook over lunch.  Once again, a simple addition of a rule can do that.

A single Fortigate device can manage applications that precisely.  in addition to that, the standard Fortigate system using its UTM (Unified Threat Management) system comes with next-generation firewall capabilities, VPN Connection, web filtering, intrusion detection, malware protection, and a level of anti-SPAM.  It can also come with a high-end wireless system that is independent of the main network. 

Since all these functions are now combined in one connection device, you need to ensure that that your business will not suffer.  Fortigate supplies a four-hour replacement warranty, but in addition to that we also keep spares ready to go into a site at a moments notice.

Using Forticlient (a free AV product for PC, MAC, IPhone and Android) you can protect all of your devices, but when it’s combined with a Fortigate appliance you can use it to manage, monitor, and enforce your business policies on all connection devices in the system. 

You don’t have to believe Fortinet’s own hype; all of their systems hold their own when independently tested against others in their class.  In a number of cases—Forticlient AV, for instance—the product has proven better than most of the independent AV providers.

So the reason we use Fortinet products is threefold:

·         They have the best integrated product

·         Their support is top-quality

·         They have the best return on investment (ROI) of all other security vendors

I know—it’s easy for me to say.  But if you’re serious about security, you might want to consider Fortinet.

Communication is the key to Cyber Security

Communication inside a business is not a 140 character tweet, or a comment on Facebook.  Communication is what you do within your business to make it work better.

One thing I have noticed in my role to educate the public in business security and the framework needed to be secure, is the fact that ICT and business do not talk.   Not at the level that is needed to create a secure business.

Sounds like a broad statement but in most cases it is very true.   The more I look after my clients, as well as doing contract work with larger departments and organisations, the more this reality is noticeable.   There is a fine line between over commitment and generating a constant barrage of information and no information at all.   Most businesses are at the no information at all stage.

I have some thoughts on what both an IT manager, CIO, CEO and a managed services provider can do.

For a small or medium business and not for profit organisation employing an external source to manage their system is becoming the norm.   These suppliers can do so much for their clients as part of their business model.

I believe that communication is the best way to build the culture within a business and it always has to come from the top, whether it is management or owner.

Most businesses and organisations do not have regular meetings or a regular email / letter update within the business.   This is an opportunity lost.   Whether it is keeping the staff informed, talking to shareholders and stakeholders through external means or talking to prospects in general on the website there is so much that business can talk about.

I know one of the major problems is that people do not know or want to write things down.   It is very hard to put information into some form of written process, I have this problem with getting people to produce content for web sites so I can understand how difficult it can be.

Once started it is relatively easy to keep going, like most things you just have to have a will to START.  An internal email to your staff every Friday, praising an employee, setting internal goals, discussing problems and informing them of progress is a very good place to start.   The next question is where do you incorporate the security information.

As a start, look at your internal security policy, start a discussion on social media, teach people how to create complicated passwords.   Explaining how and why something is working is also of great business to your organisation.   You can even make it competitive, award prizes, look at increasing the knowledge within the business.

The good thing about security information is that it can be recycled.   Not too regularly but within reason, once every 10 or 15 comments interspace with new information is good.

You can also beg borrow and steal from the Internet, improve on others information, make it better to suit your industry or business.   All relatively easy to do but it will have a marked effect on your business.

So there you have it, communication, a way to keep your universe in touch.   In some cases you may even find it easy to do.   The interaction between communication and internal security cannot be over emphasised.   The important fact is that you are educating your staff which will make them mode secure but will carry through to your business making it more secure as well.

Build a ICT support package for your business

Business technical support, whether it is in house or outsourced, is a management headache.   Today’s business and tomorrow’s future business is all based on digital information.   That is not the problem, the problem lies in all of the systems that your business requires to do business.

From producing documents and spreadsheets to contact information for clients to sales information all the way through to management and protection, you have systems that have to be managed by someone.   That management and how you pay for it is going to be critical to your future and the future of the business.

