Technology

SMBs Easy Targets for Cybercriminals

by Ryan on June 27, 2012 · 0 comments

AVG (AU/NZ) advises Australia’s smaller organisations to treat Internet security as a management issue not simply a technology debate.

MELBOURNE, 27 June 2012AVG (AU/NZ) Pty Ltd, distributor of AVG Technologies’ award-winning AVG Internet and mobile security software in Australia, New Zealand and South Pacific, warns that many small- to medium-size businesses (SMBs) are still easy targets for cybercriminals.

The recent Australian Business Assessment of Computer Use Security (ABACUS) survey from the Australian Institute of Criminology confirms the high proportion of SMBs that are continuing to take unnecessary risks with their business security. For example, less than 1 in 10 SMBs were found to be automatically updating their computers.

As the inexorable drift towards the mass use of mobile technology in the workplace becomes manifest, combined with SMBs failing to employ the most basic protections, small businesses are leaving themselves vulnerable.

Australia’s smaller organisations are embracing technologies that facilitate mobile working, and yet are not fully alert to the additional risks to business security. For example, businesses are readily adopting social networking as a promotional opportunity to engage with customers, but further precautions such as web link scanning are required to protect against associated online threats.

Michael McKinnon, Security Advisor at AVG (AU/NZ), said: “If you are the owner of a small or growing business, chances are you think you are too small for cybercriminals to be interested in you.  But you are well advised to think again.  With many cybercriminals using automated scanning tools, unless you protect yourself they’ll eventually find you.”

From his perspective, McKinnon knows that SMBs remain focused on traditional IT vulnerabilities like e-mail and web viruses and tend to be more concerned about losing access to files and replacing hardware. But the dangers also lie in security breaches. These are the costlier risk in terms of lost sales and revenue opportunities. According to the AVG SMB Market Landscape Report 2011, the average cost of a security breach is US$6,370. “Without safeguarding against emerging trends such as information theft and social engineering, SMBs are leaving themselves wide open to the cybercriminals,” he said.

AVG (AU/NZ)’s guidance is to treat Internet security the same way as corporate governance and brand protection. McKinnon says: “This is a boardroom issue, not simply a technology debate.

cyvber criminals attacking australian small businesses

“No company should be operating without stringent online safety precautions in place, particularly when affordable, effective measures are readily available to them. Having full featured, automatically updated, always on anti-virus and Internet security software running across all company computers and employees’ mobile devices is a must for business continuity.”

The trend is for executives and staff to access e-mail and other proprietary data from more than one device. The risks of not securing them properly are very real. If malware on a mobile device is allowed to remain undetected by users, criminals can gain access to confidential corporate data.  The cost in terms of time and expense associated with cleaning these up is often substantial. A report by Computer Economics defines the ‘direct’ costs of malware infections as:

  • Labour costs involved in analysing, repairing and cleaning infected systems
  • Loss of user productivity
  • Loss of revenue due to loss or degraded performance of system
  • Other costs directly incurred as the result of a malware attack

Just as business owners lock their doors to keep out burglars, the same should apply to the online world.  To bring the shutters down on cybercriminals, SMBs should:

1.      Keep protection updated for all computers and mobile computing devices – including USB memory sticks, memory cards, portable hard drives, MP3 players, cameras, smartphones and tablets – that are brought in or taken home by staff, contractors, clients and visitors.

2.      Ensure backups are occurring automatically and plan for reducing disaster recovery restoration times.

3.      Promote strong password management, with passwords that are not easy to guess, are as long as possible, and which preferably include a combination of upper and lowercase letters, numbers and symbols.

4.      As a first line of defence in social networking activity, use AVG’s ‘scan before you click’ LinkScanner technology, embedded in its anti-virus and Internet security solutions, to ensure shared links and files are checked and safe.

5.      Ensure staff always log out of every application or social networking site, and always use the highest rather than default security settings.

6.      Provide staff with written security guidelines to keep them and your business network safe. Don’t assume that all your staff are tech savvy.

7.      Enforce this robust internal policy with regular security audits.

8.      If you need to provide visitors with Internet access, invest in networking equipment that provides a DMZ “De-Militarised Zone” that will give your visitors restricted access so they can’t infect your systems, install software or log into your files.

