fbpx

Blog

Supercharge your PC’s with the latest nVME SSD Hard drives

If you’re tired of waiting for Outlook to load your emails or having to wait minutes in-between opening excel spreadsheets, you may want to consider upgrading your computer storage. In today’s small business environments; simultaneous computing is a very common and an often-needed ability, yet many PCs are struggling to keep up due to the read / write requirements of modern applications. This is where upgrading your storage can benefit you and increase your productivity.

The most common and slowest type of hard drive is the Hard Disk Drive (HDD) – the way it works is it stores data on a physical disk (think vinyl record style disk) inside of the chassis using a magnetic charge. It comes in a few different speed options although none of them come close to the next type of drive. The main advantage of an HDD is that it is cost effective for a large amount of storage. This meaning that it is rather low cost for a significant amount of data storage compared to the other storage options. If you need to store a large amount of data and do not care about how fast you access it – HDD is the choice.

Next is Solid State Drives (SSD) – the way this one works is using the same magnetic charge style storage as an HDD but without the moving disk inside the chassis hence the name Solid State. In terms of speed; SSDs are around 5x faster than HDDs but come at the cost of being more costly for the same amount of storage, around 1.5 times more costly from our experience. This price difference is rather low for smaller disk sizes used in laptops / workstations but when used in Servers / infrastructure the price difference is quite notable. Our recommended usage is to use SSDs on smaller storage requirement devices that require good read / write speeds (ie; Laptops, Desktops and Workstations) as the difference between an HDD and SSD is very noticeable.

Lastly, we come to the highest performance option, the Non-Volatile Memory Express Drive (NVMe Drive). The main difference between the NVMe drives and its counterparts is the way it accesses the data, instead of using an IDE or SATA connector it is instead plugged directly into the PCI Express slot for faster read / write speeds (if you don’t understand the difference between the connectors just note that the PCI connector has the word ‘Express’ in the name). In terms of speeds, NVMe drives offer 4 times the speed of SSDs which is incredibly fast considering the SSD is already 5 times faster than the HDD. The drawbacks of this being that the system needs to have PCIe slots (which are quite common) and the price. NVMe drives are around 1.2 times the price of an SSD equivalent. This can get quite costly for use in server / infrastructure but for regular user computers / laptops this price is quite manageable considering the speeds it provides. If you need the performance and don’t necessarily care about the costs, NVMe drives are the call. In conclusion, NVMe drives are the fastest and most expensive followed by SSDs which offer a nice middle ground in terms of speed / price and lastly there are HDDs which should only really be used for storage of files and other systems that aren’t actively used (think backups). NVMe drives are 4x faster than SSDs and 20x faster than HDDs whilst being nearly 1.2x the price of SSD equivalents and nearly 2x the price of HDD storage equivalents. The storage solution you use will be dependant on your speed requirements and cost dependencies. If you are willing to spend a bit extra you can get significantly faster speeds which can reduce load times and increase productivity although you should consider upgrading if your Hard Drive is struggling to keep up with your application usage.

Let’s talk about backups

Backups are an essential practice for any organisation aiming for high-availability and redundancy. Nowadays the importance of backups is generally understood but a lot of people tend to overlook how their backups are stored. It’s important to look beyond the scope of your system when analysing critical functions as external factors can be just as impactful as internal events.

So in this blog article, we will be analysing some of the common methods organisations backup their data and evaluate how effective their storage solutions are in the event of a crisis.

This is a thought piece and something to get you thinking about your backups and hopefully landing you in a place where you are at least doing a better job than average of managing your backups.

A very high level look a some of the common types of backups systems:

Backups are something many small business fail to understand and manage.

Method 1: Local Backups to Same Disk (LBSD)

The first method we will be discussing is Local Backups to Same Disk (LBSD). What this means is that the backup information is stored on the same disk as the backup source. This is a rather poor method of protecting your data as it is physically stored on the same disk which puts both the backup source and destination at risk in scenarios of disk failure / data corruption.