I could throw a large amount of buzz words around here, cloud, virtualisation, BYOD, and the like but these are just the technology.   They are the media for you to do business.

The most important components of your ICT are resilience – the ability to react to change, culture – the get up and go of your business and finally management – how you get things done and why you do it that way.   The only way to protect this Intellectual Property is with a management and ICT system that is transparent to your business.

To make management decisions you need to see what is happening with the technology, your business has to be transparent to you.     You can do this in house with your own ICT support team and the inherent cost that come with it or you can out source it.   By outsourcing your ICT, two things happen, you get better trained IT technicians and you get a flat monthly management fee with no hidden or unforeseen costs.

You also reduce your ancillary costs within the business.   No more super, no more extra desks, seating and offices, no more replacing staff after you have trained them up because they have had better offers.   What you do get is trained ICT people, access to knowledge that your business needs to compete in your business environment and NO ADDITIONAL COSTS.

If you want some information, talk to a ICT outsource company, a Managed Services Provider and get the correct information concerning your business.    Their MSP plans should deliver Trouble Free Technology to your business.

Business continuity is not just backup and redundancy

Contingency Planning mind mapIn all SME’s there is always the fight over business continuity, disaster recovery and business resilience.   The usual arguments are based around cost and what you actually get for your money.

One of the areas that is seldom though about is historical data.   If something happens how can you roll back that database, get a copy of that old deleted email or a copy of a very important spread sheet from 6 weeks ago or more difficultly 6 months ago.

Some disaster recovery systems are only based on duplicating the data to an off site location, it is normally a regular process of writing over the old just so that the organisation has an up to date copy of the data.   Copying data to a USB drive or an external Hard drive is great if all you are interested in is the ability to recover if the building burns down.

This fails when someone has been using the test database to input real data, where the financial information has been compromised and you need to go back and dissect the information from old backups or you have been infected with a virus and do not know when it started.   When that happens, that off site DR copy is not going to help.

Not every SME does this but there is a high proportion that do not have a way to look at old information or have the capability to bring it back into the business.   Without this capability your business could suffer substantially.   A busy office, doing 200 transactions a day, rebuilding the accounting information could take days to resolve, not the type of problem that a business would like to face.

That is when you need a proper back up system, one that takes regular snap shots of your data and keeps that information in a different back up stream.

There are a number of product in the market that does this but all of them have a cost.   Just get one that suits your business,

Can we help you and your business to a more stable and profitable business environment – A MSP can!

Most Businesses have an ICT investment of about 7% GDP  this can equate to a significant investment for any business.   Reducing that by just 1% can greatly increase your bottom line.   Most small and medium businesses and not for profit organisation need to find ways to increase profitability, reduce costs and use innovation to benefit the bottom line.  To do that the organisation needs to look at a number of available services and capabilities especially those supplied by external contractors.

The business drivers for reducing cost in all available areas of a business can be daunting so the use of a managed service provider could be beneficial to your business.

The managed services provider (MSP) should be able to do the following for a SME or not for profit organisation.

Reduce waste

By making sure that a business does not have duplicated systems, using virtualisation and increasing the capability and requirements of the in place infrastructure.   An MSP should bring considerable waste reduction to a enterprise with recommendation for better ICT infrastructure and the ability to change capital expenditure to operation expenses.

This alone will improve the organisations bottom line because the business is only paying for systems it is utilising to do business while not paying for large capital investments that put sever strain on the businesses cash flow.

[easy_contact_forms fid=3]

Increase productivity

Just like the old days where the just in time principle applied to mechanical spares, today’s business can leverage a similar capability.   The just in time principle relied on having spares in store when they were required and not eating money and storage on items that may not be used or may never be used.

When this principle is applied to today’s business it allows a enterprise to have the flexibility to add and remove storage, CPU cycles, RAM and business capability as required.   This comes from utilising cloud based systems, virtualisation of servers and desktops and the integration of BYOD into the business environment.