References:

Australian Business Assessment of Computer Use Security (ABACUS)

Australian Institute of Criminology

For the series of informative security tips, how-to and fact sheets see: www.avg.com.au/resources/security-tips/. For video tips from AVG (AU/NZ), see: www.youtube.com/user/avgaunz

Keep in touch with AVG (AU/NZ)

Essential Windows Security Tips

by ijan on June 18, 2012 · 0 comments

 

Windows

Security is so important in today’s world, credit card fraud and identity theft are increasing day and those committing cyber crime are generally a lot smarter than the rest of us when it comes to security. It is however easy to add some basic protection around yourself simply by following simple steps as well as using services that are offered to you free by Microsoft.

  1. Use a strong password

Passwords are the first line of defence when looking at security. Too many people use passwords like Joe123 or simply password, this is akin to giving a thief a briefcase with ‘000’ set as the lock code.  A strong password contains upper and lower case characters, numbers and special characters, for example: J03I9s!ga.

Additionally don’t store ANY passwords on your PC or within your browser and change them at least every 3 months, some of my passwords are 20 characters long and contain all multiples of what I have mentioned above so  I personally disable any feature that allows me to store passwords just to ensure i’m saved from the temptation of clicking ‘yes’.

  1. Keep Windows Updated

At Crucial we always encourage our customers Windows VPS customers to do on a weekly basis. Windows updates are so easy to setup and control, you can choose to let Windows download and install the updates for you at selected times or as it please or even just download the updates so you can update your PC when you’re ready to. I like to read up on the updates before applying them so during the week I’ll let Windows download them for me and on Friday afternoon before I head home i’ll pick and choose what I want and update my PC.

[click to continue…]

Where did these Clouds come from?

by ijan on June 6, 2012 · 0 comments

I’ve been in the Hosting industry since 2006 and while this may be considered by some as short term I have been lucky enough to not only see but also be part of the change from what used to be a Web and Dedicated Hosting industry to the commercial Virtual and  Cloud world that it is today.  I get asked all the time “what is Cloud Computing” , the truth is everyone you meet will probably have a different opinion on what it is however the generally accepted description nowadays is that ‘Cloud Computing is the delivery of hosted services over the internet’. The end goal of cloud computing is to provide a scalable and easy to use service that reduces your I.T footprint while also saving on costs.

Failed cloud

There are three types of Clouds, Public Clouds, Private Clouds and Hybrid Clouds and further yet they can be broken down into Infrastructure-as-a-Service (Iaas), Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS). Let’s explore these in more detail.

Cloud Types

Public Cloud
A Public Cloud provides hosted services or Cloud/Virtual Servers to the public, my company Crucial Paradigm provides public Cloud Servers in Australia through the IaaS format, Rackspace is a leader in this industry within the United States and Amazon is the World’s largest Public Cloud provider.

Private Cloud
Private Cloud or as sometimes referred to as Enterprise Cloud is functions the same as a Public Cloud however is hosted by a company and deployed over their own network and data center. This type of Cloud offers an organisation increased security as it is not open to the general public. Some companies also choose to lease servers directly from a hosting company to create their own Private Cloud.

[click to continue…]

Real time IT support has evolved but is it the best fit for your business

by roger on March 27, 2012 · 0 comments

Technical support for any business can be critical.   You and your users need access to help desk – or an equivalent – at some time, especially if something happens to their computer during the working day.   Even with in house technical staff most businesses need access to higher level support when something drastic happens.

The business world has been struggling with the line between in house technical support and out sourcing the support to an external company ( Managed Service Provider, MSP)  There are ups and downs with both types of support and depending on the model that is deployed will depend on which one is the right fit for your business.

There are a number of points of difference with both types of support:

The onsite technical support is usually a hobbyist who dabbles in IT but has a more important and lucrative role in the business.   This higher role can impact your business support while he juggles between the two roles, most of the time it is the IT support that wins because it is usually “more fun”, leaving your business with a hole in the business systems. Additionally you also have to provide for the costs of training and once these people have been trained, using your money of course,  how do you retain them and stop them from moving on.

So the In-house support can be lacking in ability, but the right abilities and technical skills required to support your business can be expensive, the business also has the additional overheads of leave, super and tax for the technical support staff.

