Get the most out of your I.T. infrastructure without a physical server

Posted by Kaylene Giff on 9 February 2021

If your business operates from the cloud, you will likely not have a server on premises.  This means your laptop, PC's, tablets and/or personal devices become the front-line interface to the internet and core business applications. 

 

To ensure optimal productivity and security, it is recommended businesses adapt a 'fleet management' regime, including:

  • Managing the age of hardware by replacing devices based on a planned lifecycle
  • Implement a managed services system capable of monitoring all devices remotely
  • Scheduled maintenance of devices
  • Personal data (desktop, documents, downloads etc) is synchronised/backed up to the cloud
  • Regularly updated antivirus
  • Regular cybersecurity check-ups

Such a 'fleet management' regime should be adapted because PC's and other devices become more vulnerable and less efficient with age (3 years maximum is recommended) meaning your business becomes more susceptible to downtime or lower productivity due to:

  • Hardware failure
  • Slower machines or reduced processer capacity
  • Higher exposure to cybersecurity incidents

 

Because your devices are now the only defence between your data and hackers obtaining unauthorised access, it is even more important to keep your hardware updated and protected.

 

A significant point to note is that all recent PC's and laptops have a Solid State Drive (SSD); there are great advantages including faster and more efficient processing and less chance of corruption. However, there is little warning that a SSD will fail or arrive at it's end of life and it is common that data will be corrupted or lost completely if a SSD reaches capacity or fails.

 

While on the subject of hardware, there are growing preferences for tablets, such as the Microsoft Surface Pro. Modern tablets offer the same specifications and capabilities as a larger workstation yet is compact and able to be taken anywhere the user goes. It is also just as easy to connect it in to a docking station and interact as you would normally at a desk computer.

 

Contact us to discuss your requirements for protecting your business from downtime or if you would like to learn more about our Surface Pro bundles.

 

Vulnerability Scans - Isolate the weak security points in your IT systems

Posted by Michael Trimblett on 18 January 2021

A Vulnerability Scan is a relatively simple way to test your IT systems risk to scams, theft or sabotage. It's an application that, when applied correctly and with the right advice, is an extremely efficient and effective strategy for SMB's.

With the cloud becoming the norm, your user-interface and other systems and devices become your frontline cyber-security guards by default. Therefore, it is now more imperative than ever to ensure you are 'sure and secure'.

A Vulnerability Scanner is an application that can:

  • Identify and create an inventory of all your systems (including desktops, laptops, tablets, servers if you still have one, virtual devices, personal devices, firewalls, switches, wi-fi and printers) connected to a network.
  • Identify all operating systems and the software installed, along with other attributes such as open ports and user accounts.
  • Attempt to log in to systems using default, standard issue or common credentials.
  • Check each item in the inventory against selected databases of known vulnerabilities

Apart from having an effective inventory of items in your IT systems, the outcome from the scan is a calculated risk list of vulnerabilities for each and every part of your system.

With the right advice and consultation from a knowledgeable source like Loyal IT, you can then prioritise which vulnerabilities need to be explored and how they should be mitigated.

As a point of interest for small to medium sized businesses that no longer have a server (and utilise 'the cloud'), one of the most effective risk mitigation strategies is to have an effective hardware management regime, a little bit like a vehicle fleet management regime; but more about this in our next blog.

Posted in: Services Security IT IT Consulting Networking Security Computer Software  

'Bulletproof' solution to remote access security.

Posted by Michael Trimblett on 8 December 2020

One of the Essential Eight in Business Cyber Security

Multi-Factor Authentication (MFA) is typically described as a bulletproof solution to remote access security.

It is an effective way to add an additional security 'gate' to deter unwanted access to remote databases or sensitive information. Many of you may already have seen some version of MFA when you log into your bank account or when you re-log into your email account (such as Office 365) - once you have logged in with your username and password, you are then sent a text and asked to enter the code.

The Essential Eight guide defines that MFA is for VPNs, RDP, SSH and other technologies, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository. Why?: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.