Allow me to explain the LBSD ideology with an example being a house with a spare key stored inside the house. In the scenario that you were locked out of that house; the spare key would be useless as it is being physically kept inside the resource that you cannot access. Overall, we don’t recommend any organisation use LBSD backups as their only backup source as they’re not impactful enough in the event of a crisis and often provide a false sense of security.

Method 2: Local Backups to an External Device (LBED)

The next method is Local Backups to an External Device (LBED); this involves backing up your information to an external device that is kept in the same physical location as the source of the backup.  Following our trusty house example; this would be the same as having the spare key be stored outside the house but still close enough if needed in a locked-out scenario (under a doormat or potted plant outside). This is a lot better than LBSD as it is not prone to the same shortcomings of having one unified weakness instead replacing that with two independent devices that would require both disks to fail / corrupt before any data loss occurs.

This means that LBED has twice the redundancy of LBSD for minimal extra effort. However; there are still risks to this method as both disks are physically stored together, meaning that any crisis that affects the entire physical location would still affect both drives. This possibility can be mitigated by having multiple external drives that are rotated between the location and an external safe location.

Remote Backups over the Internet (RBOTI)

The last method we will be discussing is Remote Backups over the Internet (RBOTI). Remote backups are done by running a backup much like LBSD / LBED and uploading the result to a trusted destination across the internet. This removes the risk of any data loss incurred by damage to the hardware or software. In the house / key scenario this would be the equivalent of giving the spare key to a trusted neighbour that can give the key back to you if required. This backup method comes with its own set of risks and challenges though; For instance, the channel that you use to backup the data or the data itself should be encrypted or else you would simply be sending a copy of all your data to every malicious user along its path. It is also important that the recipient is trusted to protect your data and takes measures to prevent malicious access to your data because having a backup is just as valuable as having the original copy for a hacker. Another downside to this method of backup is that the restoration time post-crisis is significantly longer with current infrastructure as the restoration data would need to travel back over the internet to be used locally. All-in-All, we don’t recommend this as an independent backup solution because of its limitations post-crisis.

But what about good old manual offsite backups?

So one thing that we decided to NOT include in our main discussion points is the good old manual offsite backups. This means physically taking data offsite and storing it somewhere safe. This is of course what many people have been doing for years and many still do, but these days it should be the last option you choose after you encounter blockers for the other options. In today’s world, most people are time-poor, and therefore, people are an unreliable part of your backup system, so their failings should be avoided and strictly managed as a result.

What should I be doing?

Well, the answer these days, is usually using a combination of method two and three. By Utilising LBED with a disk rotation as well as RBOTI you are ensuring your data is protected from many common crises that can and will affect your business. It ensures that in the scenario that a simple restoration is required your business is not out of operation for a large amount of time as well as giving you some form of business continuity if for example; your primary business location burns to the ground, or more likely, gets robbed with valuable computers and servers being taken. It also gives you added redundancy in the scenario that the backups themselves have data loss as you will have two possible restoration points.

There are many other discussion points that we could have veered down in this brain dump, but we hope this at least gets the risk management juices flowing. On a closing note, if you are in a position where you are managing a businesses data, being your own business or as a manager in anothers business, do yourself a favor and call AUIT and book in for a free consultation with one of our Business Risk Managers. We have some very affordable ways to greatly enhance and assist you with reducing your I.T business risks, as well as increasing productivity and meeting security standards.

At AUIT we love to have a chat with business owners and hearing about your experiences, so please feel free to comment on this article, or give us a call or an email anytime. All of our quotes and recommendations are 100% obligation free, so please do reach out to us at any time.

2 Factor Authentication

Keeping on the same train of thought as our last blog post about PASSWORD POLICIES; we will be talking today about two-factor authentication (2F / 2Factor), what it is and why it’s important.

