The ‘Flexible’ Culture Shift

In recent years, flexible working conditions are becoming increasingly popular, and with COVID-19 causing businesses to assess new strategies and processes to maintain the frontline, the emphasis to move to a modern workplace has only been accelerated.

Understandably, some business owners may fear that this shift in culture may lead to less collaborative work, or hinder business processes with the struggle to manage staff remotely. However, what many business owners fail to realize is that creating a tailored approach to providing a flexible work environment has many benefits moving forward.

Learn from the experts

In 2016, Vodafone conducted one of the largest global surveys of its kind, which drew on responses from small and medium-sized businesses, public sector organizations and multinational corporations within three continents. From the 8,000 employers and employees surveyed, 83% of respondents reported an improvement in productivity, with 61% stating their company’s profits had increased, and 58% believing that the flexible working policies had an enhanced positive impact on their organizations reputation.

“Vodafone’s research reveals a profound and rapid shift in the modern workplace. Employers are telling us that flexible working boosts profits while their employees tell us they’re more productive. Central to all of this are the new technologies that are reshaping every sector, from high-speed mobile data networks and fixed-line broadband to the latest collaborative cloud services. We truly are in an era when work is what you do, not where you go.”

Nick Jeffery, Vodafone Group Enterprise Chief Executive: <https://www.vodafone.com/business/news-and-insights/press-release/vodafone-survey-reveals-rapid-adoption-of-flexible-working>

Benefits to a flexible work environment

With greater flexibility for employees, there is a positive flow-on affect for both the employee and the employer.

  • Greater flexibility equals happier employees, enabling a greater work-life balance, and ability to engage in activities that contribute to their personal growth and professional development. 
  • Greater employee engagement at the workplace, thereby increasing productivity and decreasing absenteeism.
  • Boost the business’s bottom-line by increasing staff retention. Studies show that replacing an employee earning a median salary of $45,000 a year could cost up to $15,000.
  • A business completive advantage, with an increasing number of workers prioritizing flexibility over higher invoice, with the ability to hire highly-talented staff that may not normally be accessible.

Adopting a business intelligent strategy

Moving to incorporate a flexible work policy may seem overwhelming, however with the right tools and technology in place will ensure that business continues to run smoothly.

  • Adopt Modern Technologies: Leverage technologies that encourage teamwork and streamline business processes; such as project management systems, Microsoft PowerBi, and Microsoft Teams. Cloud-based systems and collaborative software provide new platforms for analytical insights, drive competitiveness, and business growth.
  • Modern Workplace Training: Employees aren’t necessarily familiar with how to work in a remote environment efficiently. Through adequate training, communication and teamwork will be done with ease using through virtual cloud-based platforms.
  • Communicate, Communicate, Communicate! It is important to schedule weekly or daily team meetings virtually to ensure staff feel connected and reduce email dialogue. Make it an essential part of your daily culture.
  • Consistency is key. Create a culture and work environment based off of trust and respect. Ensure that the flexible work policies have been made clear, and available to all employees to benefit from.

Looking to join the movement? Book some time with one of our consultants and see how we can help your employees and your business adapt to the change.

Citation: Karum, Louise. Why SMEs Should Embrace The Flexi-Time Movement. Entrepreneur, 2018.

Signature Roaming for Office 365

Outlook VS CodeTwo Signatures

Microsoft have announced changes to the way Outlook stores email signatures expected in Q4 of this year.  As there is a lot of inaccurate information out there, we’ll explain the update and how it compares to third-party email signatures like CodeTwo.

What are the current changes to Outlook stored email signatures?

Email signatures in Outlook for Windows now roam across devices. Traditionally, signatures were stored locally on your Windows device, and users had to recreate the signature on each device used.

The roaming signatures feature will be available to users with mailboxes on Microsoft 365 or Outlook.com. Accounts hosted on on-premises exchange servers, or utilizing POP/IMAP will not be able to roam their signatures at this time. 

What are CodeTwo Email Signatures for Office 365?

This service allows admins to centrally create, deploy and manage email signatures and disclaimers for all users in an organization. In the video below, you can see how difficult this task can be if it is handled by users themselves.

Microsoft 365 admins with provided permissions can use the Manage Signatures App to set up unified signature templates without engaging staff. The app helps create signature templates and rules that specify who and when these templates should be added to emails.

