WOULD YOUR IT SYSTEM PASS A WoF?
New Zealand vehicles are lawfully required to pass a Warrant of Fitness (WOF) at least once a year to be declared road worthy. What we often don’t appreciate is that this requirement gives experts the opportunity to identify any issues that we can’t see. Because until something does go wrong, we feel pretty safe and confident in our car. WOF inspectors are able to identify and anticipate problems and give advice on how to alleviate these issues before they cause any serious damage. The act of getting your car tested ultimately keeps you and other motorists safe. Likewise for IT systems, getting it ‘tested’ by a professional to identify any potential protection breaches can expose issues that regular people can’t see until it’s too late. It’s important not to fall into a false sense of security by forgetting the dangers of not having your safety procedures regularly evaluated and updated by professionals. Although there isn’t such a thing as an official IT WOF (yet!) it is still common sense that being proactive rather than reactive will help reduce your risk of cyber-attacks, losing files, compromising client information, and ultimately costing the company downtime. Having the attitude of ‘I’ll deal with it if it ever happens’ is like neglecting to take your car in for a WOF – you will have no way to identify and deal with issues before they become destructive. To find out how secure your IT system is, take the 2 minute test!Like a car WOF (but without the cost), you’ll receive a detailed IT safety report to see at a glance where your business is most vulnerable.Click here to take the test now.
A DIGITAL BATTLE PLAN
There’s a war going on in cyberspace. Criminal masterminds are reaching across continents into your office and taking files hostage. This faceless enemy can cause havoc to your business by encrypting important files, and demanding a fee to release them. This criminal activity is called ransomware, and last year 40% of New Zealand businesses were impacted by it (PWC). Being proactive rather than reactive will help reduce the risk of becoming yet another victim and if you do have a ransomware attack, recover your files fast and get your business back up and running quickly. Having the attitude of ‘I’ll deal with it if it ever happens’ will leave you a sitting duck to the enemy. Inadequate file recovery processes and no business recovery plan will leave you with only one hope of getting your files decrypted – pay up. Being cyber criminals, they’re not the most trustworthy people in the world, after paying the specified amount, they are known to demand more money. Commanders-in-Chief tend to take the approach of not negotiating with terrorists – we prescribe to the same tactic. 4 strategies to defend your business against ransomware attacks:1) Guard your information (Anti-malware and backup files)Having anti-malware software in place for digital business devices forms your basic armour against cyberattacks. However, if your system does get breached, having offsite backup files is essential for business recovery. myITmanager highly recommend that any backup files should be stored in a cloud system, rather than physically (eg USB stick). Cloud backup files are: > Easier to restore if a system is compromised. > Usually automated, so easier to manage. > Less likely to incur human error. 2) Get your troops trained (Staff awareness of threats)Having the technology in place to protect your business’ digital assets is not enough. Your staff need to be trained on how to identify and react to a potential cyber threat. Cyber criminals are sneaky. They are always trying to stay one step ahead of IT defence strategies, and often disguise viruses and ransomware as innocent email attachments (often called phishing). One recent example of a phishing scam was emails disguised as Xero invoices.It is important that staff members stay vigilant and refrain from clicking on things that are ‘not quite right’. Education on the latest cybercrime ‘trends’ will help to prevent enemy infiltration of your files. 3) Have plan B ready (Business recovery plan )If a harmful event does occur (whether it be ransomware, a natural disaster or something else), a business recovery plan is essential to help your business get back up and running quickly. Having all your key information in one document will make it easier to put your plan into action after a crisis. to learn about the four starting points for your business continuity/disaster recovery plan. 4) Call in the reinforcements (Engage an external IT Security expert)Sometimes it’s hard to stay alert to a threat that’s never happened to you before. Your priorities are more around the day to day running of the business, and security gets put on the backburner.For businesses without a designated IT role it’s a wise idea to delegate all the technical stuff to external, expert providers, instead of trying to manage it yourself. Strengthen your army with some cybercrime combat ninjas. A good external IT manager will: > Keep anti-virus, anti-malware and security patches up to date. > Train your staff on identifying threats (eg emails with viruses, links etc). > Advise of any new tools that will increase IT security. > Manage and monitor file back up to the cloud. In a nutshell, they will give you the peace of mind that your important business files are in a digital fortress - as safe as they possibly could be. The first step to forming a robust battle plan against cyber-attacks is to do an audit of your current systems and processes. Find out how secure your IT system is, take a couple of minutes to complete our free online test. You’ll receive a detailed IT safety indicator report to see at a glance where your business is most vulnerable. Click here to take the test now.