The short version explanation of two-factor authentication is the use of a secondary external method of authentication as an added layer of security when accessing sensitive information. Throughout the past decade, the usage and reliance on 2FA has increased dramatically as cyber-attacks are becoming more complex and harder to protect against. Two-Factor authentication is an easy and effective way to essentially double the protection against attackers.

But what exactly is two-factor authentication and how does it work?

Two-factor authentication is when a software/service requires two separate forms of authentication before allowing access to a piece of sensitive information. This can be anything as long as both methods are secure and unable to manipulate/control the other.

For example, when accessing your Office 365 account it would require your password (stored in your Memory / Computer) as well as an authentication code from an app on your phone (stored on Phone).

This means that if an attacker wants to access your account they would require both your phone as well as access to your password. There are lots of different versions of this concept, but they all revolve around the same principle of two isolated forms of authentication. The isolation is important because if one of the authentication methods can control the other then it is the same as having a singular authentication method. Consider the above example;



If the mobile phone also had the users Office 365 password stored on it then the entire system becomes insecure. If that mobile phone is stolen the attacker now has access to the password and the secondary authentication method. This is why it is so important to keep your two-factor authentication methods separate.


But why does it matter?

Well over the past decade or so technology has advanced at an incredible rate. What was once secure is now considered ‘child’s play’ to compromise in the modern age of technology.

Take the example of an 8-character password matching Microsoft’s password requirements;

Passw0rd

By today’s standards, it would take 36.99 minutes to crack without password retry timeout policies.
That isn’t very long for a dedicated attacker – but with two-factor authentication, it wouldn’t matter because they don’t have access to the secondary form of authentication.


When should you be using two-factor authentication?

The short answer is anywhere that contains data you want to protect. The negatives of two-factor are that it increases the time taken to login to secured services/areas; so if it’s a service that contains information that you are willing to lose you could choose to not use two-factor. However, given the effectiveness of 2-factors ability to protect your information I’d say the benefits outweigh the negatives and you should use it wherever possible.



In summary, two-factor is the use of two separate authentication methods to protect data access to a secure service/software. It effectively doubles the security of the service being protected by adding an external layer that would need to be compromised if an attacker wanted to steal your data and lastly, you should use two-factor authentication wherever you can that stores information you want to protect.

Password Policy? Yes or No?

Password’s are an essential part of an organisation’s IT infrastructure. They are the first line of defense against attackers and usually the first thing to get compromised during a breach. This is why many organisations take great lengths to protect their passwords as well as the passwords of their users; often through invasive Password Change Policies which tend to do more bad than good.

As of April 2019 Microsoft is actually recommending disabling organisation-wide Password Change policies, not because of the Password Change policy itself but because of the effects it has on users trying to mitigate the hassle of maintaining a password change policy. When a user must change their password every 30/60/90 days they start coming up with strategies to ‘cheat’ the system; such as having the same password with incremental numbers (Password1, Password2, etc) or they start to write down their passwords in public locations (a sticky note attached to the PC). Both of these strategies are quite common and are often less secure than just having a singular strong password.

But what is a strong password? Microsoft constitutes a strong password as having 3 out of 5 of the following and being at least 8 Characters long.

  • Capital Letters
  • Lowercase Letters
  • Numbers
  • Symbols
  • Foreign Characters (こんにちは, Привет, 你好)

Whist we agree in principal, there should be some education around this so users do not come up with some easy passwords that satisfy the requirements; such as Password1. This is a insecure password but meets Microsoft’s requirements for a ‘strong’ password.

A good way to satisfy the password requirement, be secure, and even remember your password is: choose 3 short words that you will remember, then pick a symbol (such as $). You can now use these to make a password combination such as:

#IT#support#CANBERRA

or even the reverse is possible:

#it#SUPPORT#canberra

These passwords are more secure because of the length as well as being more memorable because it’s relating to a something that you chose.
If you can’t think of the words – that’s okay, you can use a free tool to generate some passwords for you and then you can choose the one that you think you would remember best. There are some password tools available online that let you customise how secure you want to password to be.