Comparison of Outlook roaming signatures and CodeTwo Email Signatures for Office 365

The new feature changes nothing for companies that use third-party email signature tools because these tools address completely different problems. Take a look at the table below to compare native signature cloud settings in Outlook with CodeTwo’s email signature solution.

 CodeTwo Email Signatures for Office 365Native signature cloud settings in Microsoft Outlook
Will save Outlook signatures in the cloud, like Outlook on the web (OWA), and accessible on all Windows-based PCs
Works with mobile devices and other email clients
Central email signature management for the entire company or selected groups of users
Support for all email clients and devices (including mobiles)
Setting up different signatures for internal and external emails
Signatures inserted automatically based on rules
Email signatures in encrypted messages
Azure Active Directory synchronization (user info automatically added to signatures)
Scheduling email signature campaigns
Delegation of email signature design and management to specific people or teams
Unified visual identity across the entire company
Automatic conversion of plain text emails to the HTML format (signatures in emails sent by mobile devices look the same as those sent from PCs)
Signature editing blocked for all/selected users
One-click customer satisfaction surveys in email signatures
Signatures added/removed by specific keywords in the email body

We hope this article has helped to answer some of your questions regarding your businesses’ email signatures. If you would like to express interest in moving to an Email Signature Management tool like CodeTwo, or request more information on the article, please don’t hesitate to contact us.

Password Lock

What are Passphrase Passwords?

Whether you are accessing emails on your smartphone or documents on your work PC, you will typically be asked to prove who you are by providing credentials. Passwords can be hard to remember but then again, a password that lacks complexity can quickly become a weak gateway allowing an unauthorized person to read your emails and compromise your identity. To improve your security and reduce risk we recommend using a phrase or sentence, not one word, as your password​.

What is brute force cracking?

The challenge we face in an evolving digital world is that there are developers out there creating sophisticated and effective methods to brute force passwords. This cyberattack method is basically the activity of systematically submitting millions of character combinations in an attempt to work out the key (or encryption algorithm) to decrypt and gain access into your system. There are, however, things you can do to strengthen the complexity of your password.

What makes ‘passphrases’ stronger than normal passwords is not only are they unique and easier to remember, but the longer and more complex the passphrase the better.

Let’s do a quick ‘What? Why? And Where?’:

What is a Passphrase? – Using a phrase or sentence, not one word, as your password.

A passphrase is similar to a password. It is used to verify access to a computer system, program or service. Instead of using one word, you use a sentence to authenticate.

Passphrases are most effective when they are:

  • Unique – not a famous phrase or lyric, and not re-used
  • Longer – phrases are generally longer than words
  • Complex – naturally occurring in a sentence with uppercase, symbols and punctuation
  • Easy to remember – saves you being locked out
  • Used with multi-factor authentication.

Why use a Passphrase? – Greater security & more convenience.

  • Harder to crack against common password attacks
  • Easier to remember than random characters
  • Meets password requirements easily – upper and lower-case lettering, symbols and punctuation

Where do I use Passphrases? – For all fixed and mobile devices.

Passphrases will significantly increase security across all of your business’ devices.

The below comparison chart is a security breakdown of Passwords vs Passphrases, and how much it costs on the dark web to break through its security.

PASSWORD/ PASSPHRASE TIME TO CRACK EASY TO REMEMBER COMMENTS
Brute Force Attack Dictionary Attack
password123 Instantly Less than AU$0.01 Instantly Less than AU$0.01 Very Easy (too easy) One of the most commonly used passwords on the planet.
Spaghetti95! 48 hours AU$587.50 Less than half an hour AU$6.10 Easy Some complexity in the most common areas, and very short length. Easy to remember, but easy to crack
5paghetti!95 24 hours AU$293.70 Less than 1 hour AU$12.20 Somewhat Easy Not much more complexity than above with character substitution, and still short length. Easy to remember, but easy to crack.
A&d8J+1! 2.5 hours AU$30.60 2.5 hours AU$30.60 Very Difficult Mildly complex, but shorter than the above passwords. Hard to remember, easy to crack (against BFA).
I don’t like pineapple on my pizza! More than 1 Year More than AU$107,222.40 More than 40 days More than AU$11,750.40 Easy Excellent character length (35 characters). Complexity is naturally high given the apostrophe, exclamation mark and use of spaces. Very easy to remember, and very difficult to crack.