IT support

The business benefits in a number of ways from having on staff based technical support including the ability for someone with a problem to go to the desk of the tech support person to get help.  So convenience is one of the best points.   In addition to convenience there is the point that in house technical support, end up knowing and understanding the technical requirements of the business, sometimes better that the CEO.

With outsourcing to an MSP, the problems are more related to the assignment and prioritisation of your business in the MSP’s methodology.   How do you ensure that when something fails that they will be looking after your interests and have the best person on the job as soon as possible.  This can be resolved with a good Service Level Agreement (SLA).

The benefits of outsourcing your technical support to an MSP, are many but these are the main points.   You get a standard cost that is part of the operational expense of the business.   This cost is usually a lot less than having an on site support person.   A good outsourced technical support company will also monitor all of your systems with alerts and notification when something happens.   This monitoring usually means that they know something has broken, and they are working on a resolution, well before you realise that your business has a problem.

The further combination of a help desk or support contact and well trained technical support people means that you have high level support when the business needs it, especially during business hours   This, in combination with a standard monthly rate that covers all of contacts to the help desk generated by your business, all repair work and all monitoring,  then real time IT support is a good fit for most businesses.

How to improve your website through Search Engine Optimisation

by Daniel Benton on March 20, 2012 · 1 comment

For small businesses trying to establish an online presence, Search Engine Optimisation (SEO) is a highly effective way of increasing inbound traffic to your website. However, not all websites are created equal and it’s important that business owners understand the fundamental design techniques of SEO so they can effectively attract relevant consumers and get their website working for them.

Each month, Australians enter 1.3 billion searches into search engines, many of which are completely unique. Businesses need to know what consumers are likely to search for when looking for a business in your industry, and then tailor their websites accordingly.

Search engines don’t simply match a search term to a website’s content – they evaluate the importance, value and relevance of millions of websites based on a variety of factors before rewarding the best websites with a top ranking. A good way of understanding what search engines are looking for is to analyse the websites that are currently working well for your target keywords and develop a competing strategy to get you on the front page.

Some websites are designed in such a way that it is nearly impossible for a search engine to find them. You may find that you need to make changes and improvements to the structure, design and layout of your site, so keywords and content can be positioned more prominently and logically.  A good website layout will create a more user-friendly experience for both customers and search engines.

SEO for aussie small business

When developing content for your website, you need to ensure that the content is aligned with the keywords your customers are searching for and consider how effectively it solves their problems. In a dynamic, fast-paced industry, your content must be updated regularly to remain relevant and effective in attracting traffic.

Inbound links (links from other websites) and social signals (shares, tweets, likes, RSS feeds) are a crucial part of search engine algorithms when it comes to determining who is awarded a top ranking.  In the most competitive keyword arenas, the sites with the best links, content and social connections win. There are a multitude of link building strategies or ways to boost your social credibility. Some of the best to consider include:

  • Guest blogging
  • Twitter and Facebook integration
  • Directory submissions
  • Event & Organisation Sponsorships
  • Widget, Tools and Viral content
  • Participating in relevant social media channels (forums, blogs, Q&A sites)
  • Public Relations (mentions and links from trusted news sites)

And finally, you may want to consider approaching a SEO consultant or SEO-literate web developer to evaluate your website to determine what improvements can be made to enhance your SEO performance.

Daniel Benton is the General Manager – Search, Salmat Digital

Protect the bottom line

by KineticIS on February 22, 2012 · 0 comments

When we are struggling to increase or maintain revenue we need to protect the bottom line!

I am not sure if it is because I am Scottish or because before my long career in the IT industry I was an accountant, but my obsession with spend control within an organisation is verging  on the obsessive.

small businessNow as a businessman I better understand the need to grow an organisation through sales, and indeed sometimes through acquisition. We all want our companies to grow and deliver better bottom lines whether that is for the benefit of shareholders or just for the benefit of the company.

In the current climate, growing a business by increasing revenue is a tall order and in some industries, with shrinking revenues. Often organisations try to maintain sales through discounting or sales, for example in the retail industry, which whilst helping to maintain turnover means that tighter margins and ultimately profits suffer.

Whatever way we look at it, growth is a difficult task and organisations start to look at ways of reducing cost. We have seen the reduction levels of staff within the financial sector and store closures in the retail sector.