One of the websites is “A Secure Memorable Password Generator”: https://xkpasswd.net/s/

In summary, Password Change policies aren’t as secure as they seem on the surface – not due to any weakness in the policy itself but rather the effects it has on users that are forced to use the policy.

It is much better to use a singular secure password such as the style of passwords listed above.

A Super Simple (ish) risk management system for businesses

In our travels providing IT Support and various IT Services, we work with lots of different businesses.  Many small businesses start and grow very organically and have little time for pie in the sky ideas like “security policies”.  Usually it takes a mandate from a business partner or external stakeholder to prompt a small business to even start thinking about risk management.

The problem for many is that it’s very daunting to start with nothing, having no experience with any risk management system, and somehow end up with a valuable and solid system.

In our case, we enlisted the help of a security consulting firm.  The result was that we gained the internal knowledge and experience to run our own Information Security Management System (ISMS) and controls, based on the ISO 27000 series standards.

So, to help out our Business IT Support clients, we are going to share a few simple steps and cookie cutter templates that should enable many small businesses the develop and implement some management control of their Information Security and give them a head start into expanding on that.

So here we go:

The foundation of our ISMS Information Security Management System is identifying what data you have to protect, and then identifying the risks to that data and the IT Systems surrounding it.  Bear in mind that “protecting” the data means protecting its:

Confidentiality: Only those that should have access, have access

Integrity: Ensuring that the data is accurate and not accidentally or maliciously altered incorrectly.

Accessibility: Ensuring that the data is accessible to those that require access.

All 4 areas must be addresses to give a complete risk management strategy.

Step 1: Develop an “Information Asset Register”.  This is a basic list of the key information stores of the business.  See the below link for a template which includes some common small business assets.

Step 2: Develop your “Information Asset Register” into “Risk Register”, which is a list of risks that could affect each Asset.

Step 3: Mitigate your risks to a level of risk you are happy to bear by creating security “controls”.

Step 4: Schedule regular time slots where you check and revalidate your asset register, risk register and mitigation controls.

This is entirely a management process but requires deep understanding and consideration of the risks and possibilities, so you need to have a deep technical understanding of your environment.  As such it can be very helpful to enlist the advice of a professional consultant.

See attached a template to help get you started at Information Risk Asset and Control Register

 

Buy a computer

Buying a Computer for Business

Helpful guide on buying a computer for Business

Why does it seem like every time you buy an appliance – TV, Washing Machine, Fridge or a Computer they seem to fail at the most inconvenient time when they are just outside the warranty period? It’s so frustrating when things fail when you just want them to work.

As with the entire IT industry, computer’s rapidly change. Over the last few years, we have seen things change from spinning disks to SSD’s (Solid State Drives), more CPU power, smaller form factors, higher resolution monitors, all in one PC’s and much more.

The majority of hardware failures we see in devices these days are Hard Drive failures and less commonly power supply failures. Generally, we see a lot more failures and issues from consumer grade machines that are built to compete mostly on price, verse business grade machines that are designed to be robust.

When buying a new Desktop Computer, Workstation, Laptop or Tablet i treat the purchase like I am purchasing a new lounge. Yes, I mean “lounge”, you know that big comfortable thing you sit on after a hard day at work with your beverage of choice. Why a lounge? Well think about it, you might spend a lot of time on your lounge or you might not, but the time you do spend on your lounge you want it to be familiar, comfortable, reliable and recline when it is supposed to, and last a long time. This is exactly what to look for in a computer.

