Recently, we switched to Sophos Intercept X Managed Protection for our endpoints (Macs and PCs) and Windows Servers. The reason we use Sophos is that it offers a range of integrated protection products, as part of our broader cyber security services.
The product we deploy as standard, Intercept X Advanced, is used to protects endpoints - PCs, Macs, tablets, phones. Infrastructure is protected with different products. At the standard level, Sophos protects against malware, ransomware, exploits, and viruses, and offers device encryption, anti-phishing, email protection, and web filtering (you saw this in action when it stopped access to alcohol sites).
For servers, we deploy Intercept X Advanced for Server to protect the physical server and it's hypervisors.
If you wanted to provide intrusion protection and device isolation in the event of an attack, we could deploy the Sophos Firewall to protect against attacks entering your network; deployed via either a physical device or a cloud service.
As corporate security needs grow, Sophos offers higher product levels with more features. For example, Intercept X Advanced with MTR offers proactive 24/7 global threat hunting to guard against threats before they arrive at your door.
And all Sophos products are monitored and managed from a single dashboard, so we can see and manage threats to your business.
Sophos is not just a product for today, but for when your business grows.
Many companies are purchasing cyber security insurance, and these require providers like us to sign-off on IT parts of the business. For these sign-offs we are liable, so we won't provide sign off for anything which we don't manage, or with inadequate coverage.
Should you apply for cyber insurance, you may be subject to carve-outs and increased premiums at the very least, or even denied coverage. For certain business types - finance, medical, for example - these choices are even more important to get right.
As a business owner it’s your right to decide your risk appetite, but as an IT provider we strongly advise against using consumer-grade products as they just do not cut it in the business world. Sophos provides advanced protection now and even better protection in the future, if and when you need it.
So, you've got some staff. Mostly full time, maybe some are part time, maybe even interns. You decide that they have their own computer and you can save some coin by letting them use that instead of company-owned gear.
There are a range of reasons why this is bad business practice. Some technical, some purely business. Here are our top 6.
It may be their gear but it's your data. You have no control over backups, can't decide if a laptop needs to be encrypted, if a firmware password is used, or implement and monitor anti-virus software.
Despite all this it's your operation, business flow, and possible a sizeable ransom which is impacted when a laptop is left on a train, falls into the ocean, or is infected with ransomware.
A staff member’s personal computer is theirs to do with as they want. They can install any piece of software, and inadvertently install malware, which can easily lead to data theft.
Additionally, once they leave you can never be sure that all your client information isn't going directly to your competitors.
No matter what sort of business you run, data loss and theft can lead to high damage to your reputation. From simply being unable to complete work on time as you try to reclaim documents from another location, to being unable to complete work at all due to loss of vital information only on one staff member's personal computer.
If you run a legal practice, a medical practice, or a financial institution the loss or theft of data can have extreme financial and reputational consequences.
With everyone running their own gear and their own apps with their own licensing and their own version of an operating system, there will always be more IT support issues, leading to greater costs to fix the smallest things.
On top of this, without a standard anti-virus application, which stays up-to-date, the unnecessary risks increase. Security patches aren't always applied, and backups are rarely front of mind.
How often do your staff buy new computers? Every couple of years? 5 years? Are they using a hand-me-down computer from 10 years ago?
Their equipment may be underpowered or lacking in storage, and unable to effectively run effectively for the business. Most commonly, home computers are likely to be so poorly maintained as to be costing your staff members hours of lost time every day; time which you end up paying for.
In an increasingly working-from-home world, a valuable tool for business owners is to monitor the effectiveness of their staff.
Are they really working on that proposal, or are they spending two hours a day on Facebook? If the computer they're using is theirs then they will likely object to the installation of activity tracking software, limiting your visibility of their activity, but on your equipment this is less of an issue.
We always encourage our clients to provide their staff with the equipment they need to to their job, and hopefully this article outlines the reasons why we do this. If you'd like to know more please call us on 02 8213 4225 or email email@example.com.
