The Best Practices for Email Security Webinar

Last week we kicked off our Webinar Series.

Modern attacks are rapidly growing in volume and sophistication.

All it takes is for one employee to open a single malicious attachment, or click one infected link, and your company’s entire cybersecurity is put at risk.

Due to these actions being so simple and common – opening an email, following a link to a website – it is becoming more difficult for companies to increase their security. However, with the addition of robust employee user training, your business can reduce the risk of staff members opening the door to digital attackers. Modern attacks are rapidly growing in volume and sophistication

Watch our Webinar on Best Practises for Email Security to learn important ways to protect your business. 

Hosted by Mark Lukie from Barracuda Networks alongside our Senior Solutions Architect, Jarred Jenkins.

Stay tuned for more upcoming webinars.



Company Updates

The month of February 2019 saw some changes in our staffing.

Welcome to Ojas Bhagat (System Engineer, Team Leader)

Ojas is a familiar name for some or our clients, as he has previously worked with us.. Ojas has returned to AB Technologies after exploring other career options. As team leader of the Systems Engineering group Ojas will help the team become even more focused on your success, while he himself will bring extra experience from working for successful other MSP’s.

The SE group had another new member in Campbell Duncan (System Engineer ).

Campbell has been working in our Service Desk team since starting with ABT in September last year. Due to his ongoing development and excellent skillset he has been promoted to the role of Systems Engineer.

Congratulations Campbell!

Another promotion was for Wayne Kirby. (Technical Consultant)

Wayne has been with us since July. He has worked in the Systems Engineering group with great success and has proven to be an invaluable asset to the team. Wayne’s skills and experience have now helped him to become our newest Technical Consultant. As TC Wayne will be the endpoint for the most complex technical issues and will become a technical account manager for some of our clients.

We’re looking forward to having Wayne in this role. Congratulations Wayne!

It is official, ABT now has a local staff presence in Western Australia and Victoria.


Sergey (Serge) Mironenko (Systems Engineer – Western Australia)

As our business in Western Australia is growing, we have had an internal staff member working from Perth. To further solidify our position in WA we have now hired Sergey (Serge) Mironenko. Serge will work with our client base in WA and be a valuable part of our systems engineering team. Welcome to Serge!V


Nick Jennion (Technical Consultant – Victoria)

Equally important to our geographic heatmap are our clients in Victoria. We now have our technical consultant Nick Jennion based out of the Melbourne area, servicing clients locally. If you would like Serge or Nick to visit your office for an onsite consult, please let us know and we will make this happen.

Windows Patching Q & A

Windows Patching Q&A

Q: On my invoice I now see Managed Server Patching. What is that?

Alliance Business Technologies manages the installation of Microsoft updates on your servers and workstations. Microsoft updates are important patches to your operating systems. They ensure stability and safety and keep your IT secure. Systems that are not updated are vulnerable to attacks and become a big risk to your company.

Q: Why am I being billed for patching?

A: Patching previously was not covered in your agreement. We would alert you if your servers were out of date and install patches upon your request. We then would invoice you separately for this work. This caused unexpected cost and increased risk for you. We have now covered patching in your agreement. You are billed for $45 per server per month. If your server systems were patched frequently in the past, this should not be an increase. We are simply spreading it per month.

Q: What about workstations? I thought you were patching them too?

A: Previously Windows Updates on workstations were managed by the operating system. This means updates were installed without our involvement. We now also manage the installation of patches on your workstations, as long as we have a maintenance agent installed on them. We will charge you a fee of $4 per month for the maintenance agent.

Q: Why are you not yet charging me for the workstations?

A: Technically we are not charging for workstation patching. We will need to charge you for the installation of our management agent. The patching service itself is free of charge. However, we have received some feedback from a small number of clients about the stability of the notifications the agent sends out for workstation patching. In a few situations this has caused a workstation to restart in the morning without notifying the user. While we work this out we will not charge you for the workstation agent. Server patching is working flawlessly and as expected.

Q: What if we have problems after patching?

A: Unfortunately, Alliance Business Technologies does not have control over the patches Microsoft develops, your internal applications and their dependence on the updates or your hardware. Should a Windows Update cause an issue on your workstation or server we will do everything possible to fix the issue, but if your managed service agreement doesn’t cover support, we may need to invoice you for this. Please speak to us if you would like to include support in your agreement and enjoy the benefits of all-inclusive management and support.

Q: The numbers seem incorrect. What do I do?

A: The quantity of workstations and servers comes directly out of our management system. If you believe they are incorrect, please let us know immediately. If the number is too high it is possible that you have devices you were not aware of. We can tell you what they are, and you can check. If the quantity is too low there may be machines without a management agent on them. That is risky because those devices are not patched and may not have adequate protection.

