Online systems have been compromised, and a new scam is taking advantage of this

Scam alert: “I know your password”

The latest scam we’ve seen – “I know your password” – is both beautiful and scary. Read on to find out how to beat it.

Online systems have been compromised, and a new scam is taking advantage of this

Online systems have been compromised, and a new scam is taking advantage of this

Recently, some of our clients have reported receiving strange emails. These are more than the run-of-the-mill spam, they are from persons unknown claiming to know one of your passwords.

And here’s the thing – they do know one of your passwords. It’s there, in the email, in all it’s uncovered glory.

The sender usually uses this information and claims that they have infiltrated your computer with some sort of malicious software, which then used your webcam to record you while on the internet; typically claiming you’d visited some salacious web site or other.

And along comes the blackmail… pay $1,000 in bitcoin (or some variation) or else!

The “or else” usually involves telling the world your dirty little secrets.

Don’t be a scam victim

Most people freak out – and rightly so – because the password shown is genuinely one which they use, and human nature (working the way it does) leads people to be easily convinced that the sender has accessed their computer and will carry out their threat. Even if the receiver has done nothing wrong and visited no seedy web sites, the fear of what might happen is terrifying.

So, let’s pull back the curtain to see why this happened, and what you should do about it.

Many online systems (LinkedIn, Yahoo, and eBay, to name a few) have been hacked in recent years, and if you have an account on these systems it’s possible that your password was stolen. You should use this web site to see if you’ve been a victim of one of these password thefts.

If you have, then a bunch of your information would have been lifted; your name, password, possibly address and date of birth. Credit card information is usually not taken from these sites, as that information is kept separately.

In and of itself having a password stolen from an online system is not a good thing, but the real issue is if you use the same password on multiple systems.

Once the hack is done, the scam begins.

These thieves will try your email and password combination to login to other systems, and if you use the same combination elsewhere then those systems can be accessed by them. Increasingly, systems include 2-factor authentication to stop this; logging in requires more than an email and password for these systems, but most don’t.

Scammers will try many attacks, but the softest target is you.

What to do

If you receive this type of email DO NOT IGNORE IT.

The scammers most likely haven’t installed any software on your computer; their real target is money.

The #1 thing to do is change your password to any online systems which have been compromised; again, check this web site to see if you’re a victim of these.

The #2 thing to do is install anti-virus and anti-malware software on your computer. iHelp IT can help you with that, as part of our iCare Essentials package.

And finally, the #3 thing to do is to not visit any of those web sites…

Protect yourself

Contact us at info@ihelpit.com.au to find out more about protecting yourself with iCare Essentials

 

Related Tag: IT Support Sydney

tax-deduction

Get 3 Years of Tax Deductions in 3 Weeks!

Three Year Tax Deduction

Get 3 years of tax deductions in one hit.

Right now the Australian government is practically throwing money at you in the form of tax benefits. What are they and how can you take advantage of them? Read on!

A few weeks ago I wrote a blog post titled Replace or Die, showing a number of recent hardware failures experienced by our clients, and when you should look at replacing your computers (hint: it’s 5 – 7 years). No matter how good your equipment is, these failures invariably happen to good businesses!

Since writing the original blog post, we’ve had 2 more client computers experience sudden hardware issues, so the trend continues. True, as an Apple tech support company we do see more than our fair share of hardware issues, but our IT support experience guarantees us that it will happen to you, sooner or later.

The great news is that it’s the perfect time to replace your Mac, Windows PC, and any computer related equipment you may have. Read on to find out why.

The tax reward, and how to get it

The Australian Federal Government is letting small businesses claim the depreciation of any asset purchased in this financial year (to the value of $20,000 per asset) in one hit. This is great because normally assets are depreciated over several years.

To qualify, all you have to do is:

  • Have an annual turnover of less than $10 million (the majority of small businesses do)
  • Buy your new gear by 30 June 2018

Example

Peter runs a marketing business which had a potential tax bill of $85,000 in FY 17/18. Peter decided to replaces his 5 desktop computers, 4 notebooks, 2 iPads, projector, colour laster printer, and server. Each item is under $20,000, and in total Peter spends $29,000 on the gear. This saves Peter $7,975 in taxes, reducing his tax bill from $23,375 to $15,400, while at the same time refreshing his entire office IT.

Peter doesn’t have to think about depreciating the gear over 3 years; it’s all done in one step.

Of course, this is just an example, so please always consult your accountant regarding any tax or other implications and benefits for your business.

Why now?

June is the obvious best time of the year to do this, as it’s the last month of the financial year, an purchases made now will minimise the time gap between buying your new assets and reaping the tax benefit.

Hurry!

There isn’t much time until the end of June 2018! If you have a shopping list ready, or even just want to investigate what you should buy, contact us at info@ihelpit.com.au, or call us on 1300 469 622 and we can help you get the ball rolling.