Tips for using PassPhrases more securely

  • Use a different passphrase for different accounts.
  • Never share the method on how you create your passphrases with anyone.
  • Only log into workstations and devices that you can trust. Avoid using public computers to log into your accounts.
  • Multi-factor authentication is much more secure that passphrases, and adds a second layer of security.
  • Just remember mobile device PINs are no different to a password. The longer the password the better, and if possible, change to using passphrases or biometrics instead.

Who’s in charge? The need for third party (and internal) admins

We frequently receive requests from clients to grant administrative access to third parties or internal staff. Third parties often need some form of access to manage the application they are responsible for, and internal admins sometimes assist with running IT. ABT will generally be hesitant to provide these administrative credentials. Here is why.

Ultimately, we sign a contract with you where we take on responsibility for your network. We take this very seriously and run your IT like it is our own. We employ skilled staff, vetted for their abilities, security posture and personalities, and train them to develop their competencies and keep their knowledge up to speed. Surely there is the occasional mistake, and when that happens, we have a team of 40 staff and the backing of an industry channel to resolve the issue. And, very importantly, we have our staff sign NDA’s, so your data is protected.

Once we give “others” access to your network all of that is in vain. We do not know the people behind the often un-personal accounts we are to create. We do not know their skills, their level of risk-aversion or willingness to admit they did something wrong. Our systems and processes are kept protected with industry grade security standards. We are not saying we cannot be breached, but the chance is slim. Can your third party say the same? Remember they are only responsible for their application but can break your whole network, whilst they may not know the first thing about networks or servers.

And then the internal admins. We understand it is important for owners to have some level of access beyond that of the MSP. That completely makes sense. But to have an internal staff member have a fully operational domain administrative account or Office 365 global admin account often provides a risk. It is like going to the dentist and bringing your own drill. Of course, we get you to sign a document that waives all our responsibility in case something goes wrong, but we would rather not have to use that excuse. And don’t forget internal admins typically have access to all data, all email in your organization, including financial, salary and executive information.

In general, we will only provide the minimum level of administrative access required to get the job done for your third party or internal admin, and have these account have limited expiry dates. Ideally:

  • We don’t give our any administrative credentials other than an emergency admin account (the “break the glass” account), provided to the business owner “just in case”. Use of this account will be monitored.
  • Third parties can do their work while we log them in and look over their shoulder.
  • Your internal admin will have to trust us to do our job, and if access is required, only a limited level of access is granted.

Please understand we are not here to make your work harder, these measures are to protect you (and ourselves….)

The latest modern threat – The “Illicit Consent Grant Attack”

The latest cyberattack example to hit Australian shores is what has been called the “illicit consent grant attack”. Rather than simply trying to catch your password or duping you into clicking on a link that installs a virus, the criminals behind this attack are more sophisticated.

We all use “apps” in our daily life. Think of Dropbox or SalesForce as examples of an app. If you want to use these, you will need to give the app access to your data. Criminals can write their own Azure -registered apps and make them available to you. The app requests access to data such as contact information, email or documents. The attacker tricks a user to grant the application access through a phishing attempt (sending you an email with a link) or by injecting malicious code into a website. When you then grant access to the app, it has account-level access to all your data without the need to have an account. What is worse, if we find out you’ve been breached standard remediation actions such as resetting passwords, MFA and even restoring data from backup may not work. All because an “app” asked for access and a user clicked yes.

For now, ABT’s security team have disabled the ability for users under our management to grant access for applications in your tenant. If users are required to grant access, they will need to let us know and we can help them out. Similarly, we are analyzing the extensive list of applications that have been granted consent in our client’s tenants and reviewing these for known threats.

Users are to be advised:

  • Never click on a link in an email of which the source is not 100% trustworthy (better is to never click on a link)
  • Do not visit websites where applications can be downloaded and installed
  • Never grant an application unvetted access to company data

How can we help protect you?

The security landscape continually changes. New vulnerabilities and threats are discovered all the time. It is important for you to know that you can rely on ABT to protect you as well as possible.