Increase business

Today’s business world needs to have the ability and agility to add and remove capability when required.   The ability can then be translated into your business requirements.   This allows your ICT infrastructure to be project based and deliver on those projects.   The creation and addition of required systems that can be shut down and removed on the completion of a project makes for a more flexible business environment.

It allows management and business to increase profits based on the business ideas.   No longer does a business have to expend capital to increase the capability of the business.   The use of a MSP allows for further savings for a business.   They will have the required expertise and capability on staff to allow the business to utilise them without have to increase the business spend on hardware, software, staff and training.

Enhance business agility

A good managed service provider will allow your business to be more agile in the work place.   This agility comes from the ability for the business to see opportunities and to leverage the ICT requirements to face and conquer that opportunity.

This allows the business to go off in tangents, creating better and more agile business processes and to work into newer and more versatile business environments.   An agile business can change its business direction, make profit, see further opportunities in the change and continue to change and morph to suit the business available.   This can be done with minimal changes to the ICT requirements.   Not having to put on more technical staff, more equipment or more resources makes the business more agile but by increasing your monthly cost makes for a better way to see the cost associated with your business requirements.

Enhance cyber resilience

The catch phrase of the new business world is to enforce security for all components of the business.   From the introduction of RFID to using SSL and TLS to secure information at rest as well as in transit.

Once again the MSP world can help you by knowing what your business requires to protect that critical business information.   From front facing firewalls to security access and business auditing the MSP can help secure your business data with a limited increase in the basic cost of doing business.

A Managed Security Service Provider (MSSP) can be an additional business resource with  a huge impact on the capability of the business with additional business processes and policies to enforce your business stability.

Its about the support

Most MSP’s are in the business of business support.   Yes, they are in the business to make money but most of them are looking to support small and medium business and not for profit organisations properly.   By  making sure that there is a flat fee for the technical support helps both the supported business as well as the supporting business.

The supported business knows exactly what they are going to get and how much it will cost per month.  The supporting company knows exactly how much they are going to receive and can budget and allocate resources based on their clients.   The supporting company can also allow its staff to meet stringent training and qualification requirements so that the support is always of the highest caliber.

Unlike the large support companies, IBM, Dell or IDS, most MSP’s are looking to make a profit but not at the detrimental of a really good business relationship based on mutual growth and respect.   This drives the requirements of both businesses.

To gain that respect they will often give more that they take.   From the technical support requirements to training staff in password etiquette, from disaster recovery to cloud computing advice a MSSP or MSP will make your business hum.

If you want someone to help make your business hum then contact us on this form.

[easy_contact_forms fid=3]

A couple of tips for Internet banking security

I believe that the numbers for internet banking are in the high 90% of all banks in Australia.   Most people and businesses have access to their bank through either computers, laptops, tablets or smart phones and most banks now have a secure application that can be downloaded.

With all of this access most people forget how much of an impact it would have if someone stole all,of your money.   Here are a couple of ideas that you can use to create a little more security around your banking access.

Audit your own access – some banks have a system whereas every time that you access your bank account you receive either an email or message.   This shows that your account has been accessed.   Most people would access their bank once a day and this is a good way to keep track of each of those accesses.   If you receive an email or message about access and it wasn’t you then you can get onto the bank straight away.

Banking that has a third access process are more secure – some banks have a system where you need a user name, password and a third component to access your account.   This third component is usually a 4 diget number that is generated so that it is different every 5 minutes or so.   This added complexity to access your account makes it harder for criminals to access your account.

Update your software / operating system regularly – because you are accessing your bank account from either your computer or a mobile device you need to make sure that you have the most secure systems available.   Make sure that you apply updates regularly.

Do not access your account from free wireless connections – I know that free wireless is great but because there is no encryption between your mobile device and the wireless point then anyone with the right equipment can capture your username and password and therefore access your account. M free wireless where you are given a access code are OK.

Regularly scan your computer with a decent end point protection system – every system, no matter how careful you are, can be infected with a virus, spyware or malware.   To make sure that you are not infected to a regular scan of your device for these types of problems.