Related Tag: IT Support Sydney

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

Replace or Die

Broken iMac

Over the past 4 weeks, the iHelp IT office has been inundated with a number of iMacs, MacBook Pros, and PCs with hardware problems.

In the words of the late, great, Tyler Durden, “on a long-enough timeline the survival rate for everyone drops to zero”*.

Computers are no different. Parts wear out and die the death.

What struck us, though, was the number of computers with hardware issues in a relatively short period of time. We thought maybe there was a curse, maybe solar flare activity, maybe even aliens!

But, when we looked closer, it turned out to be the ubiquitous frenemy to us all: time.

Out of the 8 machines which have had hardware problems in the last 4 weeks (yes – that’s 2 a week), the youngest was 4.5 years old. The rest were all over 5 years old, and that’s significant.

Why 5?

Big things tend to have longer lifespans than smaller things, so the size of a thing might be a fairly reliable indicator of how long it should last; it’s useful life. There’s even a theory on this – called the Rate-of-Living Theory.

That’s all well and good for the living, but can this theory be extended to the non-living, and specifically electronics?

To find out, we charted the lifespan versus the size of a smattering of common electronics, below.

Common Electronics Lifespan

The size and lifespan of common electronics. The bigger the thing, the longer it lasts.

As you can see, as a general rule of thumb, the theory seems to hold. Both lifespan and size are trending in the same direction (though not at the same rate!). Big things last longer, but it’s not linear.

Recently, I wrote a blog post on the new iPhone X, in which I specifically advised iPhone 6 and 6 Plus owners that it’s time to upgrade. This, and telco phone plans generally, would seem to give smart phones a useful life of 2-3 years before parts start to fail, the new operating system runs too slow, and new apps don’t work.

Applying this to computers, and recent events, we have a new golden rule: the rule of 5 years.

And this fits nicely with out size v lifespan chart, above.

Tipping Point

One of the 8 machines which recently failed had the simplest (and most common) of failures; a hard disk failure. This machine was from 2011, and it’s value on Gumtree was around $450. To replace a hard disk the cost is typically $110 for the hard disk, and an average of 3 hours of labour (replace the hard disk, install macOS, migrate the data from a backup), or $594.

Total cost $704, which is a lot higher than the resale value of the Mac.

Is a repair worthwhile? No (unless you get the Mac for free!)

At some earlier point in the now 7-year-old iMac’s life it was the same cost to fix it as you’d get to sell it.

This point in time is the Tipping Point**. Insurance companies know it. Tyler Durden knew it***.

A 21.5 inch iMac around 5 years old will go for anything from $700 – $900 on Gumtree, whereas leaving the decision to sell for another 2 years means that instead of getting an average of $800 for it on Gumtree, the owner is now up for a $700 repair bill.

The tipping point has passed and it’s not worth repairing. You could say it’s time for the tip.

As an added sting, 2 years ago $800 would have covered 1/3 the cost of a new iMac. The now-broken iMac covers none of that cost.

Act Now

Now is the time to check if your Mac is over 5 years old, or even approaching that age.

A working 21.5 inch iMac from 2013 will run the latest macOS and is readily sold. The money you get for it can go towards a replacement. You don’t have to sell it – you might have kids, a niece, or just a local school that could do with a working computer for a classroom.

It’s your choice.

If you’re not sure how old your Mac is and want guidance on what to do, then call iHelp IT – we’ll help you to replace and not die.

Related Tag: IT Support Sydney


* Tyler didn’t say this, but the protagonist has no name.
** I just made this name up; but it’s pretty good.
*** I’m assuming that Tyler was at least aware of the rule.

 

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

10 Reasons to Upgrade to iPhone X TODAY

iPhone XFinally. At last. About time!

It’s taken a good while, but you can get an iPhone X today; just walk into an Apple store or your nearest and dearest telco; they all have them in numerous quantities.

But should you?

I’ve never been one of those guys that lined up outside an Apple Store to get the first of anything. I did get the iPhone 3G on it’s release day – but that was because I was working at the Apple Store at the time! I’m the kind of guy that will wait until I need to upgrade to something.

With my iPhone 6 Plus workhorse, the need was clear; it’s performance was… stuttered. The moment Apple released iOS 11, the writing was on the wall. In ink. Etched. Chiseled. Written in thirty-foot high letters of fire, even*. Months of pain dealing with the sloth that had become the iPhone 6 Plus needed to end.

And that was the single reason to make the jump, but the result has been a complete delight and a new love for iPhone.


Stunning Design

iPhone Design Unlike my old iPhone 6 Plus, iPhone X looks better in real life, even without the benefit of photoshop. The web imagery does no justice to the finish. The smooth shine of the glass front, the depth of the glass back, the stunning chrome edge.

iPhone X feels good in the hand too; significant but not cumbersome. The screen is large, but the device is compact, due to what’s been taken away.

Don’t underestimate design. Design is more than looks and feel.

