Scam Alert! Aug 2018

Posted by Maddie McKechnie on 1 August 2018

The latest phishing attack has made its way to the Loyal I.T. helpdesk today - with a cleverly disguised PDF attachment that asks for your email credentials.

You may have email correspondence back-and-forth with a potential client or customer that on the surface appears legitimate, but quickly goes sour once they attach a PDF document they say is related to their query, or is confirmation of their purchase.

This PDF may also appear legitimate - with a warning inside that says it has to be viewed in Adobe Reader (see left image below). If you click on this warning, you are then taken to a website that asks you to login with your email credentials in order to view the document (see right image below). These email credentials are then sent straight to the attacker, who now has full access to your email account - as well as any accounts that use those same credentials.

Phishing attempts put your business at risk, as attackers gain access to your email accounts and can send fraudulent correspondence on your behalf. This can include false bank details, theft of data, or correspondence that may damage the reputation of your business.

If you think your password has been compromised, please do not hesitate to give our office a call on 02 4337 0700.

 

Posted in: Misc IT Networking Security  

Business data backup by the numbers 321

Posted by Michael Trimblett on 11 June 2018

Like currency, your business data is life-blood; and there are many ways that business data can be lost.

Why is a reliable backup process necessary? Small to medium-sized business are statistically more likely to lose data and it can be devastating. Here's why:

  • You lose a big part of your currency to operate
  • You spend a significant amount of time and money re-working important files
  • You could be unknowingly contravening the privacy act
  • Unscrupulous people or competitors could gain access to your business information
  • Your customers' details such as email and/or mail addresses, credit card or bank details and other personal information could become available publicly

There are a series of ways to help prevent the loss of business data such as having up to date anti-virus and software security plus simple procedures and cybersecurity awareness for staff. But no matter what and how much, these will not entirely eliminate the risk. Therefore, a simple but reliable backup plan must be part of any business's procedures. The backup process will then ensure that in the event of data loss, you can recover an up-to-date duplicate record of files. And just to confirm, there are many simple (and not so simple) ways that your business data could be lost forever:

  • Theft of, or an employee loses or damages, a laptop
  • Accidental (or deliberate) deletion of files
  • Loss or damage of portable storage devices (USB or similar)
  • Physical access by an individual to unsecured documents
  • Inappropriate access to personal records by an employee
  • Breaches from hacking including ransomware
  • An employee (usually without malice) changing key attributes in 'settings'
  • Non-compliance to simple procedures such as password management and email/links protocols

Chances are, one or more of these have happened to you, or you know someone who has experienced one of these.

The 321 Backup process

You probably know about it, it's been tried and proven for many years but still to this day, not everyone has a reliable backup process in their business. The 321 backup process is simply:

3 separate copies of files
2 on different local devices devices/medium
1 offsite (NOTE: Dropbox, Google Drive or OneDrive are not strictly backup because if you delete a file on your device, it will also delete in the offsite folder).

Here is an example of an effective 321 backup process. Your business has an onsite server with 5 onsite PC's on the network and 3 offsite laptops also connected to the server via the internet. All files reside on the server. There is a hard drive backup on site hooked to the server that copies all the files. There is also a backup "in the cloud", where the files are updated and stored offsite. In this example, there are 3 copies of the files, 2 of which are on independent onsite devices and 1 copy is offsite. There can be variations on this theme depending on the configurations of desktops, laptops and users but the ratio of 321 shouldn't change. The challenge is to configure your 321 process so that backups occur at an appropriate frequency through a mix of automation and procedures.

If you would like to discuss your computer and network security or if you would like to know more, please contact Loyal I.T. Solutions on 02-43370700 or email Michael Trimblett

LOYAL I.T.- We specialise in I.T. solutions for your business; providing software, hardware, networks, configurations, consulting and support for 15 years from their base on the Central Coast.