Thousands of Australian businesses have received ransom threats over the past year. As a business owner, you need to ask yourself whether your business could afford to pay a $50,000 ransom to stop your corporate data being deleted? How would you react? How would the loss of money or your files impact your business?
The CyberSecurity and Ransomware landscapes changed significantly from 2018 to 2019, as highlighted by two 2020 reports. The CrowdStrike Global Threat Report 2020 and the 2020 Ransomware Resiliency Report (a cyber security study commissioned by Veritas). together these reports outline concerning changes in ransomware attacks from 2018 to 2019.
Targets now include almost all sectors. Previously, attacks were predominantly targeted towards government bodies and large corporates.
Attacks are focussing less on espionage and more on political disruption and economic gain.
Attackers are targeting people, as computer systems become better defended.Sophisticated scams via email, sms, and fake web sites are attempting to steal credentials.
Ransomware-as-a-service is a thing now; attackers no longer need the smarts to attack you, they just rent the service.
As these trends continue it’s clear that smaller business will increasingly be exposed. 2019 saw ransom demands soar into the millions, with amounts up to US$12.5 million. You business will likely be unable to pay a ransom as high as that, and attackers know this, but attacks of the order of around $50,000 for a small business is easy to envisage.
According to the the 2020 Ransomware Resiliency Report 42% of businesses surveyed had experienced a ransomware attack, with 66% estimating it would take 5 days or more to recover if they didn’t pay the ransom.
Many smaller businesses are choosing to pay the ransom rather that be out of action for 5 or more days. Can your business afford to be at the mercy of ransomware attackers for $12.5 million, unable to to anything until the ransom is paid?
Corporate offices can be secured in multiple ways; from the network firewall and antivirus on computers, to simple communication between staff to avoid suspect activity. Additionally, IT providers were better able to communicate and educate against threats to their clients en-masse.
Working from home breaks almost all of these defences, especially when staff start to use their own devices, leaving businesses more vulnerable than ever.
In Australia we’re lucky, as 75% of so-called malware-free attacks target North America, with only 30% of these extremely effective attacks affecting us here, so there is time to prepare your business and staff for malware-free attacks.
There are a number of ways to protect you and your business.
The first line of defence is to protect your equipment.
The use of anti-malware software (e.g. antivirus) is vital, and locking machines down so that staff can’t inadvertently install malware is also extremely effective. When staff use their own equipment they will (rightly) protest at necessary locks, so it’s extremely important to provide staff with corporate-owned equipment which can be centrally locked, maintained, and monitored.
Policy is the next line of defence.
Policies like password complexity and change frequency, and enforcing the use of multi-factor authentication. Add to this ongoing software maintenance to ensure the latest, most secure versions of operating systems and applications are used. Implement strict policies on where corporate data can be stored and that it must be transmitted securely. The last piece of policy is frequent backups, as they may be your last line.
Limit risk by isolating systems and minimising the overall system count.
The more systems are used the more likely an attacker will find a weakness. It’s also important to keep systems separate; for example, never have your email on the same server as your web site. Use different passwords for different systems, to limit any damage done by an attacker.
With evolving threats, your people are your greatest asset.
Changing the behaviour of your staff is the most difficult and most important part of your security strategy. Educate staff to be aware of suspicious activity and then contact IT departments if in doubt. We have seen numerous examples of how companies have lost money via human error.
If you’d like a security consultation then contact iHelp IT on 02 8213 4225. We take a multi-point approach to securing your environment and business against attacks.
And it costs a lot less than $50,000!
Have you recently purchased a new printer? Excited that it has WiFi direct, even though you're not really sure what it is?
Don't be. It's useless. Here's why.
WiFi direct is a technology which allows your printer to create it's own WiFi network, and it ships with many new printers. Once done, your computer or phone or tablet can connect to that wifi network and print.