If you’ve ever seen the documentaries Helvetica or Objectified, you’ll understand that design is more than the look of a thing – more than vacuous beauty. If design ended there you simply wouldn’t use a thing. The stunning design that starts with the outside continues throughout every tiny, thoughtful aspect of iPhone X.

And, yes, I’ve seen both Helvetica and Objectified.

Call me crazy.


Face ID

Face IdThis is it. It’s the mother feature. The main selling point. The reason for iPhone X to exist.

And also probably the most under-appreciated.

Gone is the ubiquitous Touch ID fingerprint identification; replaced with a technology so seamless that it feels like magic. Face ID uses 30,000 (count them!) dots, sprayed across your face, to learn who you are, and then uses your face to unlock everything which would previously need TouchID, or (even further back in time), your passcode.

Does it work? Seamlessly. Outside of on-screen cues that FaceID is being used to unlock your phone, make app-store purchases, log into online banking, or populate your password on a web site, it’s literally as simple as looking at your phone – something you do every minute you use it.

I’ve thrust my phone into several people’s faces and tried a photo of myself (and others) to try to fool it – it doesn’t get fooled. I setup FaceID with my glasses on, and it recognises me with them off, and even with my hand covering my chin (as you do when you’re looking at your phone, thinking). Apple claims the phone learns how your looks can change over time, so growing a beard isn’t an issue. Does it work if you have a large bushy beard, and then shave? I’m not sure about that, but it does work if I cover the entire beard area of my face – so it well may!

FaceID also makes iPhone X more secure. For example, when locked, your phone tells you that your have a notification, but doesn’t reveal the content until you look at it. Arthur C Clarke is quoted as having said “Any sufficiently advanced technology is indistinguishable from magic”.

Magic, meet FaceID.

And, yes, FaceID does work for the blind. By default, FaceID requires you to look at the iPhone to activate, but this can be switched off, such that all you need is a face.


That Display

iPhone X DisplayWhile FaceID is staring at your face all day, your face is staring at the display, so changes to the display are always a big deal, and iPhone X’s display has changed in major ways.

Firstly, there’s size. At 5.8 inches it’s bigger than any other iPhone screen. The display is the phone. The bigger size is a no-brainer, though going bigger always has the potential for associated downsides. Making the display the phone means that, despite the bigger screen, iPhone X is surprisingly compact.

Secondly, there’s OLED. OLED displays show true black – not just very dark grey – but actual, lack-of-light, black. Colours on OLEDs really, really, pop, the displays are thinner, and they use less power than LCDs. OLED hasn’t been without it’s flaws; colours shift depending on the viewing angle and can change over time, and they have struggled in bright light (notably, daylight), so Apple’s been slow to the OLED party, knowing that it’s customers expect only the best. Apple’s implementation has mostly dealt with these issues, and implemented OLED as a retina display, and the result it spectacular.

Androidians will tell you the Samsung Galaxy S9 has a higher resolution display (570 ppi versus 458 ppi on iPhone X), but the human eye can’t see past 300 ppi, so I’m not sure of the point.

iPhone Notch

Out, damn notch! (Photo by Qi Heng/VCG via Getty Images)

Finally, there’s the elephant in the room – The Notch. To get iPhone X as small as possible Apple made the, um, bold design decision to take a notch out of the top of the display, where the front-facing camera, earpiece, FaceID, and various other sensors live. Personally, it bugs me. I don’t notice it like I did a week ago, but I would have preferred 5mm more height and no notch.

Having said that, the notch doesn’t interfere when it really counts; viewing wide-screen videos, taking a screenshot, taking a photo, or scrolling through your photos. Apple has told developers to embrace the notch. Some are avoiding it, but mostly you just don’t notice it, like watching a play when someone with a bouffant is sitting in front of you and off to the side a bit – it’s a tiny distraction in your peripheral vision that you eventually get past.

On the plus side, having the notch does make iPhone X smaller overall, and this is a good thing. While I love the larger displays of the iPhone Plus line and other “phablets”, my 6 Plus was always too big for my hands. It was OK in my pocket, but making calls was like holding a frying pan to my cheek!

iPhone X has a big, beautiful, bright, poppy screen in a compact form factor – imagine Cinerama, in a phone booth. It’s only slightly bigger than the iPhone 8, but its screen is roughly the size as the iPhone 8 Plus. Finally, I can watchStar Trek Discovery on Netflix, in the dead of night, on a gorgeous, personal display.

What a display!


No Home Button

With FaceID replacing TouchID, we say goodbye to the home button, an integral part of iPhone since day one. It’s sudden removal is one of those jarring deletions that Apple is famous for, and I didn’t know how I would deal with this, but relearning takes very little getting used to. The home button single-press functionality has been replaced with a swipe up from the bottom of the display, and double-press has been replaced with swipe-and-pause. These changes take a short minute to learn, and you quickly realise Apple had prepared us for these gestures when it released iOS 11. It’s not a terribly dramatic change.