It is a little bit like protecting your home. 100% guaranteed security is impossible, but if you take all the recommended precautions (lock all your doors and windows with proper locks, have a working alarm system (or a noisy dog) and leave a light on if you go away for a while) you may just have enough deterrent for someone with bad intentions to skip your house.

Data and Information security is no different. Some of the mitigation strategies you can use are:

  • Ensure Multi-Factor authentication is enabled and use it.
  • Have a strong password that you do not use in multiple places.
  • Let us manage Microsoft Windows Updates on your workstation so it is kept up to date.
  • Always make sure an email is from a trustworthy sender.
  • Never click on a link in an email asking you to log in to something.
  • Make sure your important data is always backed up.
  • Limit the third party and internal administrative accounts on your network.
  • Use a VPN (Virtual Private Network) to connect to the office when you work remotely.
  • Do not use public Wi-Fi when you are connecting to company resources.
  • Stay away from “Social Logins”, for example where Facebook allows you to log in to a service giving the service access to your data and email.
  • Use a password manager to store all your credentials, rather than saving them in your browser.
  • Limit revealing personal info on social media. The posts where people share their first concert, favourite restaurant, the name of their pet and where they met their significant other may be interesting to see for their friends, but it also provides data that can be used to access accounts.

Our security specialists can assist you with performing an extensive security audit on your systems to reveal vulnerabilities you probably were not aware of. Preventing information breaches to occur is better than going through the very costly remediation and restoration required after a breach.

Data Security Breaches – What you need to know

Almost immediately after clients started to work from home the number of data breaches increased. Our Information Security team, led by security specialists such as Jarred Jenkins and Damien Coultis, will pick up new cases of unlawful access to data, file encryption attacks and breached security perimeters almost daily.

Typically our engineers will first assess the gravity of the situation, ascertain if a breach is ongoing and whether personally identifiable information has been accessed. We will then take precautions to ensure forensic analysis is possible by taking a backup snapshot of the device (workstation or server) affected, and then start remediation so that you, the client, can go back to work as quickly as possible. Often we will need to restore data from backup and take precautions such as resetting passwords.

It is important to note that even though ABT security specialist are very knowledgeable, and trained to respond in line with industry standards such as NIST , ISO 27001 and the ACSC’s “Essential Eight”, ABT are not forensic data analysist. We can assist you in determining the seriousness of a potential attack on your data integrity but will always recommend you employ the services of information security forensic specialists. We can of course recommend partners and work alongside with them on your behalf. The responsibility to report personally identifiable data breaches to the OAIC however, will always remain with you.

EOFY1

EOFY 2020: Tax Tips – Instant Asset Write-off

As the end of the financial year (EOFY 2019-20) comes to a close, it is an appropriate time to review your IT and business alignment from these past twelve months and reflect on the success obtained to determine objectives for the forth coming year. 

Have you heard of the Federal Government’s instant asset write-off?

If you haven’t, you’re not alone. Research by American Express has revealed almost half of all small business owners are unaware of this initiative and that it could be of great help. 

Here’s a quick rundown on the instant asset write-off and whether it’s something you should take advantage of.


What is an instant asset write-off?

An instant asset write-off allows small businesses (with an annual turnover of less than $500 million, up from $50 million) to claim immediate deductions (up to an amount of $150,000, up from $30,000) for new equipment, such as physical IT hardware and infrastructure. The assets must first be used, or installed for use, in the income year you’re claiming for. 

The amount you can write-off will depend on when the asset was purchased and the associated threshold amount. 

Do note from July 1 2020, the instant asset write-off will only be available for small business with a turnover of less than $10 million, and the threshold will be $1000.


What type of purchases should I consider making?

If you decide to take advantage of the instant asset write-off, you should make the decision based on the needs of your business. For example, if you need to purchase new IT infrastructure your business operations to help productivity, improve security compliance, or achieve your business goals because it is in line with your business plan.


What if I make a purchase that is greater than the write-off amount?

The instant asset write-off threshold applies to the total cost of the asset, not just its taxable portion. Any purchases equal to or more than the threshold can be put into your small business asset pool, where you will be able to claim gradual deductions (depreciation) each year.


How do I claim the instant asset write-off?

If you buy an asset that comes under the threshold, you can claim the business portion of the asset’s use in your tax return for that financial year. 