Sounds neat, right? Wrong.
The problem with this scenario is that when you connect to the WiFi being offered by the printer, you're no longer connected to the internet. So, unless you don't want to connect to the internet, or are on the road with a physical tether to your phone's 4G or 5G, it's pretty useless. Even in this case a WiFi-enabled printer can connect to your phone's WiFi hotspot, making WiFi direct even less useful
Yet, bizarrely, most printers manufacturers turn this feature on by default, and many people make the mistake of connecting to the printer's wifi, only to realise subsequently that they suddenly can't get emails, search Google, view Netflix, or any of the millions of other things available via the internet.
The solution is simple: turn WiFi Direct OFF.
Over the many years iHelp IT has been around, we've gone through many products and services. Over time we've developed a best-in-breed suite of solutions (hardware, software, and services) which we recommend for small businesses. Our guiding principle is to deliver the best outcome for our clients. Each solution must:
Some IT providers will be a one-stop-shop, typically offering only that which is available from one supplier. This does not align with our guiding principle, as no one supplier offers the best products or services.
In this post I'll go through the solutions we recommend for our clients, and why we've selected them.
Any business must effectively communicate with the outside world. Your web site is often the first thing a potential client sees of your business. If your web site impresses and informs then there is usually a follow up via email or phone call. All these have to work without fail to deliver clients to you.
Over the years Microsoft Exchange has proven itself again and again. It's reliable, universally used, integrates well with other services, and configuring mail client apps is straightforward.
The integration of mail, contacts, calendars, notes, and reminders conveniently brings all this related information under one location. We use Microsoft to host, and never host on-premise. The 50 GB quota offered by Microsoft is plentiful for the vast majority of people.
Unlike cPanel hosting, where your site is one of hundreds or thousands on a server, AWS hosting enables us to host web sites on it's own dedicated server, so sites on AWS are not impacted by other sites' use of resources or attacks on them.
Additionally, the AWS infrastructure is extremely stable, with a 99.99% uptime guarantee. Access to your AWS-hosted site is via security key, which is well beyond the simple password offered by standard web hosting services.
For over 100 years, the telephone has been the #1 way for clients to connect with businesses. There's nothing like connecting with a human voice on the phone, and there's no greater failure than an unanswered phone.
3CX is the recognised leader in PBX telephony with a wide range of business critical features. Our cloud hosted solution has 99.99% uptime, and calls to business are answerable anywhere in the world, so you never miss a call.
Many services are moving inexorably to the cloud, so it may seem logical to conclude that whether you're on a Mac or Windows PC is not as relevant as it once was. This isn't the case. There are significant differences between the two platforms, and an analysis shows why we usually recommend macOS over Windows.
Apple's walled garden approach brings everything in-house. Hardware, software, purchases, repairs, and distribution are all handled directly by Apple. Apple's focus on quality over price results in robust and enduring devices, but at higher prices.
So while Macs having a lower market share, they are much more stable and user-friendly, have few virus or malware threats, and are cleaner and easier to support.
Microsoft largely leaves hardware manufacturer to third parties. Having multiple parties involved in sales, distribution, and repairs means wide availability, but also necessarily results in tech support complexities.
These multiple purchasing options resulting in wide adoption of Windows. That adoption means that most apps are available for Windows, but it also means that so are every virus and malware threat.
While there is an occasional scenario for them, we abandoned on-premise servers some years back, and with more people working remotely - with distributed business becoming the norm - there's no turning back.
Dropbox established itself early in this space with consumers, and reinvented itself with business. The consistent product improvement and clarity of vision of the Dropbox product continues to delight. The comparison of Dropbox and the mix of Microsoft apps and services shows how far ahead Dropbox is for small - medium business.
Better syncing saves HD space & network use
Fewer syncing options
What would happen if one of your staff was diagnosed with the deadly coronavirus? The head of accounts? The star sales performer?
