(Video) Why is Patch Management so Important to Cybersecurity

Today I’d like to talk to you about why patch management is so important to the cybersecurity of your business. And it’s not only your business. It’s also in your own personal connection to the digital world.

Patch management is something that’s really been pushed in the last couple years, because a couple of years ago, they found that things like malicious software, viruses, Trojans, worms, were targeting software that hadn’t been repaired. And that’s what a patch does. It repairs the application or the operating system or the BIOS for instance.

Now this is why it is so important that you have a patch management plan in small- and medium-businesses and not-for-profit organizations.

That patch management plan makes sure that if X has released a patch, might be a Microsoft patch, for a specific problem that they have discovered or someone has told them that they have got a problem, they will rectify that problem and release it as a patch.

And yes, we all know those patches are really annoying, cause they come up when you’re logging on or off or you they want to shut down the computer and restart. But it’s a damn sight better than getting hit with a virus or malicious software.

But patch management also has other components. Patch management in a small business is making sure that all the iPads are up to date, or all the Android phones are up to date and all the applications that people are using on those iPads, iPhones, and Androids are also up to date.

Because most of the viruses that are coming out now look and feel and target specific vulnerabilities in things like Java and Adobe and any other system that is integrated into how we do business nowadays.

So that is why patch management is really important for your business. It’s to make sure that when you go forward that your operating system and your applications cannot be targeted by a virus.

If you need to know more information about patch management, please contact us. We’ll quite happily help you work out a system of doing it.

(Video) How can a Managed Service Provider (MSP) make your business more competitive?

I’d like to talk to you about how you as a small or medium business or a not-for-profit organization can increase your business competitiveness.

Most of us when we get to the stage that we’ve started a new business and we now get to the point we’re employing 5-6 people, we look for an office to go into, and we’ve got an IT person that is happy to do that role, we suddenly realize that we’ve got 5-6 different platforms that we’re using.

You might have someone on who only likes Apple, or someone who only wants to use Windows 7 or Windows 8. Or we haven’t gotten around to buying a server. Do we go to a server? Do we go to a cloud? That type of environment, and those types of questions are really important for a small business going forward.

Now, if you didn’t know the correct questions to ask, then what you get out of the answers is not going to help you very much. And this is where a managed service provider really comes into the game.

Because they will sit down with your small- to medium-sized business and they will do a business and risk analysis on your business to find out where you want to go, how you want to get there, and then they will find the technology that suits your business.

If you’ve got 9 people in your office and 8 of them are on the road at all times, then you are going to need some way for them to connect and work together. And that connecting and working together is very critical to your business, because that’s the business model you’re using.

So from a small business perspective, when you’re talking to a managed service provider, you can sit there and go, this is what I want to do. This is where we are. I want to add another 5 staff by the end of the year.

I want to look at outsourcing some of my components. Where are you going to outsource them to? What components are you going to outsource? That whole plan is what a managed service provider will help you do.

So if you want to increase your business competitiveness, then talk to an MSP. An MSP will actually sit there and talk to you about how you can take your business forward and what you can do to make it more competitive.

In most cases, and most MSPs that I know, if you give them a ring and say, “we need to have someone come out and have a talk to us,” they will quite happily come out and talk to you. And most of the advice they give will be free advice.

So how to increase your business competitiveness? Talk to an MSP. Thank you very much!

(Video) What can a Virtual Chief Digital Officer (V CDO) do for your organisation?

I’d like to talk to you about the role of the Chief Digital Officer in your business.

Now most small- to medium-businesses and not-for-profit organizations cannot afford to have a Chief Digital Officer inside their business.

You’re probably asking what will a CDO do for me? Well a CDO will actually take all of the components to your business and find out what direction you are going in, what is good technology and what is not good technology for your business, and it doesn’t necessarily mean that we’re going to put everything in the cloud.

But the CDO is also anything to do with the digital world. He has the knowledge about it. So you want to use Facebook. Okay, not a problem. How are you going to use it? What are you going to use it for? How are you going to get your message out there?

That is also part of the role of a CDO. But as I said, they’re an expensive commodity in a small business. So how do you get all of that information and expertise without paying an arm and a leg and sending your business broke?

Well, when it comes to the Virtual CDO, you can have access to that information by employing someone who will come in an hour a month, an hour a week, an hour every two weeks, and sit down with the management team and work out what you need to do for your business.

And what digital components will reinforce that message, to make sure that when you are looking at how you’re going to get, that the information is not going to get cul-de-sac’d, or that information is not going to be bad for you, or in some cases, the information that you’re playing with needs to have some other components to make it really beneficial for your business.