I knew I’d mastered the gestures when I found myself trying to use them on my iPad. Oops. My finger no longer drifts to the home button, but automatically swipes upwards, to no avail, alongside that awkward moment when I expect my iPad to unlock itself just by giving the camera my best Blue Steel.

The removal of the home button is philosophically in line with Apple’s loathing of buttons; I’m surprised that volume and power are even still buttons, and not little touch pads. No doubt they will disappear when a completely submersible iPhone is released in due course.


The Camera

iPhone CameraiPhone has always been at or near the forefront of mobile camera photography, and – as the archetype of all smart phones – is indirectly responsible for the mass accessibility of consumer photography, and consequently, for trillions of pointless #beentheredonethat photos. We’re all guilty!

The iPhone X camera represents a major upgrade over iPhone 6 / 6 Plus. Since I’m not a photo buff, I’ll leave it to others to go into a detailed technical analysis, and just skip to what it means for your family photos and videos, and why they’ll look so much better.

Pixels pixels pixels. iPhone X’s camera sensor has more megapixels (12 versus 8), so photos have more detail and look sharper. Should you ever, you know, accidentally print your snaps, they’ll look great – even if blown up as posters. Want proof? Check out Apple’s Shot on iPhone campaign, littering billboards literally everywhere.

Low light? No problem! For those intimate family dinners, iPhone X takes better photos in low light, with less graininess. Take you happy snaps with natural lighting instead of filling with flash and avoid those awful night-time shadows.

Optical zoom. Like the iPhone 7 and 8 range, iPhone X has an optical zoom – not just a fake digital zoom. OK, it’s just 2x, and there are phones with 10x zooms, but they have heavy trade-offs; either the processor is slow, or the screen is small, or they can’t shoot 4K video, or they have low storage – you don’t get something for nothing!

The best portraits, Jerry. The best! This feature is my favourite, as it’s so simple and creates such beautiful photos. Take a portrait of your best friend / girlfriend / cat / pot plant, and see the background fade into soft focus, and your eye drawn to the subject. Magic.

Then there’s 4K video. Newer TVs, TV shows, and movies are all in 4K, and iPhone X can shoot 4K at up to 60 fps (frames per second) – sharp and smooth, like Barry White. You could shoot a film with iPhone X, and then watch it on your 70-inch home TV. Don’t believe me? Fine… ask You Tube. This video compares iPhone X to a professional grade video camera.

If you’re serious about taking well-above-average photos and video, then I recommend investing in 3 more things: a lens kit (Moment, for wide, telephoto, fish-eye, and macro), a gimble (for super-smooth motion), and time; to learn how to set up your shots and make photos and videos. Check out this video to learn how to shoot more cinematically.

Most importantly, I can report that I look both stunning and frightening in selfie portrait black-and-white with stage lighting!


Sheer Performance

Everything is punchier – everything reacts when you say go!

I can’t remember the number of times I’ve yelled at my iPhone 6 Plus with iOS 11 installed. “Go, you tendrille’d beast! Push forth thou sloth!” – or words to that effect.

Yes, iOS 11 is great. Yes, on a phone as old as the iPhone 6, it’s awful. Even after wiping my 6 Plus and not restoring from backup, it still sucked the life out of me, making me wait for everything. With the 6 Plus, I was actually scared to install apps. Was constantly closing them. Was always looking to reduce background tasks or minimise add-ons, and forever waiting. Waiting. Waiting…

iPhone X features more of everything that makes a computer go faster; faster processor, more processor cores, more memory, and faster graphics. The end result is that you’re never left waiting for iPhone X to do it’s thing. It’s performance is smooth no matter what; and that’s all that really matters.


Augmented Reality

Augmented RealityAR is the next big thing in mobile phones.

Do not be fooled into thinking it’s all Pokemon Go. Yes there are cute games, like The Machines, which transmogrifies your kitchen table into a superhero battleground, or classics like Halo, now available in AR form. There’s the general silliness of animojis, where your face is used to animate a cute emoji, or Snapchat’s weird take on that, by layering masks and floral haberdashery onto your animioji face.

But all this is the tip of the AR iceberg.

The tremendous performance, display, and multiple sensors in iPhone X make it a perfect AR tool. Like the humble mobile phones of the 1990’s, AR will unlock new opportunities, and likely impact 3 areas in addition to the obvious (games).

Tradies. Apps like Magicplan, which lets you create floorpans on the go with just your iPhone X, are great for real estate agents, architects, and others in the building and renovating industries. Alongside this are design apps like IKEA Place, which lets you place virtual furniture in your living room.

Retail. Bricks and mortar retail has been significantly eroded by online stores, but AR can enhance physical shops, making the experience distinct from, and superior to, online shopping. Nothing beats tactile interaction, and AR can significantly improve the physical shopping experience in ways online cannot ape.

Education. Insight Heart is an app which places a virtual human in your living room and then lets you extract and examine it’s huge, bloody, beating 3D heart, suspended like a fugitive from a horror movie! It’s surreal and educational! Rolls Royce has a Trent 1000 app; for those times you just have to know how this engine works. It’s easy to see how these AR apps will quickly become educational must-haves.