This is the existential threat thousands of small business owners are facing right now. Coronavirus is jumping to new countries daily, and a vaccine is still in the early stages of human testing. Having a vaccine in the lab isn't enough; it'll take time to manufacture, distribute, and administer the vaccine and stop the spread of the virus.
Many people will die before then.
Even though the number of cases in Australia is tiny when compared to other parts of the world, the BBC reports that stock markets have plunged on coronavirus fears, so the likelihood that your business will be at least indirectly impacted is very high.
If you don't believe the coronavirus is a threat, then think again - just this morning the Australian government activated its emergency response plan to the impending coronavirus pandemic.
As a business owner the best thing you can do is prevent the threat affecting your staff in the first place. The second best thing you can do is minimise it's impact.
The World Health Organisation (WHO) lists maintaining social distance in it's top list of things to do to prevent the spread of coronavirus. How do people who work together maintain social distance? They're in the same office, using the same telephones, having lunch together, and touching the same door handles.
Worse... the building elevator is used by a thousand people a day, and tens of thousands are on the same trains and buses as your key personnel.
All of these risk factors are significantly multiplied when we consider that more senior staff are often the oldest. Consequently they're the ones at highest risk, and who's sickness or death would have the most devastating impact on your business.
The solution is to move your business to the cloud as much as possible, and allow your staff to work from home until this passes. No more public transport, infected elevators, and close contact with other staff. You already have your emails and web site hosted in the cloud, and many businesses have moved accounts to the cloud, in the form of Xero, so it's time to make the final jump.
Two big areas remain... file sharing and telephones, and we can move both, quickly and efficiently. Best of all, moving these services to the cloud can usually be done completely remotely.
Dropbox is the business standard for cloud file sharing. It doesn't require an MS Office license, and can be rapidly deployed across a range of devices. With Dropbox for Business, your staff can access the same files from home as in the office, with the same or higher level of security, increased scrutiny, and much more conveniently.
3CX is the premier business telephony VoIP system. 3CX can be implemented on physical handsets or as an app running on your staff's iPhone or Android devices. Your business retains the same phone numbers and gains business-grade telephony features, such as greetings to direct calls, queues to ensure calls are answered by the right staff, hours of operation, voicemails, and call recording for quality control and training.
The next disaster - whether it's a global pandemic, severe flooding, or catastrophic bushfires - could come at any time. Your business needs your staff to keep working, and your staff need your business to stay open.
Contact us today on 1300 469 622 or firstname.lastname@example.org to find out how we can rapidly migrate your business to the cloud, and sidestep the current and future disasters.
A recent visit to the doctor highlighted just how much we rely on electricity, and the importance of backup power and alternatives.
There I was, chuffed that I had rocked up at the doctor’s office at 7:29, a whole minute early for the 7.30 opening. The lights weren’t even on yet. There was only one other person outside the office. “Beauty”, I thought... I’ll get this visit done quickly!
Then a voice comes from inside, attached to waving hands.
“There’s no power”
“There’s no power. It should be back by 8. You’ll have to enter around the back”
Ok. Fine. These things happen. 50 minutes later, still no power. I’m there with 25 of my nearest and dearest medical centre visitors, wondering when this modern necessity would come back.
Without power, the doctor’s can’t turn on his computer to see your records. He can’t print your Medicare form. The staff can’t take your Medicare card. There’s no bloods because it’s not safe to do needles in the dark.
You can’t even go upstairs to pathology as it’s pitch black.
Like many problems, the solution is multi-faceted, and although this occurred in a specific scenario it applies to all businesses.
The first step is to work out what systems or devices will need to run during an outage. Servers, computers, phones, and internet comes to mind. In this particular case refrigerators should be included in the mix.
Everything else can wait for mains to return.
Not every device in the priority category is needed. Yes, the server and internet are needed, but not all phones, and not all computers.