Use complicated passwords (alpha numerical and punctuation like – The easy way to create complicated passwords) – this can be hard because some credit unions use passwords consisting of just numbers, but this is changing.   Use a complicated password, longer than 7 characters, no real words and different from any other password.   Do not write  it down.

Change passwords regularly – I know of people who have had the same bank password since the account was activated.   This is not good.

If you think about your banking details – they are critical to your well being.   Just ask someone who has been hacked.   Most banks will cover a certified breach and theft but the violation that occurs when it happens if not the best feeling in the world.

Why do big ICT companies have no idea of the requirements of not for profit organisations?

One of my clients recently received a proposal from a large ICT company based in Canberra that I found very interesting.

We manage a large number of not for profit organisations in the canberra and ACT area of Australia.   Our clients range from 3 users up to 50 users and 80% of them are not for profit organisations.   We are no means the cheapest managed services provider in the ACT but, I believe, we are one of the best and we deliver exceptional value for money with our blended managed service solutions.

I am not saying that to brag but our repour with our clients and our capability to deliver high level business and ICT support have given us glowing testimonials and references.   Why I am saying that is we deliver great value for money to those not for profit organisations based in Canberra.

One of our best features is that we go out of our way to deliver the best solution for businesses with little money to invest In their IT infrastructure.   We do not deliver sub standard and we always deliver over what we have promised, furthermore if we quote a price that is how much they pay.   We have NEVER gone back to a client and said it is going to cost more than we quoted so they have to pay more.

So to get to the crux of this article.   We were recently privy to a proposal from a large ICT company.    Our client is a large national charity that is separated into sub groups, individual locations and they all have separate budgets.   Like all not for profit organisations all of the money that they raise goes back into their cause.   They do not spend money outside their cause without some serious consideration.   Everything they do is for their cause

This group has a database system that creates reports that are used to justify government spending, the system tracks their business processes and is used to manage their staff and clients.   This system was purchased and installed  across the whole of the organisation for under $10,000.00.   One of the idiosyncrasies with the organisation is that although they are the same organisation they like to keep everything they do as separate and separated as possible.

Each of the areas of this national not for profit are so protective of their own little piece of Australia that they have their own boards and management structure, their own ICT support and their own way of delivering their benefits to the local community.   The only standard is the way they report to the government.   The ICT support for individual areas is delivered either internally or as a managed service, in most cases as a donation or at seriously reduced costs.

If you had this understanding of the not for profit organisation you would know that to approach them with a $150,000.00 initial cost and $17,000 per month proposal would be totally ludicrous.  Furthermore it shows that you have no understanding of the systems and politics of the organisation as well as showing a lack respect for their cause.   Maybe it was the sales team just putting the proposal out there, but a lot of work went into it.

So at a sales level it is a total fail, but at a technology level it is also a total fail. Not for profit organisations are looking to improve their technology but not at a cost and detriment to their cause.   In most cases they will invest in a solution as long as it fits certain criteria.   Like any organisation they are not looking for cheap, but they are looking for value for money, improved functionality and better ways of doing business so that the savings can be reinvested in the cause.   This proposal fails at both of these levels.

Just relying on security technology can damage your business!

Man standing with laptop and wifi antennaNearly every day you hear about another security threat spreading across the internet. As a small or medium business, or a not for profit organisation (SME) how vulnerable are you to these threats?

SME’s are connecting to the internet in record numbers to support improved and greater market opportunities, to increase productivity and to strengthen communications with staff, management, customers and suppliers. The problem is, the more you open your network and business to the internet the more your confidential business information and data is at risk.

So you think you are too small to be a target?

Think again, if you use Microsoft software then you are a target by default. Microsoft is not bad but it has the largest market share, therefore any released virus, worm or application created by a hacker can achieve more with less. These programs spread rapidly and inflict damage on a global scale and you, as an SME can be caught in their net.