Please don’t hesitate to contact us if you have any questions.

Email: Support@abtechnologies.com.au

Phone: 1300 705 062

Securing your Web Site with HTTPS to build trust with your audience.

Chrome web browser is now marking all HTTP sites as “not secure”.

 

 

 

 

 

 

 

 

Chrome used to display a neutral information icon, but starting with version 68, the browser will warn users with an extra notification in the address bar. Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign.

Google has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google search began down-ranking unencrypted sites in 2015, and the following year, the Chrome team instituted a similar warning for unencrypted password fields.

The Chrome team said the change was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of Chrome traffic is already encrypted.

If your website is not currently defaulting to “https://” or cannot be viewed via “https://”,
then we can help.

For further information, please get in touch.

Phone: 1300 705 062

Email: Sales@abtechnologies.com.au

 

Cyber Safety at Tax Time

It’s tax time and the common scam email informing that you’re eligible for a tax refund is doing the rounds again!

Scammers are becoming more sophisticated, so sometimes it can be hard to know whether a message is really from the ATO or a scam.

In 2017, the ATO received over 81,000 reports of scams with $2.3 million reported lost and almost 10,000 people divulging personal information.

Australian Government Releases Warning about Current Tax Scam Email

The email, which has the subject line ‘Important information regarding your account’, includes the myGov logo and claims to be from the myGov team. Instead, the email is a phishing scam designed to steal your personal and financial information.

 

 

 

 

 

 

 

 

 

 

 

The form asks for your name and contact details, your myGov password and your credit card number.  After you supply this information and click the ‘Continue’ button, you’ll be automatically redirected to the myGov website. By then it’s too late and the scammer has your details.

 

 

 

 

 

 

 

 

 

 

 

 

The scammers use this information to commit credit card fraud and identity theft.

If you receive an email like this one, do not click any links or open any attachments.

Remember: the ATO and myGov will NEVER send an email or SMS asking you to click on a link and provide login, personal or financial information, download a file or open an attachment.

Tips for Staying Safe

Know the status of your tax affairs. If you are aware of the details of any debts owed, refunds due and lodgements outstanding, you are less likely to fall victim to a scam.

Here are some simple steps you can take to avoid an email scam:

Tax Tips Infographic

Where to go for more information

Why Upgrade and Finance your New IT Infrastructure

Whether it is to keep pace with modern technology, to accommodate growth, or most importantly, improving your business’s security, the reality of undertaking a business venture is that from time to time you will be required to put money into what essentially runs your business; your IT infrastructure. Although this may require investment, staying put with your current setup can actually become more costly in the long run.

The quickest way to determine if it is time to upgrade; if you’ve gone 3+ years without making any IT infrastructure updates, then it’s time.

IT products and solutions that have provided a foundation for small businesses 2 years ago are often not adequate to offer full protection against current threats

Signs you need to upgrade your IT Infrastructure

Continued use of IT infrastructure after its manufacturer’s warranty has expired is arguably the greatest danger you can introduce to your organisation’s business continuity. Since a server “serves” all other computers on your network, if it is not operational, all affected employees are suddenly taking a very expensive coffee break.

Additional factors that go against continued use of an out-of-warranty server included reduced security and increasing problems with compatibility. The life-cycle of a server should be directly tied to its manufacturer’s warranty.

Have you experienced any of the below factors?

  1. Your system was breached: The biggest warning sign of all is experiencing a security breach. If your system experiences a breach in any shape or form, your team needs to immediately review your infrastructure’s security. Even the smallest email phishing scam can reveal big problems with your company’s security measures.
  2. You don’t have enough storage space: If your employees are receiving ‘insufficient storage space’ messages, your infrastructure needs to be re-evaluated. Regardless of if it’s their computers or the company cloud, running out of storage has unfortunate repercussions for productivity. Not only does it prevent your employees saving the documents they require, but it can also result in your systems running slowly due to the system over-load.
  3. Your employees are all using different hardware: When employees join your team at different times, they may end up using different hardware. However, having inconsistent IT in your company leads to a multitude of issues. Compatibility issues can arise with software and documents, as well as control and management issues.
  4. You Don’t Have Hybrid Data Backups: Cybercrime will cost businesses worldwide more than $2 trillion by 2019, according to a Juniper Research study. Counter to what many small business owners believe, having a small business will not protect them from cybercriminals. The only guarantee against data loss and excessive downtime – is having your data both backed up and readily accessible.  For modern business, the new minimum standard is a data backups management solution that is both on- and off-premise.
  5. Your IT Solutions Cost Too Much Time and Money Many businesses take a fix-it-now-and-deal-with-it-later approach when dealing with their IT issues. However, using this method will cost you more money in the long run. Implementing a solution that lets you manage your IT assets as a cohesive system can improve the performance of your IT infrastructure.
  1. Your applications are super slow If the company’s applications are running slowly, your employees can’t work to their full potential. This can happen for a number of reasons, including low storage space, inefficient software, or malware on your hardware. Regardless of the reason, long loading times slow down your operation, making this is a huge warning sign you need to upgrade your system.