Divide which specific devices need to work even if the power goes out.
In many cases there are workarounds.
Use a laptop instead of a desktop, as they have batteries. Use a portable terminal for taking credit card payments - it’s got a battery too.
Have a 4G hotspot on hand. They are battery powered and will give internet access if it’s needed.
You may not get full functionality but your business will be able to continue as a skeleton.
A UPS (uninterruptible power supply) will give backup power for a while. How long depends on what's being powered. The bigger the UPS and the less devices which reply on it, the longer the run time.
Use a UPS only for the most vital systems - a server and a network switch, for example - to allow some server for the maximum time possible.
If it makes sense and can be done, use a generator for backup power.
Services in the cloud are located in secure, environmentally controlled, power-redundant environments, so it makes sense to switch services to the cloud where possible.
For example, a cloud VoIP PBX will continue to work even if your handsets are offline, with incoming calls directed to a mobile phone.
The best laid plans must be tested. Kill mains power and see what works, and what staff need to do to implement the workarounds.
Does the UPS work? How long will it run the attached equipment? Do calls divert? Can you process credit card payments? Does the 4G internet connect? Can laptops access the internet?
Call iHelp IT for a blackout assessment. We will give you a full report of the impact of a blackout on your business and customers, and what you can do to minimise it.
The wide popularity of mobile devices has seen a significant increase in their use in business, meaning that almost all employees have secure company data – email, Dropbox, internal web sites, even financial information - on their mobile devices. Whether personal or business-owned, this is a business risk.
You can't stop devices being lost or stolen, dropped or drowned, and under normal circumstances you can't force employees to upgrade to the latest iOS for better security, or not install suspicious software.
So, businesses must manage these risks. Enter Mobile Device Management (MDM).
MDM lets businesses control the security of a device (including how data on the device can be used), keep devices up-to-date, configure settings such as wifi, email, and VPN, ensure employees have the apps they need to work, and lock or wipe devices in the event they are lost or stolen.
Controlling restrictions is another very important part of device management. Whether you run a school and want to stop students using FaceTime on their iPads, or you run a business and need to prevent data being copied out of Dropbox for Business; restrictions on both will help your business or institution.
Most companies, however, are slow to introduce an MDM to their operations. As a result, the past decade has seen many costly and embarrassing breaches through mobile devices whether through cyber criminals, misadventure, or treacherous staff
The best MDM solution for Apple devices is JAMF.
JAMF (Just Another Management Framework) comes in 2 flavours; JAMF Pro and JAMF Now, and which you choose depends on your needs and the size of your organization.
Smaller organizations will benefit from JAMF Now's fast deployment and lower cost, while larger organizations will appreciate the breadth of management and flexibility which JAMF Pro offers. Either way, both can manage your Macs, iPhones, and Apple TV devices.
JAMF is the leader in Apple device management, but don't take it from us. When IBM decided to allow their employees to choose whether they wanted a Mac or Windows PC, an overwhelming 30,000 of them chose to use a Mac, and IBM rolled these out at a rate of 1,900 a week using JAMF Pro to deploy.
In 6 months they were all deployed, with minimal effort by IBM's IT department.
Using an MDM to manage your devices is just a part of managing your IT assets and infrastructure. We specialize in Apple Support, with years of field experience with Macs, iPads, iPhones, and Apple TV support and device management.
Our Apple experience is a crucial part of the deployment and management process, enabling your staff to focus on your core business, and outsourcing these tasks eliminates lost time and money related to training your staff, particularly if Apple support and MDM are not their core competencies.
Let us manage the entire process of:
Contact us today to discuss your Device Management needs, and we can also discuss our fixed-price Apple tech support options, enabling companies of all sizes to get the best out of their Apple devices.
When you hear the word "hero" images spring to mind of capes and daring rescue.
Usually a super hero appears during some calamity, often wearing lycra, sometimes in lurid colours, and invariably handsome. These heroes are needed when extraordinary things fail, and are only in the movies.