Security threats are constantly emerging and evolving, the job of securing your business information becomes all consuming. Little jobs take time – updating and checking anti-virus, patching and updating operating systems and applications, checking firewalls with renewed rules and policies are a critical requirement of your business risk analysis.

They still have to be done regularly.

The importance of checking these components in a timely manner cannot be underestimated. Consider the cost in lost productivity, reputation and non-compliance penalties that a breach could visit on your business. Effective security can be costly, time consuming and difficult for SME’s to implement successfully. Skilled security people are often difficult to find and cost prohibitive to have on staff. As a result the job often falls on the technologically savvy staff member who is already snowed under with other ICT matters or their own job to implement security features properly.

Today’s security threats are business size neutral. They leave a SME with the same security challenges as large corporations. The trouble is that SME’s do not have the depth of resources to handle them. This is where a Managed Services Security Providers (MSSP) can be of benefit to your business.

What are the benefits to your business of outsourcing your security?

You can focus on your core business

Outsourcing allows all of your staff to concentrate on revenue generating business initiatives instead of computer, security and infrastructure issues. Having limited IT resources on staff takes business resources away from your core business.

Reduced Cost

Outsourcing security sources provides your business with access to “big business” security protection at an affordable price. The expense is more cost effective than hiring or contracting a security expert and the consistent monthly billing helps ensure security services that you need are available without unforseen hassles and expenses. An integrated and comprehensive solution that can help reduce the expenses of maintenance, upgrades and add on security solutions is a benefit to any business.

24 X 7 (always available) expert security staff.

You’re on staff, in house expert is normally available only during working hours. In most cases your outsourced Security Company can act as an always available security and ICT management department. They can also provide your business with access to an internet security expert without incurring the cost of hiring, training and retaining highly skilled staff.

Gain Customised Service

All MSSP’s have service plans and you can select the service plan that will fit your requirements.

Receive up-to-date protection

Technical security solutions such as firewalls, antivirus software, content filtering solutions, and virtual private networks (VPNs) are far more effective when they are maintained regularly with the latest system updates. Changes to your business resilience and regulatory requirements can also have a detrimental effect on your business stability.

Why R & I ICT Consulting Services is right for you!

How do you know you are getting what you paid for?

  1. Company reputation – see what our clients are saying about us. We have references and referees that you can ask.
  2. Plans and services – we have a comprehensive assortment of plans and services depending on your business requirements and size.
  3. Service Level Agreement – all of our plans and services have a service level agreement incorporated into them so that you know what will be delivered in protecting your business.
  4. Guarantee – We guarantee all of our technicians work with a 100% money back guarantee. We also stick to any pricing that we put forward to you. All projects are priced on a per project basis so that no matter how long it takes it will not cost you anymore. No more “time and materials” projects based on how long is a piece of string that have costs blowing out uncontrollably.
  5. Monthly Reports – we supply monthly reports that are delivered with your next month invoice. We like to prove how much we have done for your business in the last month.

 

Stop talking about “cloud computing strategy” there really is no such thing!

bigstock-Thinking-man-Detailed-vector--25171361For the third time in 2 weeks I have been privy to conversations concerning a businesses cloud computing strategy.

In all cases it has been an interesting conversation concerning the storage and movement of data to cloud computing, without an overriding reason for the process.

The problem I am seeing is that, in all cases, the businesses had lost the original focus of their requirements.

They should be looking at the complete ICT strategy for the business with a cloud computing component not just a single component of that strategy.

The cloud offers opportunity for the IT department to deliver better outcomes for a business, it offers a better price point for storage and in most cases delivers other cost effective business outcomes.   In itself the utilisation of cloud computing technology will make changes to how a business does business.

It usually moves the IT department away from the high usage, labour intensive and costly processes that are part and parcel of business IT to a more sustainable and cost effective system.

But it is not the only strategy that you should be looking at.   Just because you are moving some of your businesses processes to the cloud does not mean that you neglect the rest of the business ICT requirements.

Cloud computing and storage is still only one facet of the business ICT requirements and that should be remembered at all times.