Posted in: Services Security IT IT Consulting  

Most businesses must now report data breaches

Posted by Michael Trimblett on 9 May 2018

Protecting your business data is no longer just common sense

The chances are that if you experience any form of data breach, then not only is your company's information at risk but you are also at risk of breaching the privacy act. It's often assumed that data breach only means being hacked by a sophisticated gang from a rogue nation trying to influence votes or steal national secrets; It is more often associated with the wrongful acquisition of personal information that is residing in the databases of small to medium-sized businesses.

From February 22nd this year, the federal government has amended the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.  It now includes mandatory reporting if your business:

  • Turns over more than $3M per year or;
  • Is a credit reporting body or;
  • Is a health service provider or;
  • Is a Tax File Number recipient.

You might be surprised at what constitutes an eligible data breach and how a breach could occur. An eligible Breach refers to the unauthorised access, loss, or disclosure of personal information that could cause serious harm to the individual whose personal information was involved in the data breach.

"Serious harm" in this context, may include physical, psychological, emotional, financial or reputational harm.  This affects any business who holds personal information about their clients such as medical records or credit card details.

Examples of data breaches can be in the form of:

  • Lost or stolen laptops or other mobile electronic devices.
  • Database breaches from hacking.
  • Physical access by an individual to unsecured document recycling.
  • Unauthorised access to personal records by an employee.

Data security is an on-going issue for all businesses and this change to the privacy act has added another dimension to the responsibility of most businesses.

To notify of a data breach, visit the Office of the Australian Information Commissioner's (OAIC) website and fill in the "Notifiable Data Breach Form".  If a business fails to disclose a data breach on more than two occasions, the OAIC can seek a penalty of up to $21M.

Digital information loss is by far the hardest to protect against as hacking attempts can take place from anywhere at any time.  Simply clicking on the wrong email or visiting a compromised website can lead to your customer's data being leaked.

If you would like to discuss your computer and network security or if you would like to know more, please contact Loyal I.T. Solutions on 02-43370700 or email Michael Trimblett

LOYAL I.T.- We specialise in I.T. solutions for your business; providing software, hardware, networks, configurations, consulting and support for 15 years from our base on the Central Coast.

 

Posted in: News Services Security IT Consulting Networking Security  

Merry Christmas and Happy New Year!

Posted by Michael Trimblett on 20 December 2017

Loyal I.T. Solutions will be closed from midday December 22nd through to 8:30am on Monday January 8th.  We will have select members of our team available for emergencies between these two dates.  Should you require emergency assistance during that time, please contact our office on 02 4337 0700 for instructions.

We thank all of our clients for your continued support during 2017.  Wishing you and your families a very Merry Christmas and all the best for 2018.

Posted in: Misc  

Email and passwords leaked - how to check yours.

Posted by Michael Trimblett on 31 August 2017
Email and passwords leaked - how to check yours.

It's happened again.  Yahoo reports there has been a huge data leak of the email addresses and passwords of 771 million people.  I did not escape the breach, nor did many of the email addresses we use at Loyal I.T.

Currently, it is unknown where the breach occurred, but it is important for everyone who has been breached, to update your password to something new and most importantly, something strong.  Strong passwords are generally over 8 characters long, contain a capital letter, a number and a symbol.

To check to see if your email address and password have been compromised, visit https://haveibeenpwned.com/ and enter your email address.  If you have been pwned (the internet's cute way of saying "owned") then it is suggested to change the password for that email account and for any accounts you use that email address to log in to.

With any luck you won't see:

mtpwned

If you need assistance with updating your passwords, please contact us on 02 4337 0700.

Posted in: Security  
< Previous | 1 | 2 | 3 | 4 | 5 | 6 | Next >

Latest News

Scam Alert! Aug 2018

Aug 01 2018
The latest phishing attack has made its way to the Loyal I.T. helpdesk today - with a cleverly...

Email contact

help@loyalit.com.au

for enquiries or log a job.

As you know we have rolled out today the first of our Articles to our accountants database. I just wanted to thank you for your assistance in setting the database up.

Also, I thought I would let you know that Josh did a great job today in sorting out my problems with Quickscibe. He was very tenac...

Kathy Matri
Read All
Bookmark SiteTell a FriendPrint