ALL SHOOK UP: The Power of Mother Nature
Things got off to a shaky start a couple of weeks ago when the 7.8 magnitude earthquake rocked the upper South and lower North Islands, leaving a trail of damage and disruption in its wake. Reminiscent of the chaos and disruption suffered in the Christchurch earthquakes, Wellington experienced some of the similar after effects with several large office buildings evacuated, some now planned for demolition. It is a timely reminder of how critical it is to have plans in place for unforeseen disruptions to your business. SuiteFiles one of our key suppliers is based in Wellington, and not only has plans and systems in place to deal with such a disaster internally but have developed a cloud based File Management System that reduces the need for businesses to have their electronic documents stored on physical locally based IT equipment that is particularly susceptible to such disasters. Back up and running after a disasterFor those of us based in Christchurch it was a timely reminder of the power of mother nature. This isn’t the first time that an earthquake has adversely affected Wellington either. In 2013, a strong quake hit the capital and prevented businesses from accessing both buildings and servers. Just like then, being cloud-based has significantly helped SuiteFiles get back on their feet quickly. This recent experience is a timely reminder about how dependent we are all on technology and the criticality of having a good disaster recovery plan in place. A disaster recovery plan should form one part of your overarching business continuity plan, and focuses mainly on restoring IT infrastructure and operations after a disaster. These plans are vital, and could mean the difference between being back to business as usual in 2 hours or in 2 months. We know which one we’d prefer. Making a disaster recovery planIf you don’t have a business continuity plan or feel like your one needs a refresh, there are plenty of . Having all your key information in one document will make it easier to put your plan into action after a crisis. Based on our experience, here are some useful starting points for your business continuity/disaster recovery plan: 1. List of key staff members and their responsibilities right after a disasterDecide who key people in your organization are and what their responsibilities will be after a crisis – who will oversee communicating with and updating staff, who will check the business premises and IT, etc. Lay this out in a clear chart with staff member names, contact details, addresses and responsibilities. 2. A clear communication planHave contact details and addresses for all staff members. Have a checklist to ensure you’ve checked in with everyone and that you provide regular updates. Have an emergency contact person for staff. 3. Plan for where and how staff will workMake sure that all staff know what the next steps for the business are. After the earthquake, we know of people who traveled into the city (through flooding no less!) only to find out their building was closed. Can staff work remotely and do they have adequate resources to do this, like hardware or access to documents? 4. Comprehensive process for IT health checkTake stock of your hardware and IT infrastructure - determine a list of critical functions and the steps you'll need to take to get those up and running again. It almost goes without saying, but you should store your plan somewhere that is accessible to you after a disaster. All staff, particularly ones with core responsibilities, should be familiar with the document and know how to access it. Finally test your plan to find gaps in your processes, and make sure you review it regularly, especially as staff and technology changes. Kindly provided by our Partners at SuiteFiles.Do you have a disaster recovery and/or business continuity plan?Contact one of our team if you have any questions about how robust your systems are to cope with a significant disaster. HINT – don’t take the approach of it won’t happen to me.
Xero Invoice email SCAM
We’re now seeing phishing emails being sent from the @post-xero.com domain. The full From address is email@example.com, rather than Xero’s legitimate firstname.lastname@example.org address. We’ve started the process to get the @post-xero.com domain taken down. Here’s an example of one of these latest phishing emails:post-xero_example:All of the examples we’ve seen so far from this latest phishing campaign have ‘Invoice INV00249’ in the subject line. However this could change so don’t assume an email is legitimate if it doesn’t have this invoice number. They’re also using a variety of company names. Check any Xero invoice email you receive to ensure it came from our email@example.com email address. Also check the destination URL for the online invoice before you click on the link. You can do this by hovering your mouse over the link in an email (DON’T CLICK) to see the actual destination URL. This will be displayed at the bottom of your browser window. If one of these emails makes it as far as your inbox, you should report it as phishing and delete it without clicking on any links or attachments. Reference: Xero Security Blog
CryptoLocker a relatively new family of virus / ransomware and is catching out a few too many unsuspecting victims. It is based on extorting money from infected users who are tricked into running it. The victim receives an email with a password protected ZIP file often purporting to be from a courier company. CryptoLocker hijacks and corrupts users’ business documents and demands them to pay a ransom (with a time limit to send the payment). How to avoid CryptoLocker: 1. Be particularly wary of emails from senders you don’t know, especially those with attached files.2. Ensure you have a good backup system in place for your critical files that isn't linked to your device.3. Consider Cyber Security insurance - contact us to find out more. If you become infected turn off your device and disconnect from the Internet / network immediately, then contact us.