Like the first iPhone apps, the computer GUI, and the invention of the mouse, AR is disruptive because of what it will let people do, and that will be figured out in the coming tomorrows.


Audio

iPhone X leaps ahead of iPhone 6 and 6 Plus in the speaker category, with stereo speakers, and front facing audio. Plus, the earpiece acts as a speaker when you’re watching videos in landscape mode, so you can actually hear stereo.

Of course, you’d never seriously watch anything without your AirPods, but – in the event you’ve left them at home, the audio coming right from the phone is awesome, and loud enough to hear most anywhere.


Battery Life and Wireless Charging

iPhone Battery Timing Yes – iPhone X has a smaller battery that iPhone 6 Plus, but it uses that power better, mainly due to the OLED screen needing less power than an LCD screen. The end result is that I have around 35% power left after a full day’s work, whereas my iPhone 6 Plus would be at around 15% at the same time, and tanking.

This means that I can go out after work, take photos or videos, make calls, even tether, confident in the knowledge that I won’t need to recharge before I get home late into the night. This makes a much bigger impact on how you use the phone than you’d think – you no longer have to plan to charge your phone before you head out for a big night.

Unlike the case with photography, I am an avid fan of increased battery life and thus appreciate the iPhone X’s alleged two extra hours of power between charges (compared to an iPhone 7). I had no time to assess this scientifically, but can verify that my unit powered through the usual late-afternoon low-battery doldrums and still seemed to have some juice when it came time for nighttime charging. That charging occurred on a wireless pad—though, at this point, adding another gadget to the house just to free myself of plugging in a cable seems a dubious trade-off.

No matter how good the battery is (unless it’s a radioactive diamond battery), then eventually your iPhone will need re-charging. Wireless charging is new for iPhone. Along with my Apple Watch and AirPods, I can now use a variety of charing pads which adhere to the Qi charging standard, to charge my gear just by putting them down on the pad.

No more looking for the cable – or worse – the right cable. Imagine a table top which charges your phone. The real beauty here is that you no longer have to think about these things – they just automagically happen.


Water Resistance

iPhone X is rated IP67, but what does that mean?

The first digit (6) refers to dust – so no dust should be able to get into my iPhone X. This is great for, um, gardening, going to the beach, visiting a dustbowl…

The second digit (7) refers to water – under lab conditions, iPhone X was submerged in water of depths of under 1m for 30 minutes, and didn’t sustain any permanent damage. In reality you can get the phone wet, and don’t need to panic in the rain or if a bottle of coke spills over it (aside from the sugar), and should even be OK if it takes a quick dip in the tub. But don’t go swimming with it. Having said all that, the touch screen doesn’t work if either it or your hands are wet.

It’s better than my old iPhone 6 Plus, but there’s a ways to go for true water proof-ness and usability.


So, Should You Upgrade?

With every single iteration of the iPhone, Apple has claimed that it’s the best one the company has ever made. But for this anniversary edition – coming at a time when critics are griping that the company had tumbled into an innovation trough – Apple’s genuinely pushed the iPhone to the next level.

Tim Cook calls the iPhone X “the future of the smartphone.”, and I agree.

If you have an iPhone 6 or *gasp* older, just go out – today, right now – and upgrade to iPhone X.

You’ll thank me later.

* thank you, Douglas Adams

 

SaveSaveSaveSave

SaveSaveSaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

SaveSave

New Mandatory Data Breach Notification Laws

Catherine Higgins from Lawbase

New Mandatory Data Breach Notification laws came into effect during February. Catherine Higgins from Lawbase explains how these laws affect you, and what you need to do in the event of a breach.

Why are they needed?

Strong data management is integral to the operation of businesses and government agencies worldwide.  At the same time, data analysis has been widely recognised for its value as fuel for innovation.

This noted, one of the biggest risks organisations face with data management is a data breach.  A data breach involving personal information can put affected individuals at risk of serious harm and consequently damage an organisation’s reputation.

A change to the law

To support this protection, on 23 February 2018 and for the first time in Australia, those subject to the Privacy Act 1988 (Cth) (the Privacy Act) now have a mandatory obligation to promptly report eligible data breaches to both the Office of the Australian Information plainmissioner (OAIC) and any individuals who may be potentially affected by the data breach.

Mandatory data breach notification is designed to protect the individuals affected by a data breach so that they may take the necessary steps and measures to protect themselves from any harm or damage.

We believe notifying affected individuals is simply good privacy practice as it gives each person the opportunity to take proactive steps to protect their personal information and also helps to protect an organisation’s reputation by displaying transparency and openness.

Examples of an eligible data breach could be:

  • There is unauthorised access or unauthorised disclosure of personal information
  • Personal information is lost in circumstances where unauthorised access or unauthorised disclosure of the information is likely to occur
  • A reasonable person would determine that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.