The Small business cyber security guide defines it as a security measure that requires two or more proofs of identity to grant you access; Multi-factor authentication (MFA) typically requires a combination of something the user knows (i.e. something you know), something the user physically possesses (i.e. something you have) and/or something the user inherently possesses (i.e. something you are).

 

Examples of the three categories of identification could be:

Something you know:

  • PIN
  • Username/password
  • A secret question and answer

Something you have:

  • Card
  • Token
  • Random PIN sent to your phone

Something you are:

  • Fingerprint
  • Face scanning
  • Voice recognition
  • Iris scanning
  • Retina scanning

 

Most remote access security comes down to something you know; and that something is almost always a password. In creating a password, both length and complexity used together is the best defence. Length is perhaps more important (mathematically) from a time point of view. It will take less time to crack a 6 character letter, number and special character password than it will for a 16 character letter and number only password. It's also best not to do "keyboard walks" in password creation because every cracker will have them in their password lists. (Keyboard walking is simply typing in straight lines up and down the keyboard).

 

Our recommendations

Because the first factor in remote access security authentication is vulnerable (i.e. usually a password), then it's essential to have a second or even third authentication factor.

However, implementing multi-factor authentication can be a hindrance to users as it can slow down the access to the system. There is always a balance between security and usability. There is a curve that we look to when making decisions and recommendations about the balance. Our advice is that MFA should be implemented and we also know how to determine the right combination of MFA versus user's tolerances.

Loyal I.T. Solutions can help your business set up multi-factor authentication for services that support this technology.

 

I.T. hardware; essential for security and productivity

Posted by Michael Trimblett on 21 October 2020

Governments and authorities in Australia are escalating their focus on cyber-security, including introducing more guidance, advice and mandatory reportable incidents.

If your organisation is covered by the Privacy Act 1988, then the NDB (Notifiable Data Breach) scheme applies. In simple terms, any suspected or known cyber attack must be notified to affected individuals and the OAIC (Office of the Australian Information Commission).

The real aim though is to mitigate the risk of cyber attack and remember, apart from the likes of phishing and ransomeware; the other common attack is the simple theft of a customer database, which among other things contains names and passwords - this might seem harmless enough, but in the hands of the seasoned cyber criminals, that info gives them a shot at hacking your and your customer's accounts.

In our recent blog, we talked about the Essential Eight cyber security mitigation strategy; this is a strategy that ALL businesses should have in place. 

One of the most understated essentials for cyber security is having up-to-date hardware (laptops, desktops, servers etc). I.T. hardware becomes more vulnerable the older it gets and cyber crime is essentially random - the perpetrators are looking for the easiest targets. They use software over the web that, among other things, identifies the type and age of hardware and if it's over a couple of years old, they know all the vulnerabilities. A bit like a car thief and an older model car. 

Click here to view Loyal I.T.'s fact sheet flyer about the importance of having up-to-date hardware.

If you have any questions or concerns about the age or vulnerability of your I.T. hardware, please contact Kaylene or myself by email or call us on (02) 4337 0700.

To wrap it up, here's some facts and figures to re-emphasise the ever present threat; a small to medium sized business is just as attractive to cyber criminals as a large 'big prize' corporation. Just like a corner store or service station is just as vulnerable or attractive to criminals as is a big bank.

Some revelations from the survey How Australian Small Businesses Understand Cyber Security:

  • $29 billion lost by small businesses every year
  • Nearly 50 per cent of SMB's under-spend on IT security annually
  • One in five small businesses use outdated equipment and operating systems
  • Low implementation rate of an effective mitigation strategies

The latest NDB report indicates that 64% of reported breaches were Malicious or Criminal Attacks. Malicious or criminal attacks is broken down to:

  • Phishing - 24%
  • Compromised or stolen credentials - 22%
  • Theft of paperwork or data storage device - 12%
  • Rogue employee/insider - 12%
  • Social engineering/impersonation - 9%
  • Malware - 7%
  • Ransomware - 4%
  • Brute force attack - 4%
  • Hacking - 4%
  • Other - 2%

The same report highlighted the top 5 industries being attacked the most-

  • Health service providers
  • Finance
  • Legal, accounting and management services
  • Education
  • Personal services

Loyal I.T. has extensive experience in supplying, setting up, installing and maintaining business I.T. hardware (as well as software, systems and managed services).