Think about the following:

  1. How long do you want the computer to last for? A good rule of thumb is 3 years, as this coincides with the warranty period for most mainstream manufacturers (for business grade computers) – That said, I am writing this on a 4-year-old laptop that I love and has not missed a beat but yes, I do have backups and I have backup machines I can use if this fails.
  2. What are you going to do with it? I always like to over spec a little, as I want the best bang for buck and to get the most mileage out of all my new devices. I, like many people, really hate when a computer doesn’t respond or is slow, and my stress levels are important to me so I like to have a high performing computer at all time.If you are doing graphic design, then you will need a machine that can handle what you are going to do with it. It is never a good idea to buy a $500 laptop from a retailer and expect it can handle AutoCAD or Photoshop (or anything really) with any reasonable amount of performance.If you only work on cloud-based products like Xero, Office 365 via the portal and web clients, then you might get away with a slightly less high performing computer because the workload of these applications is mostly done by the servers up in the cloud.
  3. Warranty – You may or may not know, but if you buy a business grade computer from a well-known manufacturer you can generally purchase different types of hardware replacement warranty. You can even get 24 hours a day, 7 days a week 2-hour onsite hardware replacement warranty. This essentially means that the manufacturer will send a tech out to your home or business and repair or replace your device within 2 hours. Not a cheap exercise, but various options are available. Most business’ use 3-year next business day onsite warranty which is much more cost effective. Think about your needs and talk to your supplier about what you need.
  4. Features – Do you ever use the Bluetooth on your computer? What about WIFI? Or maybe you need an Ethernet port or a large amount of storage. Think about what you need and try not to pay for features you will not use. Also think about things like weight, battery life, screen size and resolution.
  5. Hard drives: At the time of writing this (September 2018), I would never again purchase a computer or laptop with an old school spinning disk hard drive. It must be Solid state disk all the way. The difference in performance is huge and not an area to cut a small amount of cost.
  6. Laptop Screen resolution: One mistake I have seen a few times is getting suckered in to buying a laptop with a poor-quality screen and low resolution. Windows 10 is simply not going to work well with a screen resolution that is not FHD (1920×1080) unless you have a screen size under 14 inches. However, if you were to by a 15-inch laptop, with only a HD 1366 x768 screen, you will be trapped, and the only option is to drop it off a cliff (as you will feel like doing) and buy something better.

In conclusion, as someone who sees many different types of PC and specs, your order of priority when buys a machine should be:

1. Specification
2. Warranty
3. Looks
4. Feel
5. Smell
6. Taste
7. ……….
8. Price

AUIT helps many of our customers choose the right hardware for their requirements.  We would be more than happy to have a chat to you about your business computing requirements.  If this is of interest to you,  please contact us at https://auit.com.au/contact-us/

Fortinet 30E – Review

Firewall Fortinet FortiGate 30E – Review

Fortinet

 

In our day to day operations providing IT support to small and medium business in and around Canberra, we often are tasked with installing new networks or upgrading existing networks. As part of this process we come across a lot of different networking equipment such as, Routers, Switches and Firewalls.

More recently, we have rolled out several different Fortinet products including the Fortinet FortiGate 30E Firewall.

The Fortinet FortiGate 30E is a compact unit not much bigger than your typical ADSL/VDSL router, its heavier than it looks and is a relatively plain looking device. It has a USB port, a Console Port, 1x GE WAN port and 4x GE Switch Ports.

The FortiGate 30E is much more than a typical firewall. It has many features and a lot of ability for its sub $1000 price tag. Its features include, IPS (Intrusion Prevention Scanning), NGFW (Next Generation Firewall), Threat Protection, AntiVirus Scanning, Web Filtering, DNS Filtering, Application Control, SSL VPN and even a Web Application Firewall for those wanting to run on premise web services.

The claimed throughput on this device is 950Mbps (Standard Firewall), 300Mbps IPS, 200Mbps NGFW and 150Mbps Threat Protection Throughput. Whilst we have not tested the maximum throughput, we have installed these devices in multiple locations with 100Mbit NBN connections and around 15 – 20 users without any issues.