If your company has experienced any of the above, then your company may not meet the minimum requirements to keep your company efficient and secure.

Risks involved if you do not upgrade your Infrastructure

Consider business downtime to recover, the potential for extended downtime, and the overall increased risk to business continuity. In the case of disaster, consider the cost to your business if your systems go down for 48 to 72 hours, and the effect on your business obligations. Can your business afford these risks?

IT Infrastructures are at a greater risk of cyber-attacks without proper System support services. Machines with Windows XP & other outdated Windows Server Licencing are no longer supported by Microsoft. Without critical Windows security updates, IT Systems are vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage business data and information. Antivirus software will also not be able to fully protect you once a Windows OS itself is left unsupported.

Outdated IT Infrastructures may not meet the minimum requirements for implementing Advanced Threat Protection Services and Security Solutions.

Whilst we do not know what the future will bring for your business, ensuring your IT infrastructure is as prepared as possible will ensure growth can always be on the agenda. New technologies bring a variety of benefits to your business, will help you meet the demands of your market, avoid downtime and save money.

How can I finance my IT Infrastructure?

We understand that investing in your IT can become a costly venture. If you’re going to invest in new IT infrastructure, consider the future. Where do you see your business in five years? Do not be afraid to be optimistic; it can serve you well. Getting the bare minimum to meet your needs now may cost you in the long run.

More and more clients are finding that using a Finance company to fund their new IT Hardware is a quick and seamless process, removing the burden of paying large upfront costs that can vary from $40K to $100K+.

One option we can provide our clients is to ‘lease their hardware’. Just like leasing a car, you make monthly payments and at the end of your contract, you can choose to buy or swap it out for a new one. It is, of course, more expensive to lease than buy your own, but for businesses who cannot afford the upfront costs of an upgrade, it can make the cost more manageable.

Benefits of Financing your Hardware

  • Optimise Cash flow
  • Reduce costs, improve return on investment (ROI)
  • Qualifies for off Balance Sheet reporting
  • Simple accounting as an operating expense
  • Preserves Working Capital
  • No residual liability
  • Flexibility to upgrade to new Technology at any time
  • Flexibility to add on options or components as required.
  • Flexibility
  • Preserves Cash and Credit Lines
  • Operating Expense
  • Preserves working cash
  • Improves and facilitates Implementation
  • Turns IT into an operating expense

To find out more about the benefits of financing your IT Upgrade click here.

If you are interested in upgrading your current IT infrastructure and increasing your business continuity, please give us a call to discuss your finance options.

P: 1300 705 062

E: sales@abtechnologies.com.au

 

 

Why You Should Ensure Your IT Infrastructure Is Compliant

As you are all aware in February of this year, the Notifiable Data Breaches Scheme commenced in Australia. You as an entity now have the obligation of reporting when a data breach is likely to result in serious harm to any individuals whose personal information is involved in the breach.

With the ongoing issues of Data Security and Cybercrime, the European Union has just released their own Data Protection Policy: the General Data Protection Regulation, also referred to as GDPR. This regulation ensures there is one set of data protection rules for all companies operating in the EU, wherever they are based. The most important aspect of these new laws is ensuring your own Company Data is protected and secure. With new threats emerging every day, the risks of not securing your network is more dangerous than ever, especially for companies. Verizon stated that 61 percent of breach victims in 2017 were businesses with under 1,000 employees.

With security and compliance an integral aspect of all companies, in recent months we have been contacting you by either email or phone to discuss your IT infrastructure. Please take these calls and Security Audit notices with serious consideration. If you receive tickets that our technicians are investigating excessive log-in attempts, and request a security audit – please do so. With businesses falling victim to a ransomware attack every 14 seconds, there is no time to waste. We as your Managed Services Provider are doing our best to make sure your company is safe & secure against all threats; however, we need your cooperation to do so.

There’s no question that the situation with cybercrime is incredibly serious. It is not a matter of if you will get targeted, it is when. Products and solutions that have provided a foundation for a small business’s IT 2 years ago are often not adequate to offer full protection against these current threats.