The concept is simple – with reduced revenues the only way we can maintain profit is to reduce cost. Now I’m not saying there is no case for some redundancies or closing down stores that are not profitable, but controlling expenditure in an organisation is paramount.

So how do medium to large organisations get a grip on the expenditure? The answer is simple – improve your procurement systems and empower your procurement departments to deliver savings.

eProcurement delivers real savings to organisations through better control of spending and eliminating maverick spenders, in addition to reducing internal cost within an organisation.

The control of expenses for employees outside of the normal purchasing process is also another huge area for consideration. Most commonly, travel and accommodation costs incurred on behalf of the organisation need to be reclaimed.

In many cases the process to do so is a manual effort, with no validation or appropriateness checks. Claims get paid without authorisation or reference to the ‘corporate rule book’. A lack of control in this area introduces risk!

Aberdeen Research estimate that organisations are losing $260B in annual profits due to their inability to organise and analyse spend data and implement best practices to capture lost savings. That’s staggering!

The strangest thing is the ease that spend control can be implemented, the low-cost to do this and the incredible buy-in from end-user due to the simplicity of using these Web-based interfaces. This takes the hassle out of deciding what to buy and the requirement to have to think about account coding.

So my advice, to all Australian organisations with over 100 staff that are able to buy things, is to take a close hard look at protecting your bottom line.

eProcurement and spend control is the most sensible approach and best investment your company will ever make, not only in the difficult times but when the good times return.

Scott Graham, Director and spend control specialist for Kinetic Information Systems

Is there a need for a fresh approach to cyber security?

by roger on February 16, 2012 · 0 comments

In the last 12 months I have been harping on about changing the way that business approaches cyber security.

I have noticed in that time that there has been a drastic increase in the number of breaches by high end business and enterprises.   These business have either exposed our private information, inconvenienced us due to not supplying their services correctly or scared us by not treating our information with the respect that it deserves.

cyber-security-small-business

I am not one of these people who are going to bag them without offering some level of advice.   What all business needs is a whole of business approach to business security.   No matter what your size and number as a business.  It is no longer in the realms of the ICT department it has to include management components, it has coal face components with all of your workers and it also includes technology.

So what am I talking about.   My whole of business approach to business security has three components. The first component is technology, so this includes hardware and software.   It doesn’t matter what your are using in regards to hardware or software as long as it configured correctly, and used correctly.   The second component is the command and control required by the business to manage the business information and the final component is the business sustainability.   The best component is that the whole of business security components are designed to enforce each other and also grow with changes without having to reinvent the system every time that you add a new component or technology.

These three areas in combination create a stable and resilient business.   It allows the business to not only protect itself but makes the business compliant with internal and external requirements and react to change bot good and bad.

So the next question is how to implement this system to ensure the business you are in is as secure as possible.    For more information then go to our web site and complete the form.

Disaster prone but prepared: Save your data

by MSparkes on February 16, 2012 · 2 comments

It’s difficult for businesses to put an exact value on their stored data – whether it is the archived e-mail trails, the scanned contracts or the saved art work on the server, losing your business data can be a costly and time-consuming misfortune to every business regardless of its size. It may even mean the end of a business, in some cases.
Data loss events can arise from a simple mistaken erasure of a critical file, or from a more serious process crash or a data storage failure. However, data losses, defined as losses of any vital information, can also occur in less expected ways. For example, consider information stored on a laptop used by an employee. If that laptop is lost, its data is usually permanently unrecoverable. Another less expected but even more catastrophic data loss could occur in the event of a natural disaster.

small business data recovery
This year’s natural disasters around Australia have had a significant impact on businesses. While larger businesses usually have the ability to re-route work to their other offices, many small businesses have been caught out by the disruption to their day-to-day business dealings.
Researches into data loss have shown that 60 per cent of companies that lose their data will shut down within six months of the disaster (The Cost of Data Loss, Harald Anderson); while companies that aren’t able to resume operations within ten days (of a disaster hit) are not likely to survive (Strategic Research Institute).
But it’s not all doom and gloom. The ill effects of a data loss can be greatly mitigated through the implementation of proven backup and recovery infrastructure and a well-defined data protection process. With the rise of cloud computing, small businesses can look into safer ways to store their information as the data is stored off-site, perhaps far away, whereas local tape and disk backup could be destroyed if a natural disaster hit.
Over the last couple of years, third-party cloud backup (such as solutions offered by Amazon or Flickr) has gained popularity with small offices and home users because of its convenience and ease-of-use. Capital expenditures for additional hardware are not required and backups can be run automatically without manual intervention. And last but certainly not least, it’s the peace of mind that cloud backup provides to businesses as they don’t have to worry anymore about the unexpected yet possible event of a natural disaster destroying the data that is invaluable and vital information for every business.