The interface is very intuitive, and settings can easily be found, I wouldn’t say its super easy to configure for a novice, but with a little know how these devices can be deployed very quickly and very seamless.

Fortinet Dashboard

The visibility into network traffic is amazing once you know where to look. You can look at FortiView which provides information on traffic in and out of LAN/DMZ and traffic from the WAN interface. This gives you a good summary of the bandwidth used by device, by application, the category of the traffic and the risk associated with the traffic. You can also look under Log and Report for real time traffic, what policy is being used, application control and web filter triggered events.

Fortinet Fortiview

With all Business Telephone Systems being switched to VoIP (Voice Over IP) on the NBN in Australia, it is imperative to ensure bandwidth hogs do not affect the quality of telephone calls in your business. One of the excellent features of the FortiGate 30E is the Traffic Shaper. You can assign a high priority to VoIP traffic and a minimum amount of bandwidth to ensure you clients can hear you clearly and concisely.

Business owners might also be thrilled at the ability to schedule firewall policies. For example, if you wanted to lock users out of social media except for during their lunch break, you can do this with ease with Fortinet Schedules.

Overall, we have found this device to be very stable with a high level of protection and performance. We would recommend this product to all small business who require more protection and visibility than a default ADSL / VDSL modem / router built in firewall.

The only downside of FortiGate Firewall 30E is for reporting and any logging of events outside of what is happening right now, you need to purchase the additional FortiAnalyzer. Which does have some cool features, but pushes the price of the solution up. It is well worth it if you are interested in exactly what is happening on your network.

There is an annual subscription for the FortiGate products, but not overly expensive. I can’t say this is the best firewall on the market under the $1000 mark as I have not tested them all. I can say that value for money we are very impressed with the level of protection and performance.

This is not a paid review.

Why we partner with JINGL.com.au

At AUIT we are always on the lookout for great solutions to implement for our customers that give them real world business advantages.  Often we implement the exact same solutions for customers as we use ourselves and so it is the case with the hosted phone system solution (also known as a hosted PABX) provided by JINGL.com.au.

A few years ago we were moving offices, so we started looking around at our phone system options.  Back then the normal thing to do was to ring up Telstra, get them to install some phone lines and hook them up to a phone system in your office and run cabling for your telephones.  So at the time hosted phone systems were fairly new, however once we started looking into it we soon discovered the many benefits.  At the time we took out trial accounts with many of the hosted PABX offerings so we could do a direct shootout.

We discovered that JINGL offered many benefits over the competition and for us this included:

1. A super easy to use interface for managing your phones and your phone bill.  This was REALLY what set JINGL apart when we tested out all the competition.  JINGL’s management interface really is just way ahead of most of the competition.  Within 30 minutes of getting a trial account I was ready to signup as the interface was easy, intuitive and just worked.  In comparison the interface of many of the alternatives was clunky, difficult to understand or just lacking in the required features.  This made JINGL the winner!

2. Flexibility to automatically and manually direct calls.  This is especially important in a 24/7 support scenario to allow us to divert calls to techs who may be out of the office or working from home.

3. Redundancy:  A very important factor for us was redundancy.  If for whatever reason our head office was to be unavailable (fire, flood, theft, power outage etc), then we simply need to run to our backup site and the phones will be working as there is no dependency on a physical phone system at our head office.

4. Features such as autoresponders (press 1 for sales, 2 for support etc).

5. Amazing pricing.  When we compared our phone bill, to what we could expect under JINGL, the JINGL solution was way ahead on price.  This has held true for most of the customers we have helped to move to JINGL.

There are many more really useful features of JINGL, but these were the big ones for us.

So for this reason we now have a partnership with JINGL where we provide professional services to help our customers to move their existing business telephones to the JINGL platform.

If you would like to talk to one of our consultants about your options, please give us a call on (02) 6176 3400

Office 365

Office 365 for Email – Migrations and Downtime

Office 365 for email – Migrations and Downtime.