Notification obligations

If you believe there is an eligible data breach, there is a requirement to provide notification as soon as practicable.

The notification obligation involves a two-step process.

  • The organisation must prepare a statement containing certain (prescribed) information about the data breach and provide it to the OAIC
  • The organisation must then notify the affected individuals.

The notification statement must set out:

  • The identity and contact details of the organisation
  • A description of the eligible data breach
  • The kind or kinds of information concerned
  • Recommendations about the steps the individuals should take in response to the eligible data breach.

Will the new laws affect me?

Organisations with a turnover less than $3 million a year will fall outside the legislation.

Noting this, however, the Privacy Act does apply to some types of businesses with an annual turnover of less than $3 million so the new laws may still apply.  These businesses can include health service providers, gyms, child care centres, private schools, businesses that sell or purchase personal information and credit reporting bodies.

We recommend you confirm your status with OAIC.

How do I prepare if I’m impacted by these new laws?

First of all, don’t panic!  Experts are reporting that as many as 44 per cent of eligible Australian enterprises are not yet ready to comply with the new changes.  This said, you need to get your business up to compliance as soon as possible.

Taking reasonable steps to minimise risk

Eligible organisations should be proactive and take appropriate and reasonable steps to ensure the security of personal information.  It will, of course, depend on the circumstances and be determined by the following:

  • The nature of the entity holding the personal information
  • The amount and sensitivity of the personal information held
  • The possible adverse consequences for an individual
  • The information handling practices of the entity holding the information
  • The practicability of implementing the security measure, including the time and cost involved
  • Whether a security measure is itself privacy invasive.

Noting this, as guidance, the OAIC has advised that reasonable steps would include:

  • Performing or conducting Privacy Impact Assessments
  • Implementing Privacy by Design principles
  • Performing information security risk assessments
  • Creating and maintaining a Privacy Policy
  • Having a comprehensive and up to date set of information security policies
  • Restricting physical and logical access to personal information on a "need-to-know" basis
  • Keeping your software up to date and current
  • Employing multi factor authentication
  • Configuring your systems for security
  • Employing end point security software
  • Security monitoring tools to detect breaches
  • Using network security tools
  • Penetration testing exercises
  • Vulnerability assessments
  • Having a data breach response process

The Guide

For those that have begun the above process or those that need to act quickly to become compliant, we strongly recommend you review the OAIC Guide.  It has been prepared to assist Australian Government agencies and private sector organisations prepare for and respond to data breaches in line with their obligations under the Privacy Act.

As an overview, it is broken into five key parts.

Part 1: Data breaches and the Australian Privacy Act

This section outlines the requirements of the Privacy Act that relate to personal information security and data breach response strategy.  The principles contained within the Privacy Act for the handling of personal information may be adopted by any entity to lower the risk of a data breach occurring and to effectively reduce the impact of a data breach.

Part 2: Preparing a data breach response plan

The faster you respond to a data breach, the more likely it is to limit any negative consequences.  A data breach response plan is essential to enable a swift response and ensure that any legal obligations are met following a data breach.

Part 3: Responding to data breaches — Four key steps

An effective data breach response generally follows a four-step process — contain, assess, notify, and review.  This part of the guide outlines key considerations for each of these steps to assist entities in preparing an effective data breach response.

Part 4: Notifiable Data Breaches (NDB)

This section outlines the requirements of the NDB scheme under the Privacy Act.  The NDB scheme contains mandatory data breach reporting obligations in relation to certain data breaches, and requirements to assess suspected data breaches.

Part 5: Other sources of information

The obligations of the Privacy Act in relation to data breaches co-exist with other reporting obligations.  This section assists entities in identifying where they can find information about other data breach reporting requirements

Are there any penalties if I don’t meet my requirements?

Yes.  If you don’t comply with the notification obligation, you may be subject to anything from investigations, or in the case of serious and repeated non-compliance, substantial civil penalties.

In saying this, we believe not acting to protect the information of someone in your ‘care’ is simply bad practice and penalties should apply.

If you have any questions on the new laws or would like to discuss any elements surrounding them, please contact the author, Catherine Higgins, at Lawbase (lawbase.com.au).

 

Related Tag: IT Support Sydney

Password Security

Perfect password security

Your passwords are a tremendous security measure, but sometimes they seem to be no more than an inconvenience, designed to stop or slow you from accessing a computer or web site.

For decades (literally since the 60s) passwords have been the first line of defence to secure access to computer systems, and are increasingly important against a growing cyber threat; from the password you type to log in to your Mac, to the PIN you enter on your iPhone.

Even apparently fancier technologies like Apple's TouchID and FaceID have only one job; ensure access to the existing PIN on your iPhone. It's the PIN (or more complex password) which in turn actually unlocks the phone.

So passwords aren't going anywhere, and consequently it’s always a perfect time to review your approach to passwords, and find out how a few simple changes can give you an immediate security boost.