More realistically, a regularhero might be the fireman who saves you from a burning building, or the little girl who spotted your missing cat 3 doors down from her house, or the off-duty the park ranger who just happens to be driving along the beach after you've (almost) wrecked the family LandCruiser and are in need of 2 spare tyres - which he just happens to have!
Heroes come in all shapes and sizes, and often just in the nick of time.
Wouldn't it be great if the hero turned up well beforeyou got into trouble? Imagine you leave your house and your hero is there waiting for you, telling you that you forgot your wallet beforeyou're at the station waiting for the train, fumbling for your Opal card.
At iHelp IT, we don't wear capes, and we most definitely don't look good in lycra, but we can tell ahead of timeif there are certain problems with your Macs, including your server.
Our iCare managed services product (MSP) includes advanced monitoring, which sends us alerts regarding a range of problems:
We can take action before things get worse and your work is impacted, and well beforeyou lose any data.
iCare is more than monitoring; it's fixing too! iCare includes support for most of the problems your Mac may have, day to day. If you can't print, if your network is down, or your Mac just won't boot! iCare is a complete managed services product (MSP) where we do all the heavy lifting.
So, if your Macs are an essential part of your business, and you rely on Apple and Mac support, then Contact us todayto find out how iCare can save you!
In January this year we started upgrading Mac servers to Mojave, and it's been a challenge for those of us that do Apple Mac tech support for a living.
Apple have been quietly changing their focus away from macOS Server over the last few years. The latest version is missing some vital tools, resulting in server permissions which are hard to setup and maintain.
Okay okay we get it... it's time to move away from on-premise Mac servers altogether. But what's the replacement?
For small businesses, on-premise servers make sense if you're in an industry which requires you to store information in Australia. The legal and medical industries immediately spring to mind. Additionally, businesses which have very large data files (video editing, for example) may be good candidates for on-premise servers.
There used to be clear niche-use cases where an on-premise Windows Server or a Synology NAS made sense. Features like Active Directory, virtualisation, or remote desktop services. Stuff you may not even know you use - and all of which are now available via cloud services.
But apart from all that... The biggest reasons to move away from on-premise servers are that they suffer from three intractable, fundamental problems:
All that money and nothing transformative to show for it.
Most businesses aren't constricted to on-premise servers, so a cloud option is far more effective. There are no up-front hardware costs, VPN is a thing of the past, and you don't have to worry about future growth.
Unlike regular file servers, Dropbox for Business integrates tightly with Macs, Windows PCs, and mobile platforms like iOS and Android.
Most of all, moving to a cloud service like Dropbox means you can work and collaborate with colleagues and contractors in ways which simply aren't possible with on-premise servers. This can have an immensely significant positive impact on the way you work.
Let's look at a couple of scenarios where Dropbox can transform your business.
At Maggie's school, all homework assignments are handed in online.
Each class has it's own folder, and each folder has a subfolder for each assignment. Students are given a link for each assignment, which lets them drop their work in. No student can see anyone else's assignment once inside, and no submissions are allowed after the deadline.
Teachers can then collect and grade all assignments online, saving time and paper.
Susan's 11 staff are mostly in one office, except for Alan and Louise, reps who are on the road.
The office workers and reps all need access to the company files needed to do their job. With Dropbox for business, the reps have the documents they need on their laptops and iPads, all the time without any complex VPN. Moreover, they don't need to bother their colleagues to "send the latest version".
And if a device is lost, company data can be quickly removed.
Tom runs a building company, typically working on 3-5 projects at a time. Each project has it's architect, plans, and contractors.
Dropbox lets Tom silo each project into it's own team folder, inviting workers as he needs them. There's no emailing documents around, no time lost just to keep people in the loop, and no mistakes due to old plans.
As each party's work is done, Tom removes them from the team, which deletes the project documents from their devices.