Some of the questions we get asked all the time when switching clients to Office 365 for email is: ‘How long does it take?’ or ‘Will there be any downtime?’

I thought I would write a post about these two questions specifically, in the hope that it can at least put you the reader at ease when deciding if Office 365 for email is for your business.

‘How long does it take?’

This is not a simple question, but has a simple answer – it depends. The time it takes to perform an Office 365 mail migration depends on a number of factors, factors you should consider when planning to move your mail services.

How many mail boxes? Obviously if you have 5 mailboxes, it will take less time than if you have 50 mailboxes, and 50 mailboxes will take less time than 500 mailboxes and so on and so forth. The more users the more support and admin will be required for the transition.

What type of migration? There are 3 types of standard migrations that can be performed to migrate email to Office 365 email, Cutover Migration, Staged Migration and Hybrid Migration. This is of course assuming you are coming from some type of Exchange based solution whether it is On Premise or Hosted. We also perform what we like to refer to as a custom migration, which is where we might move you from POP, IMAP email from a different source like Gmail or Mac Mail Server etc etc. The type of migration required will affect the required time to perform the migration.

How much data? The amount of data to import into Office 365 email is generally the biggest factor in determining the amount of time required to perform a migration. If there are 10 mailboxes with 2Gb of email, this will be 20Gb of data that has to be uploaded to the Office 365 servers. Now I am not sure if you have ever tried to upload 20Gb of data on a poor ADSL2+ connection but it’s not great fun. Now imagine if you have 100 users with 10+Gb mail boxes.

Internet Speed? If you are importing your existing email into Office 365, and why wouldn’t you. The data has to be uploaded to the Office 365 servers, and depending on the migration type re-downloaded to sync your new mailbox. For example, if you are moving to Office 365 from a hosted IMAP solution like Gmail, then the email generally will be uploaded from those servers which you would assume would have a decent internet connection, but then you have to have Outlook connect to the Office 365 Exchange Servers and download all of your email, calendars and contacts, which depending on your Internet connection speed will vary.

Aftercare support? So you have migrated all of the data, users are connecting with Outlook and everything is going well. Until your phone starts ringing and a user no longer has their email address autocomplete from before the migration, or they are missing Calendar items or maybe they can’t connect their iPhone to Office 365 for email. Allow time to provide support for these types of requests. There will always be things that can get missed, the most common ones are Scan to Email for on premise scanners, signatures, and email address auto complete.

The time it takes is generally not an issue as generally there is no interruption to services while the migration is being performed – if planned correctly. We recently performed a staged migration of a Hosted Exchange 2010 server with over 1000 mailboxes and 3TB of mailbox store, this migration took weeks of planning and preparation and was seamless to the end users with very little impact to the hundreds of tenants hosted in that environment.

‘Will there be any downtime?’

If everything has been done correctly, there will be very little interruption to business email services. The majority of the work is done during the planning, preparation and migration phases, again, if planned and prepared correctly. At most the interruption should be while a mail client is re-configured to connect to Office 365 and the mailbox is synced, during this time if there are any urgent emails that are waiting to be sent or received, keep in mind the user can always use Outlook Web Access or the webmail client.

So if you are thinking of migrating to Office 365 for email, which is an awesome tool for any business ensure you plan thoroughly, stay informed and communicate with your users, this will ensure a smooth migration and everyone will be happy, and of course if you need help or would like someone to do the migration for you get in touch with us here at AUIT and we will certainly be able to help.

Common Scams and some tips on avoiding them.

As a managed service provider we deal with a lot of different businesses and a lot of different users.  As part of our commitment to those businesses and users,  we like to ensure that security (and especially security around I.T systems) is kept at the front of customers minds.

IT Security Investment Scams

One way to do this is to share some stories about security incidents that we have witnessed or been asked to assist with.  So here are a few:

————————————————————————————————————

The virus borne internet banking scam.