And that is the role of the CDO. And a virtual CDO will come in, talk to management teams, talk to Board members, and find out exactly what direction your business needs to go in and how you want to do it and how much it will cost to do it.

And if it’s going to cost an arm and a leg again, then how are we going to grab it back to make it cost effective.

Now a virtual CDO, what we do as a role in our managed services is you get that for free as part of a service level agreement we put in place having one of our high-end technical experts come to your office. And none of that gobbledygook. They are based in applying technology to business to make it work.

So if you need to have someone who can come in and have a look at your business and find out where your business needs to go and what you need to do and put it in place, then a virtual CDO is what you need.

Thank you very much

(Video) Why a managed (Security) Service Provider (MSP, MSSP) allows you to focus on your CORE Business

I’d like to talk to you about Managed Services and how they allow you to focus on your CORE business.

What do I mean by that?

Most people have a specific focus for their business, whether it’s making widgets, accounting, or a legal service.   Anything that you do as a business is your core business.

That core business, makes you money.   It’s what you focus your marketing and advertising on, and your sales and your internal processes.

In today’s technology world, most small businesses have a person on staff who looks after your technology.  They are the “computer person.”  And they spend a lot of time being the “computer person.” Because they are the “computer person,” when it breaks, someone yells, they go and fix it.

So they’re coming away from their business role and your core business to fix the problems so others can do their jobs.

What happens when they are in a situation where they are no longer doing their normal job?

As we all know, the moment you have something that you like to do, then being the sales and marketing person is no longer important and being the computer person gets a lot of focus.

The number of computer components that you have in a small business start to grow as you get bigger. That small computer person who’s looking after your computer systems starts to take on a bigger and bigger role. In addition to that if something should happen to them, you no longer have someone

  1. a) As the go-to person for all internal computer problems, but
  2. b) You can no longer focus on your core business because you’ve got to get other people in to fix the problem that this person use to rectify.

So when it comes to this type of situation, we have to make sure that you focus on your core business. If you’re not focusing on your core business, then you need to know where the technical support will come from.

Your core business might be an accounting practice. Your requirement maybe different versions of an accounting system. An accounting system needs people to install it, needs people to manage it. As an accountant, they have to have different versions, because all of their clients have different versions, they also will need to have different accounting systems.

All of that information is all tied up in one person. He wins the lottery and goes off and lives on a beach or gets hit by a bus and all that critical business information about your technology is no longer available. You now have a situation where nobody else knows the systems. Yes, people, individuals know all about the little bit of area they work, he might work in Arrow, he might work in MYOB he might work in QuickBooks, but there’s no overall system that’s in place to make sure everything is going to work.

This is where a managed services provider (MSP) come into the picture. As an MSP their priority is to document the network and to make sure that not just one person has control over the systems in place. Through that one control, it is then split over the number of people in the managed services role.

In addition, they have the expertise. They have the expertise to make sure that that information is, as I said, documented. This is how you install X. This is how you install Y. This is where the databases have to be. This is why you need to have a backup system in place. When they do a backup, these are the components that need to be in place.

That information is critical to your business. And once again, that is where a MSP comes in. Now if you want someone to come out and have a look at your business, please contact us. Thank you.

(Video) The part time person on staff who knows computers V’s the external Managed Services expert!

When it comes to managed services, there are two components, and two ways that a Managed Service Provider looks after your business.

  • You have an internal person who actually know a bit about IT and they know about computers or they play games.
  • And then we’ve got the external expertise. These are the people who are part of a business whose sole purpose is to look after information technology for other businesses.

When it comes to the internal people, there are a number of problems with having people on staff. One, it costs you a lot of money, especially if you’ve got a dedicated IT person.

A dedicated IT person, jack of all trades, can cost you anywhere from $70-150K. Not many small businesses under 20 people can afford that cost. On top of that, they are going to be doing everything.

They are going to be:

  • fixing computer problems,
  • printer problems,
  • setting up firewalls,
  • setting up servers,
  • setting up policies,
  • putting policies in place,
  • working on business continuity,
  • Doing disaster recovery plans.
  • All of this stuff for one person is one difficult.

Yes, they could be the most competent person in the world. But I can guarantee, if they can do all that, they won’t be working for you very long. They will move into a managed service environment where they can specialize in an area that they are really focused on.

When it comes to external expertise, you don’t have to worry about that, because you know that if you’ve got a backup and restore problem, then an expert in backup and restore will come and have a look at it. Or, you have a problem with your printers. And someone who knows printers will come and have a look at it, or remote in and fix it.