But, in this digital world, password are everywhere. Each time you login to your computer, iTunes, FaceBook, Google Drive, iCloud, work-based systems, DropBox, Zomato, Seek, Uber, Tinder, and (of course) the numerous financial systems which we take for granted these days. The list is almost endless.

So how do you effectively protect yourself?

Do you go the simplistic route, and pick one really good password and use it everywhere? No. Absolutely not. If someone gets that password then you're compromised everywhere.

But having secure, unique passwords to everything is unusually complex, and entirely impractical. So now what?

Fortunately, technology (the cause of the problem) also has a number of solutions. Below are 6 ways in which you can get the best of both worlds; security and simplicity.

This article should be viewed as essential reading, not just as a set of recommendations.

Related Tags: Mac SupportApple Support Australia

SaveSave

SaveSave

SaveSave

Go Long

Despite what all those prompts for unique characters and uppercase letters might have you believe, length matters more than complexity, as is elegantly displayed in one of our favourite geek comics, XKCD. The more characters, the more mathematically complex it becomes to guess a password, and the longer an attack would take.

Stringing together a sentence, and mixing in some symbols, numbers, and upper-case (think &, 4, U) makes a password much, much harder to assail.

“inever4getaface!” is a great, easy to remember but complex to guess password.

Let your Mac do the heavy lifting

Don’t trust foreign browsers. A convenient shortcut to remembering all those passwords, or getting a paid password manager account, is letting your browser remember them for you. You’ve seen the option yourself. You probably even use it on at least one site. Don’t! The option is convenient, but the underpinning security is often undocumented, and it doesn’t require that your password actually be, you know, good. If you need a free and easy option, go with a password manager like Dashlane instead of trusting everything to Chrome.

The only problem is that apps like Google's Chrome don't take advantage of the keychain, so you'll need to manually enter passwords from the keychain to Chrome, and Chrome can save the password in it's own database.

Use a password manager

Password managers like 1Password or LastPass create strong, unique passwords for all of your online accounts, and then store them for you to access across all your devices. So you have strong, unique passwords, and if one of your passwords does get caught up in a data breach, criminals won’t have the keys to the rest of your online services.

Now all you need to do is remember one master key.

The limitations with these applications is that, like all 3rd party software, you'll need to download a separate app, and then you'll need to install the appropriate browsers plugin for them to work.

Use keyboard patterns

A much-less-often used password mechanisms is using a keyboard pattern.

Instead of making up a sentence or using substitutions, you pick a pattern on your keyboard as a password. This has the advantage of being extraordinarily easy to type in, but hard for others to hack.

Of course, there's an obvious downside; if typing in the password on a foreign or virtual keyboard, the layout may not be exactly the same as your normal keyboard. Also, keys like the numbers and symbols (the top row) may not even appear on virtual keyboard - so you'll need to really remember this type of password.

An example... "cftyuijnbvc" makes so sense as a word, but you'll see how nifty it is when you type it out.

Single-serve passwords

What makes safety glass so safe? Simple... it's designed to stop little cracks becoming big ones, resulting in tiny, relatively innocuous pieces of glass rather than large, sharp, extremely dangerous shards of glass.

In the same way, using unique passwords means that if the password to one online service is discovered, then it means your other online services are not in compromised.

If you’re use a password manager then you’re already all over this. If not, then a midway solution would be to create 10 unique passwords, and evenly distribute their use, so that the exposure of any password is not entirely catastrophic. Don't believe that your passwords may have been compromised? See for yourself: The website Have I Been Pwned has nearly 5 billion compromised accounts on file - and yours may be one of them,.

Use multi-factor authentication

Increasingly, online services are using multi-factor authentication.

Users can be authenticated more than one way, including:

  • Something you know - a password or PIN
  • Something you have - a smart card, a SecureID token, a YubiKey USB key, an app like Authy, or a code via SMS
  • Something you are - a biometric measure like a fingerprint, voice pattern, or retina scan

The third factor is usually only used for physical access to something; a building, a research facility, etc.

But two-factor authentication is increasingly used for online services, and codes via SMS are by far the most popular. If an online service offers two-factor authentication then you should used it. The only down side is that you may not be able to receive an SMS code if you're overseas and don't have roaming turned on.

FCR

FCR (Financial & Corporate Relations) is a leading Australian corporate, financial, and investor communications company, founded in 1985, assisting about 50 clients throughout Australia to communicate with their stakeholders.

They provide counsel and assistance to directors and senior management, combining skills in media and public relations, issues and crisis management, marketing, research, writing, graphic design, and online and print production.

Their contacts with financial journalists, analysts, brokers and fund managers are second to none among communication consultancies.

The Brief

FCR had been with the same IT support company for some years, but when their needs changed it was time to find a new provider which could help them move with the times.

They turned to iHelp IT in 2012 to provide quality technical support and service, to maintain and update their equipment, help their staff on an ongoing basis, and provide ongoing consultancy in all IT matters.

An initial, free consultation identified a number of areas of improvement.