 

 

 

 

 

Posted in: Computer hardware Services Security IT IT Consulting Networking Security Computer Software  

The Essential Eight-cyber security mitigation strategy

Posted by Michael Trimblett on 19 August 2020

Before we talk specifically about the The Australian Cyber Security Centre's (ACSC) recommended Essential Eight-cyber security mitigation strategy; let's put the situation in perspective.

Reports are continuing to reveal facts and stats on cyber security that are increasingly alarming for small and medium sized businesses (SMB's). There are more incidents and more dollars being lost than ever before. Let me take you through a few points.

Recently, The Australian Cyber Security Centre (ACSC) published the Small Business Survey Report: How Australian Small Businesses Understand Cyber Security. They received over 1700 responses. Some of the revelations from the survey are:

  • $29 billion is lost by small businesses every year
  • Nearly 50 per cent of SMB's under-spend on IT security annually
  • One in five small businesses that use Windows have an operating system that stopped receiving security updates in January 2020
  • Many businesses had incomplete or too little implementation of the Eight Mitigation Strategies

 

The latest Notifiable Data Breaches report indicates a rise in breaches (as reported under the guidelines for mandatory reporting). In the period July to December 2019, the main categories of reported breaches were:

  • 64% - Malicious or criminal attacks (including phishing, theft by insiders or outsiders, social engineering, malware, ransomware)
  • 32% - Human error
  • 4% - System fault

 

The same report highlighted the top 5 industries being attacked the most:

  • Health service providers
  • Finance
  • Legal, accounting and management services
  • Education
  • Personal services

 

It's no secret that I have a passion for auditing, analysing and developing & implementing strategies for cybersecurity mitigation. If I was to hone in on one 'go to' mitigation strategy, it would be the Essential Eight. It is a relatively easy to understand, 8 point strategy that in its whole, cover's all angles for cyber security.

The 8 essential points are under 3 distinct defensive lines:

Mitigation Strategies to Prevent Malware Delivery and Execution 

  • Application control; 
  • Configure Microsoft Office macro settings; 
  • Patch applications; 
  • User application hardening

Mitigation Strategies to Limit the Extent of Cyber Security Incidents

  • Restrict administrative privileges; 
  • Multi-factor authentication; 
  • Patch operating systems

Mitigation Strategies to Recover Data and System Availability

  • Effective back-up regime

The first and most blatant revelation here is that standard anitvirus software hardly gets a mention. An effective strategy is more behavioural and tangiable than it is digital and automated. And just like a business's physical premises needs a lot more than just locks on a door, a business's I.T. and data require many angles for effective cyber security.

If you have any concerns or ideas for your cyber security risk mitigation or even if you are not sure what you don't know, please give us a call for a no obligation discussion (on 02 4337 0700) or email me.

.....and here are some parting insights from the above mentioned ACSC survey.....

The most common barriers identified for small business owners to implement good cyber security practices are:

  • A lack of dedicated I.T. staff;
  • Complexity & self-efficacy;
  • Planning & responding;
  • Underestimating the risk of cyber security incidents
Posted in: Services Security IT IT Consulting Networking Security Computer Software  
< Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Next >

Latest News

Get the most out of your I.T. infrastructure without a physical server

Feb 09 2021
If your business operates from the cloud, you will likely not have a server on premises.  ...

Email contact

help@loyalit.com.au

for enquiries or log a job.

Just to let you know that Josh did a great job on Friday at St Leonards.

Tony Wilson
Read All
Bookmark SiteTell a FriendPrint