So one day the manager of a small business we look after called to say that they had a problem with their internet banking and that the bank had called them to alert them to the fact they had a virus.

Of course we rushed to help them.  We were put in contact with the bank and were informed that the customer had put a transaction through to a suspicious account.  On double checking of the details it was found that the suspicious account was not that account that the customer had tried to make a payment too.

On running a scan with their antivirus it was found that they did in fact have a virus.  Now this customer had fully up to date and good quality antivirus at the time they were infected,  however the AV had since run an update which then enabled it to detect what it had previously been unable to.  Meaning that the virus had hit this customer before the Antivirus software makers had been able to detect and update their software.

So the virus had intercepted their payment via internet banking and tried to divert the funds (the payment was for around $20,000!) to another bank account.  Lucky for the customer the bank had noticed suspicious activity on that account and blocked the transaction instantly.

The customer has since implemented a secure CommBiz Netlock system which is a custom and locked down browser along with 2 factor authentication token generator.  This is an excellent service from the commonwealth bank that we highly recommend.  More info at https://www.commbank.com.au/business/online-banking/commbiz/security.html

Using passwords leaked from one website, to blackmail the user.

A customer called us and reported that he had received an email, with his “standard” password in the subject.

The email went on to inform him that his computer had been compromised and that they had used his web camera to record him watching pornographic material and that if he didn’t pay a ransom in bitcoin,  then the video would be distributed to all the contacts in his email.

This customer had actually long since stopped using a standard password for all his only services, however he was obviously alarmed at the fact that the subject of the email was the password that he used to use for many site.

So the question was, is this real and how do they know my password?

We took a look at the email and then had a look at https://www.scamwatch.gov.au/  The twitter feed at https://twitter.com/scamwatch_gov is an amazing resource for information of scams that are currently doing the rounds.

Then we also put the users email into the site https://haveibeenpwned.com/  which is another great tool that I send to my customers just to get them thinking about their password and personal information security.

We discovered that the user had had their password leaks from multiple sites,  however it appeared likely that the culprit was the Linkedin hack of 2012.

Protecting yourself

There are a number of things you can do, over and above security awareness, to help protect your users from scams.  We recommend the following:

1. Two Factor Authentication

Enable 2 factor authentication – (2FA) on every system where it’s supported.  2 factor authentication is “Something you know” and “something you have”.  Combinations usually include a password plus a security code generator, or password and an authentication app on your mobile phone.  This can greatly reduce the impact of someone stealing or guessing your password.  Every day more services are offering 2FA including Office 365, internet banking, paypal, facebook, ebay and many more.  Setting up 2FA is a slightly different process for each service, but usually fairly straight forward.  The service will usually offer some documentation or guides on setting it up.  AUIT offers consulting services where we can assist you to enforce 2FA on your business systems and ensure all your users are covered.

2. SPAM Filtering and Virus Filtering for Email

SPAM Filtering – ensure you have a decent spam filtering system to block virus and spam emails.  We use and recommend the spam filtering services from GoHosting.  https://www.gohosting.com.au/security/spam-filtering/

3. Web Filtering Firewall

A good web filtering firewall.  A good firewall can greatly assist in providing a secure working environment for your users.  We use and recommend Fortinet products.  For businesses we recommend the excellent web filter that Fortinet offers on their firewalls.  These can help block access to malicious sites and content that your users may inadvertently try to access.

4. Monitored Antivirus and Malware Protection

Monitored Antivirus – On many occasions we have seen users who either don’t have any antivirus installed, or their installed antivirus is out of date or not functioning at all.  So it’s important that you come up with a strategy for making sure that your antivirus is working and up to date.  At AUIT we install our remote management and monitoring software on all users computers, which is bundled with a high quality antivirus system and gives us visibility and alerts us if any users antivirus stops working or detects a virus.