You can claim a deduction for multiple assets as long as the cost of each individual asset is less than the relevant threshold. 

The ATO website provides examples of how to work out your instant asset write-off. For more information on the instant asset write off visit the Australian Taxation Office website or speak to your accountant or a qualified tax professional.

Business Continuity Planning

Will your employee be able to work from home in the event of a catastrophe or company lock down?
 
Disasters can come in all shapes and sizes. Over the last several months a number of disasters have affected the ability of  Australian businesses to operate, and as the world faces a continued risk with the COVID-19 (Corona) virus outbreak, now is the time to consider your business continuity plan (BCP). Being prepared for disasters mitigates much of the risk extended unavailability of your office presents to your business. A BCP considers these risks, and helps you assess the ability of your staff to work remotely, or from home.
 
The key is to define the roles of your staff members, and identify those that are required to keep critical business processes running during these unplanned and stressful circumstances. When this is established, you will need to consider how these users are going to access the network. Things to look out for are:

  • Can users access internal IT resources (files, devices) via a VPN?
  • Does the company have the required internal IT Infrastructure and applications available for workforce mobility?
  • Can Email and Office 365 be accessed externally?
  • Is Multi-Factor Authentication (MFA) in place to mitigate security concerns?
  • Do staff have critical software and business applications available on personal devices?
  • Do you have a suitable working remotely/from home policy in place to reduce WPHS risks

ABTechnologies can help you with finding the answers to these questions. Modern workplace technologies can assist you in having your staff work remotely when disaster strikes. We can assist in setting up Microsoft Teams for collaboration, enabling workforce mobility. And if needed we can deploy Windows Virtual Desktops for your staff to use while not being in the office, providing a secure and efficient way to continue working when the office is not available.

Please reach out to our Customer Relations Managers at crm@abtechnologies.com.au if you would like to discuss these options with us.

Microsoft End of Support Products in 2020

Consumerism. Many products and services that we purchased a decade ago may still work for us today, bit like our washing machine. It’s a more bit tethered around the edges from when we purchased it, may make a bit more noise than it use to, however like most of us who are waiting for the new Samsung Galaxy S20 range to come out know that technology continuously evolves to fit the audiences needs in the modern world today. That being said, I don’t rely on my washing machine to run and protect our business, it only has one simple function, to wash clothes.

As times change, customers, businesses and employees’ needs change as well. If they didn’t we may still be mailing orders the old fashioned way to distributors for customers that needed the products yesterday. We wouldn’t use the same technological tools to run against our competitors in the industry, nor would we use the same security methods developed a decade ago to protect our businesses from cyber-crime that has had a decade to evolve. Hence why it is vital to keep your business systems current and up to date with the latest security patches, software updates, performance improvements, and technological advances that the Microsoft modern workplace has to offer.

If you still have products that are end of life running your business we urge you to update your systems. With cyber-attacks becoming more sophisticated and frequent, running apps and data on unsupported versions can create significant security and compliance risks. To express the reality of it all, ABTechnologies has seen with out of date systems in the past quarter:

Product Security
  • 2 clients’ systems hit with ransomware attacks.
    • Backups were recovered, this hasn’t always been the case.
  • 10 clients’ systems brute forced by outside presences.
    • 2 systems were accessed.
  • 3 clients’ businesses offline due to outdated servers.
    • Downtime averaged 1 week.

The upcoming end of support milestone doesn’t need to be a burden. See it as a great opportunity to transform your applications and infrastructure to take advantage of cloud computing and the latest versions of SQL Server and Windows Server. We are pleased to share various options and tools to help you manage this transition to carry your organization through the next decade. ABTechnologies are the only 1 of 2 companies skilled and offering Microsoft Teams Voice and the latest Windows Virtual Desktop solution in the Microsoft Marketplace in Australia!

If you would like to be contacted in regards to updating your IT infrastructure, improving your security compliance, or maybe you would like to find out how you can improve your business processes with the current technology and software being developed today, please contact our Customer Relations Team on 1300 705 062 or crm@abtechnologies.com.au , or for more information on which Microsoft products are ending in support in 2020, please visit: https://support.microsoft.com/en-us/help/4470235/products-ending-support-in-2020