The Solution

iHelp IT identified key areas where the business could improve it's IT, reduce risks, and streamline it's business.

Amongst the solutions provided were:

  • Multiple on-premise services were migrated to the cloud
  • Business continuity was ensured by implementing local and secure cloud backups
  • Security was improved via the removal of old user accounts
  • High-speed internet access was implemented, at a lower cost than the previous service
  • Network security was improved through new router equipment and directory integration
  • Support costs were fixed via iHelp IT’s iCare managed service product
  • FCR saved 45% on their phone bills by implementing iHelp IT’s My Cloud Phones cloud-hosted PBX
The Outcome

Today, FCR enjoys a smooth, integrated IT environment, with continuous updates and monitoring. FCR rests easy in the knowledge that their IT services are in good hands, and their IT dollars are well spent.

Their staff are able to call on iHelp IT's technical assistance without hesitation, knowing that having all their IT services under one roof means problems are quickly solved.

With significant savings on services like internet and phone systems, FCR is able to direct funds towards improving their IT investment and strategically planning for future growth.

Eastern Suburbs Anaesthetics

Eastern Suburbs Anaesthetics comprises fourteen specialist anaesthetists who are all registered in NSW, and recognised by the NSW Specialist Recognition Board.

All anaesthetists in this practice are highly qualified and skilled specialist doctors, having undergone extensive training.

The Brief

Eastern Suburbs Anaesthetics had migrated their office from Windows to Mac about 6 months before contacting iHelp IT.

Their current IT provider, who had done the migration, had proven unable to maintain the office Macs in working order, and had difficulty doing simple things like removing unneeded software, despite multiple requests.

The staff at Eastern Suburbs Anaesthetics felt the previous IT provider had over-promised and under-delivered.

The Solution

iHelp IT was brought on-board and Eastern Suburbs Anaesthetics immediately signed up to an iCare Managed Services agreement.

iCare meant the staff could call iHelp IT with any support requests without fear of blowing a budget. Support is delivered first remotely, and then on-site if required, for one fixed monthly fee. iHelp IT quickly fixed the most pressing issues, and has maintained the Eastern Suburbs Anaesthetics office ever since.

The Outcome

Eastern Suburbs Anaesthetics were so impressed with the iCare product that they renewed the initial agreement, and migrated the email hosting to iHelp IT.

Recently, Easter Suburbs Anaesthetics migrated their on-premise PBX to an iHelp IT My Cloud Phones PBX, resulting in a saving of around 75% on their office phone bills.

highbury-case-study

Highbury Partnership

Highbury Partnership is one of Australia's leading independent financial advisers.

They advise their clients on strategic and always highly confidential financial transactions, including recommending on takeovers, advising on the sale of assets, recapitalisations, IPOs, and mergers.

About a year after starting in a serviced office, they needed more space, and needed their IT to move with them, and be much more secure.

The Brief

When Highbury Partnership moved their corporate offices from ServCorp to their own address, they needed an IT solution for themselves and for their subtenant.

Due to the nature of their business and the sensitive work they do for their clients, security was a top priority, but they also needed flexible work arrangements.

The Solution

iHelp IT configured a Mac Mini server as the hub of their storage and security, and used the Mac OS Open Directory Architecture as the core of their security.

Building on the Open Directory architecture of Mac OS X, and using the Kerio Control router, iHelp IT deployed WPA2 Enterprise WiFi security. This means that only authorised staff could access the wireless network, and each staff member had their own unique access, whether using a Mac or Windows PC.

The Outcome

Staff could also work securely from anywhere in the world, allowing their team to work together no matter where staff were located. Highbury Partnership's subtenant was so impressed with the secure environment that iHelp IT implemented that they engaged iHelp IT to installed their network infrastructure as well.

Both companies enjoyed very secure, high-speed internet, with staff able to access the company's critical resources securely, satisfying their business needs.

Lightwell

Lightwell is a media design studio for museums and public spaces located in Chippendale.

They make responsive environments for exhibitions and public spaces, and story-driven media for cultural institutions, mobile devices and the web.

The Brief

Michael Hill from Lightwell contacted us in mid 2014, after being referred by the Apple Store Broadway.

They had significant IT infrastructure in place, but needed to integrate the security of their existing IT systems in order to bid on a large contract for a leading multi-national in the financial services sector, where security was of high concern.

The Solution

iHelp IT implemented Apple’s Mac OS X Server, using Open Directory as the core of the security measures.

The existing Kerio Control router’s VPN, the Apple Airport Extreme’s WPA2 Enterprise network (via RADIUS), and access to the various Synology NAS devices were all configured to authenticate against Mac OS X’s Open Directory. Additionally, the guest wifi network was configured to only allow access to the internet.

The Outcome

Access to network resources and data on servers were secured using a single directory, ensuring staff had to authenticate with their own account to access these resources, and allowing Lightwell to centrally manage security.

The solution allowed Lightwell to satisfy their client of the security of their infrastructure, and they won the contract.