By Mike Sparkes, Manager, Backup Recovery Systems Division, EMC ANZ

Why are good home techs so hard to find?

by roger on February 15, 2012 · 2 comments

To anyone who has been in the situation where their home computer has either been infected with a virus or has had a hard drive failure then you have probably noticed how hard it is to get a technical person in to recover the information.

I was in a computer store a couple of weeks ago and a customer had come in with a high end computer.   The computer had been infected with a virus and all of the data was inaccessible.   The owner was understandably upset with the situation but he was more upset when the technician told him that the computer had to be rebuilt from scratch and the information was not recoverable.

Recovery of home data is usually a lot harder at a technical level than it is for a business.   You are probably arguing why?   The technology is the same and the data is the same it is the fact that the home and family computer is usually a extension of their life.   Most home computers not only have personal information, photos, email and letters but it also has a large number of little applications that store their configuration data in no standard locations.

home technicians for home pc

Yes most home computers have a backup, but it is usually just a backup of the ” my documents”  folder, if you are lucky then it also the desktop as well.   Not many home users take a complete snapshot of the hard drive which includes everything, even if this is done every month or two.

There are some very good inexpensive backup software systems available.   Most of them are basic but there are a number of systems that do it all, back up to an extra hard drive as well as to the Internet.   A little more expensive but definitely worth the cost.

So if your home computer fails, you will need a technician that knows what he is doing and also is focussed on YOUR requirements.  Most technicians are lazy and will take the shortest way of recovery, this is usually doing a rebuild, but if you hear of a good one or already know one then let the world know because they are a rare breed.

Disaster prone but prepared: Save your data

by admin on November 17, 2011 · 0 comments

It’s difficult for businesses to put an exact value on their stored data – whether it is the archived e-mail trails, the scanned contracts or the saved art work on the server, losing your business data can be a costly and time-consuming misfortune to every business regardless of its size. It may even mean the end of a business, in some cases.

Data loss events can arise from a simple mistaken erasure of a critical file, or from a more serious process crash or a data storage failure. However, data losses, defined as losses of any vital information, can also occur in less expected ways. For example, consider information stored on a laptop used by an employee. If that laptop is lost, its data is usually permanently unrecoverable.

data
Another less expected but even more catastrophic data loss could occur in the event of a natural disaster.

This year’s natural disasters around Australia have had a significant impact on businesses. While larger businesses usually have the ability to re-route work to their other offices, many small businesses have been caught out by the disruption to their day-to-day business dealings.

Researches into data loss have shown that 60 per cent of companies that lose their data will shut down within six months of the disaster (The Cost of Data Loss, Harald Anderson); while companies that aren’t able to resume operations within ten days (of a disaster hit) are not likely to survive (Strategic Research Institute).

But it’s not all doom and gloom. The ill effects of a data loss can be greatly mitigated through the implementation of proven backup and recovery infrastructure and a well-defined data protection process. With the rise of cloud computing, small businesses can look into safer ways to store their information as the data is stored off-site, perhaps far away, whereas local tape and disk backup could be destroyed if a natural disaster hit.

Over the last couple of years, third-party cloud backup (such as solutions offered by Amazon or Flickr) has gained popularity with small offices and home users because of its convenience and ease-of-use. Capital expenditures for additional hardware are not required and backups can be run automatically without manual intervention. And last but certainly not least, it’s the peace of mind that cloud backup provides to businesses as they don’t have to worry anymore about the unexpected yet possible event of a natural disaster destroying the data that is invaluable and vital information for every business.

By Mike Sparkes, Manager, Backup Recovery Systems Division, EMC ANZ

← Previous Entries