These people are what you really need to make your business go forward, because they are the technical expertise that allows you to use your business to do what it needs to do.

To make sure that you, the driving force behind the business, doesn’t have to worry about your IT. The managed service provider are the experts. They are the CIO, the CDO, the IT manager, any component that you need to ask questions about, they will know what to do.

And a good managed service provider will make sure that the external expertise that you require as a business to go forward are in place and ready.

(Video) Why is Your website a target of hackers

Why your website is a target of hackers. And we’re being very loose with the term hacker, because there are a number of different variations of people out there in the digital world who are deemed as “hackers.”

We’ve got three types really.

  • The main one and probably the most common one is the script kiddy. Now the script kiddy is the wannabe. The 14-year-old teenager who sits in the back room on a computer and thinks he’s a hacker. They download an application from the internet from a very unsavory site. They install it on their computer, which then makes them part of a bigger system to attack other people. And then they quite happily go off and target people on the internet.
  • The second is the hacktivist. Now hacktivists are people who can be the teenager, but they are also interested in pushing their own particular wheelbarrow. They are only interested in defacing websites or compromising people or finding out information about people. They are in a situation where they don’t want to break anything. Some of they do. But they are more interested in raising awareness about what they are interested in.
  • The third one is the true full-blown hacker. Now these are the guys, and there are probably .001% of the people who consider themselves hackers who are actually in it for the money. They are in it to disrupt and compromise things as much as possible.

So what are these people all after? It doesn’t really matter what they are from a script kiddy to a hacker to a hacktivist.

Why do we have websites?

Well, in most people’s eyes, and this is thinking from the last 5 years, a website is somewhere someone can come to your little piece of your digital world and get information about who you are, what you are, what you do, what you have to sell.

The second part of a website is a blogging website, where the content is changing all the time. You are putting videos up, you’re doing blogs. You’re getting your message out to the real world and getting other people to associate with you, join your tribe, get people interested in what you’re doing.

And the last part of having a website is as an e-commerce platform, so you can sell stuff.   You can get people interested in your product through the blogging. They come to your website, and they will then purchase something.

We know what the cost of a website is. The cost of a website is only part of the equation. We are looking at protecting not only the www component of your website, but if you’ve got a hosting platform where you’re using C-panel, then you have to make sure that doesn’t get compromised either.

You’re trying to make sure that logging onto that digital location is really secure.

So what are the bad guys, the hackers after?

Well primarily and only one of the large number of components, they’re after money. They’re after your money, they’re after other people’s money, and they’re access to money. So credit card details is one of their biggest targets. So if you’ve got an e-commerce site that takes credit card details, you have to make sure that they’re not collected in a way that they can be used by other people.

They are also after intellectual property / trade secrets. There was a company in 2010 who made metal detectors, and they used them to detect metal. One of their salesmen went to China, logged onto a free Wi-Fi, and had his laptop compromised, and they stole the blueprints to the metal detector..

The people who stole the blueprints, sold it to another company.   They started building replicated metal detectors, and from there they then undercut the original price. The funny thing was that the original makers of the detectors didn’t realize they’d been compromised until some of the replicas created by other manufacturers started coming in as warranty issues.

But more importantly, the hackers are after your visitors. You’ve done all the hard work, you have used your SEO or payperclick money to attract people and they are quite happily coming to your site regularly.   If your website is infected then they can compromise all those people.

So how do they get access to your website?

Well in the first case, they do a scan of the digital world. Remember those script kiddies, they are going to find out you’ve got a connection to it, whether it’s on your website, your office or your office 365, but they are going to find out what your connection is.

All that information then becomes critical to what they do next. How about a little social engineering? They then associate your website with your Facebook, Twitter, LinkedIn accounts, any of your social media platforms that you’re using. Now they can see exactly what you’re doing, who your people are and what your products are.

So you’re actually doing some of the hard work that the hackers need done by having all of that information out there.

I’m not saying you can’t have it out there. I’m saying you have to be very careful about what you put out there.

And then from that, they see if they can compromise your website.

Now compromising your website is the hard part of the whole process. The above process are all easy, they’re all done automatically. The next step is to come up with a plan of attack. That usually involves cross-site scripting or malware.

How are we going to go about protecting ourselves from these people who are targeting our websites? Well, one of the big things you can do and one of the main things you can do is you have complicated user names and passwords. And they are not only complicated but they are unique. They have to be 9 characters long. They have to have alphanumerical symbols. Everything that you can think of.