There is no single solution that will fully protect your business, and some businesses may not be able to implement all the recommendations to be fully compliant. Our aim is to provide the required information and recommendations necessary for the business owner to make an educated decision on security and business continuity.

Below are the top 10 minimum requirements for all businesses to consider for increased security:

  1. Enterprise Grade firewall with Advanced Threat Protection for on premise data.
  2. Implementation of VPN for remote access into the business.
  3. Ensure on premise data is backed up to dual destinations, including one off-site.
  4. Implement Advanced Threat Protection on all incoming emails to protect against malicious links.
  5. Migrated emails to Office 365 where possible to reduce the risk of downtime
  6. Ensure all server Hardware is in warranty and all software assurance is maintained
  7. Ensure Office 365 is backed up , including Mail Archiving.
  8. Understand the business continuity plan and time to recovery (virtualisation, live backups)
  9. Draft a Business Disaster Recovery Plan.
  10. Undertake Regular Network and Security Audits including passwords changes.

We want to ensure your company IT infrastructure if as secure as possible. If you would like to discuss your security options further, please contact us sooner rather than later.

P: 1300 705 062

E: sales@abtechnologies.com.au

 

The Dangers of Phishing – Help Employees avoid the Cybercrime trap

To help you be more informed and proactively educate your employees on phishing attacks, we have curated this blog and e-book. In this blog and e-book you will learn the most common types of phishing attacks, how to spot them, tips to protect your company and educate your employees.

What is Phishing?

Phishing is an email that impersonates a legitimate, trusted sender with the goal of collecting sensitive data such as financial data or login passwords. Phishing emails typically contain a malicious link or attachment that install malware or link to a malicious website that lures users into providing information that can later be used for identity or data theft.

Phishing emails are sent to very large numbers of recipients, usually at random, with the expectation that only a small percentage will respond.

Why Phishing is Important

Phishing is an extremely common form of email attack. It is particularly dangerous because it relies on human behaviour. For example, a phishing email might claim that the user’s bank account is overdrawn and require the user to create a login account to access the fake bank website. Since people often use the same password for multiple accounts, the attacker can use the password supplied by the user to try to get into other real accounts owned by that user.

The most commonly reported scams to the ACCC (Australia Competition and Consumer Commission) in 2017 were phishing, reports to the ACCC indicated these scam types all increased in reported losses which surpassed $4.6 million in 2017.

However, the true cost of these kinds of scams are often not felt right away as the scammer’s primary aim is to obtain personal and banking information for future use.

Types of Phishing Scams

1. Deceptive Phishing

What it is: The most common type of phishing scam, deceptive phishing refers to any attack by which the attacker impersonates a legitimate company in an attempt to steal your personal information or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing the attackers’ bidding.

For Example: Scammers claiming to be from a Bank might send out an attack email instructing you that your account has been frozen unless you click on the link provided and enter your account information.

2. Spear Phishing

What it is: Spear Phishing attacks are a personalised way for hackers to target you. Unlike phishing, which are sent in mass to target any user, spear phishing emails target a single person. Criminals select an individual target within an organisation, customize an email inclusive of your name, position, company, and work phone number, gathering this information through social media platforms and other public information. Their goal is to make you think they have a connection, which will lure you into clicking on a malicious URL or open an email attachment.

For Example: A spear phishing email may appear to come from organization’s HR department asking you to verify your benefits policy information.

3. CEO Fraud

What it is: CEO Fraud is when the attacker has successfully spear phished a CEO or other top executive of the company, and they have managed to steal his or her login credentials.

For Example: The attacker then sends an email from the CEO’s account, or creates a new domain name that is off by one letter or number and duplicates the CEO’s credentials, and requests that employee performs a wire transfer of funds to a financial institution of their choice.

These types of attacks rarely set off typical spam traps because they’re not mass emailed – the victims are carefully targeted by the attacker.

4. Pharming

What it is: While phishing attempts to capture personal information by getting users to visit a fake website, pharming redirects users to a fake version of a legitimate website you are trying to visit. This is done by infecting your computer with malware which causes you to be redirected to the fake site, even if you type the real address or click on your bookmarked link.

For Example: Office 365 Phishing

Emails can contain links that open a phishing page hosted on a compromised WordPress site. The scammers behind this attack have set up their phishing page to look like an Office 365 sign in portal.

The objective of the scam is to harvest victim’s login credentials when they sign into the fake portal.

How to spot a Phishing Attack

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Tips to Protect your Business & Educate your Employees

  • Educate all employees and raise awareness of the dangers of Spear Phishing through training.

 

 

 

 

  • Keep your system and programs updated. Install (and use all the features of) a reliable security solution, including vulnerability scanning, patch management, and advanced malware detection.
  • Users need to be cautious and aware of all websites they are accessing, ensuring they are mindful of what files they are opening on corporate computers and devices.
  • Companies need to avoid listing employee names on their company website.
  • All employees need to be aware that Company data and information is an extremely valuable commodity on the cybercriminal market.
  • Users should inspect all URLs carefully to see if they redirect to an unknown website. They should also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email.
  • Companies should consider amending their financial policies so that no one can authorise a financial transaction via email.

Take Action to Defend Your Business

Real-Time Spear Phishing and Cyber Fraud Defense — Barracuda Sentinel is the only solution in the market that can automatically prevent email account takeover. It utilizes AI to learn an organization’s communications history and prevent future spear phishing attacks. It combines three powerful layers: an artificial intelligence engine that stops spear phishing attacks in real time, including emails that originate from within the company; domain fraud visibility using DMARC authentication to guard against domain spoofing and brand hijacking; and fraud simulation training for high-risk individuals.

Head to our webpage to download your Sentinel Data Sheet.

Traditional Email Security Solutions are not Enough

Spear phishing emails are highly personalized. They also happen in a much smaller volume than traditional spam or phishing, and typically they do not contain malicious attachments or links. Because of this, they very difficult to detect using existing email security solutions that rely on volume, rules, or heuristic-based detections. Instead, spear phishers engage in real human conversation with the victim. The messages are very compelling social engineering attacks that ultimately give instructions within the body of an otherwise clean email, making them virtually undetectable with traditional solutions.

Phishing attacks can be enormously costly and destructive, and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company from financial and reputational damage, now. Effective cybersecurity requires a multi-layered strategy.

You will significantly reduce the risk of malicious email entering your network. Please contact one of our team members today about your company’s cybersecurity needs.

p: 1300 705 062

e: sales@abtechnologies.com.au

Alliance Business Technologies is Proud to Announce…

ABTechnologies is proud to announce that in May this year we have been awarded two ‘Top Performing Partners for 2018’ awards.

‘Cloud Market Place Partner of the Year’ for Australia at the 2018 Cloud Summit in Florida, USA, and ‘Growth Partner of the Year’ as well as ‘Technical Excellence’ at the Barracuda Networks Awards.

Our Operations Manager, Troy Radloff, flew to the United States to accept the award on behalf of ABTechnologies. The annual awards spotlight Ingram Micro channel partners worldwide who have exhibited a high level of innovation, advocacy, performance and sales success with Ingram Micro and the Ingram Micro Cloud Marketplace. Ingram Micro Cloud identified channel partners who have demonstrated an unparalleled commitment to reinventing the customer experience in the connected economy and driving new cloud capabilities through the Cloud Marketplace. These partners have all demonstrated the ability to help end users transform digitally using cloud technologies. Other criteria used to determine this elite group included overall cloud business growth, peer-to-peer leadership, and level of engagement and alignment with Ingram Micro.

Three of our team members attended Barracuda Networks ‘Big Fish’ Event along with several other Barracuda partners. This is the first year we have attended the event and were honoured to receive three awards. One which we are particularly proud of is our award for Technical Excellence, this award is based on the quantity of achieved technical certifications for the year. We would not have been able to achieve any of these awards without the dedication from our team, and would like to take this opportunity to thank them.

We look forward to achieving more goals as the year goes on.

 

 

 

Privacy Awareness Week 2018

We are proud to be a supporter of this year’s Privacy Awareness Week (PAW).

This PAW is all about promoting privacy as part of everyday business. Running from 13 to 19 May, the
theme ‘Privacy: from principles to practice’ focuses on the need for organisations to develop and reassess
systems, processes, culture, and practice to make sure the protection of customers’ personal information
comes first.

Your privacy and personal information is valuable to us, which is why we are a PAW 2018 supporter. To
help you understand how we handle personal information, read our privacy policy here: http://www.abtechnologies.com.au/privacy-policy/

You can get involved in PAW by discussing privacy and taking steps to handle your personal information
with care. Here are a few quick tips you can use today:

1. Read the privacy policy of any new app or website where you enter personal information
2. Use passwords with a combination of letters and numbers, which aren’t easy to guess that are over
eight characters
3. Check the privacy settings on your social media profiles and change them to your preferences
4. Respect other people’s privacy – ask for permission to post images or videos where they are
identifiable
5. Check for the padlock symbol and “https” at the start of a URL – this indicates that the website is
secure.