When you install a website through some of the hosting platforms, like the WordPress system, the first thing it does when you press the button that says install, it says it needs a username for the admin account. Your admin account is literally the keys to your kingdom. And a lot of people just go admin, password blank. So what you’ve done on the internet is give all of those hackers access to your site without you even doing anything in particular.

The script kiddies don’t have to do anything because they first thing they’re going to do with their automated systems is try admin blank, or admin password, admin 12345.

So instead of using admin, you use _29_admin41.

Yes, you have to remember that’s the name of it. But, and then you use a complicated password, a really complicated password, 9 characters long, to make sure that people cannot get in there.

The next thing you have to do for your website, and one of the most important things is you have to make sure that all of the small applications on the website are up to date. If they plug into j-script, or they have a Java component, they need to be updated and patched to make sure that a) they’ve got the most secure version and b) they’ve got the newest version.

You know that your passwords are in place, and all your systems including the actual underlining system like C-Panel itself, or WordPress are all updated.

Getting down to the nitty gritty of the website, most people have comments automatically enabled. If you want comments coming through, or if you flip the comments through to your social media, but if you want comments on your blog site, then you have to make sure that people who are coming to your site to put on the comments are leaving their username, creating a username, creating a password, and leaving an email address that you can then verify.

The fourth component of what you need to do is if you are logging on to your system, you have to make sure that you’re logging on through a secure connection. Used to be SSL. It’s now TSL. SSL is a method of encryption, which is not as secure as TSL, but it still works.

The fifth thing you need to do is no matter what happens, you need to back it up. You never know when your hosting platform is going to have a fire and burn to the ground. What are you going to do if that happens? Are you in a situation where you can build your website straight up and down on another platform?

Or if you don’t like the platform you’re on, and you want to move it to another place. You have to have a backup of it. Otherwise there’s a lot of work involved.

One thing that people don’t do is they don’t visit their site regularly. And I’m talking 1-2x a week, 1-2x a day, but no less than 1x a fortnight. Because you never know when these have to be applied. You never know whether someone’s left a comment, unless it’s emailing you as well. But if you’re visiting it regularly, and you can see what is happening, then you know that the look and feel of the website that you’ve produced is going to stay the same. And it’s very important you see it as regular as possible.

Getting down to the security component of what we’re talking about, most websites do not have a way of informing you that people have logged on or that something has happened or there’s no regular scan of PHP or of SQL. Now this is a module that goes onto WordPress. I’ll talk about WordPress here, but they have got modules that work with HTML and a number of the others CMS systems.

This module is very important. For one, it tells you when people log on, from where they’re logging on and if people have failed to log on. So if these people are trying admin, you’re going to get a message, or a consolidated message every day about these people who have been trying to access your site.

But Securi has two more things. They have a one-click secure system. So you install this plug-in on your website, and when you hit the secure one-click, it locks all of the PHP down, it changes some of the permissions to a level where things are still going to work, but they’re a lot more secure.

And if you really want to be secure, and you start to look at other components like e-commerce and gateways, then you need to start looking at a proxy gateway. Now a proxy gateway will cost $20-$40-$60 a month. If you’ve got a regular website that is getting accessed every 2-3 hours, 10-20-30x a day, as a small business, you need to start thinking about what these people are doing and how they’re getting to your website.

A proxy gateway creates your www request coming into the gateway and then getting physical forwarded to your hosting site. Now, what that does is it makes this part of your website very secure. Because they’ve got to come through this gateway before they can get to your site.

This site if it gets compromised, not a big deal, because there’s no information on that site or that area of the gateway. But is it going to allow the system to be compromised?

So instead of affecting this, trying to affect that, nothing happens. So they’re always in the situation where this information is going backwards and forward, and that is under SSL or TSL. So it’s all secure. And you then know that your site is going to be relatively secure. And that makes it a lot better for your website itself and for your own peace of mind.

So as I said, they are out there. The cyber criminals are targeting you not because you have something they want, but because you are connected to the internet, and that is really important. It’s a big message to get across. The fact that although you may think you don’t have anything worth stealing, or you’re too small to be a target, or it’ll never happen to us, with the script keys and the hacktivists and the real life hackers targeting your website just because you are on the internet makes you a target.

So you have to make sure that although you are a target, you try to take yourself away by putting in a few initial systems that will protect you.

Now if you go to our website at the bottom of this page, there is a security website checklist. Just download it, leave your first name and your email address, and you can see – and this will give you an idea of where your website is and what you need to do to protect it.

If you have any problems, please drop me an email at support@RNIConsulting.com.au.

Thank you very much for your time.