Cyber Security – What you need to know!

By Paul Caldwell – Microsoft Security BDM 

What should I be doing to secure my business? 

One of the first things about Security is realizing that security is much more than stopping people “hacking in”. 

It is fundamental to any business to have a business continuity plan (BCP). If you plan for a power outage what happens? Your IT systems will be down.  

Can I use the same plan if an outage occurs to my IT systems and it’s not a power problem?  

Security is the foundation of resilience. 

The hardest part about security is getting started. Often, it’s on the “to do list” until it’s too late.  

Hopefully you have already talked to your IT partner and had the security business continuity conversation.

If not “What should I do first” is a common question? Rather than recommend one single thing, the answer should be – “Have a plan”  

So, what does your plan need to cover? 

  • Firstly, look at any existing business continuity plan. Is it up to date has it been tested? 
  • Look at not just the worst case but also the best case and know that when an incident occurs it will lie somewhere in
  • Most importantly have a plan, know what to do and who to call. 
  • Understand your risks and apportion the appropriate resources to minimize those risks.
  • Make the plan proactive. Be a fence at the top of the cliff and don’t rely on an ambulance at the bottom. 
  • Prevent rather than recover.
  • Inventory is a crucial starting point of any plan. What equipment do you have? what software do you have? What data do you have?
  • Then look at where are the biggest risks. Is there a single point of failure?

Look at your plan as being a holistic business continuity plan, that is a living document. Continually revisit, update, fire drill, and improve.  

Many of the incidents we see disrupt business are due to poor Cyber hygiene not some advanced nation state hack.  

Do the following to enhance your security: 

  1. Keep the software for your devices and applications up to date.
  2. Access? How do I verify my user is in fact who I think they are? Is MFA (Multi factor authentication) on!!!
  3. What information do I have? Where is it stored? Who has access?
  4. What are my essential services?
  5. What are the financial implications of these risks?
  6. What are my obligations to customers, employees, and shareholders?
  7. If I was breached, how would I know and when?
  8. Am I running Microsoft 365 Business Premium?

Can my staff trust that the Cyber workplace is as safe and secure as possible? If it is, you will see productivity and creativity flourish, staff retention rises as well as the ability to recruit new staff. 

“She’ll be right” –  Is not a plan! “No surprises” is a plan. 

For further advice, contact us here to discuss creating a plan for your business.  

The Risk of Abandoned Domain names

One of the first things we all do is business owners is ponder our business name and what our domain name will be.

As our business evolves, sometimes we upgrade our business name, and our website. However, before you abandon your old website there are a few things that you need to know.

When you set up your Web presence, you select a domain name, and it’s part of all your URLs (FYI: URL stands for uniform resource locator).

For example, you are an accountant who specialises in small businesses in Whangarei, so you pick the domain name beancounter.co.nz for your business. Your emails come from Chiefbeancounter@beancounter.co.nz. From there you start building web traffic for your thriving accountancy firm.

You may even think ahead and purchase some similar domain names such as beancounter.com, or some similar names to redirect traffic and avoid losing customers to misspellings or typos.

The domain name is the basis of your business and is the foundation from where you grow. As you build the business, you may expand to new offerings and provide additional services that are beyond the scope of what you started with. For example, maybe you now also offer business counsulting so you need a more generic and umbrella type of term.

Before you abandon your old domain name  – WAIT!

Why domain names get abandoned:

  • If you have multiple domains, that can be a lot of small renewals to track and pay. Along the way, a domain renewal can easily get overlooked. So, the domain name is abandoned.
  • Domain names can also get abandoned as a result of a business rebranding or company restructuring.
  • You may decide a domain is no longer worth continued renewals.

The security risk of abandoning a domain name:

 After you stop paying for your domain name and after a certain grace period, anyone can buy that abandoned domain name.

Whilst on the face of it that doesn’t sound that bad, I mean you’ve moved on from just being a bean counter and you want to expand. You didn’t want that old domain anymore…right?

Heres the problem, you just don’t know who might snatch up your old online calling card. Bad actors buy up abandoned domain names and re-register them with catch-all emails.

What’s a catch-all email? Well, remember Cheifbeancounter@beancounter.co.nz? That was you. But maybe you also had distinct emails for accounts, sales, support, office, Mary and James. All of these were going through Beancounter.co.nz.  If someone emails someone at the previous domain owner’s business, it goes instead to the new owner. Having seized control of your old site, they gain access to all incoming emails, and they could see information you don’t want them to see.

The bad actor could also access online services once used by mary@beancounter.co.nz. All they would need to do is reset the password to hijack that account.

Security researchers have seen criminals claim abandoned domains to:

  • access confidential email correspondence;
  • access personal information of former clients and current or former employees;
  • hijack personal user accounts (e.g. LinkedIn, Facebook, etc.) linked to old domain e-mail addresses.

What to do with domain names:

Especially if you use a domain name for email, don’t let the renewal expire. We didn’t even mention pirates who look for business websites that have lapsed so they can charge exorbitant ransoms to return that domain.

When you move to a new domain address, communicate the change with all your clients and vendors. Close any cloud-based user accounts registered with the old domain email address. Also, unsubscribe from email notifications that might share sensitive data.

What to do next:

Not sure about your domain name registrations, renewals, and what’s set to expire? We can help you with this. We will make sure you don’t abandon domain names, and ensure you close any associated accounts properly to protect your security. Contact our team here.

Why you need a Password Management system

Why is a Password Management system important for Northland businesses?

With the increased need for security, and rising Cyber Security threats, it is imperative that all businesses in Northland have a strong password management system.

80% of data breaches are caused by weak, reused or stolen passwords

A password management system is able to store encrypted passwords online, making digital security accessible and simple for businesses to manage the passwords for all employees.  

In today’s world, most Northland businesses have dozens or even hundreds of passwords for different employees with different accounts, profiles, and applications.

#1. Generate secure, fool-proof passwords

With 80% of all data breaches happening because of weak passwords, having a password management system is crucial.

If you want to ensure your data safety, you must use complex passwords that include a combination of letters, numbers, symbols, and uppercase/lowercase.

A password management system will automatically generate fool-proof passwords based on your specification. This ensures you always create extremely secure passwords, thus avoiding hacks.

This also prevents your employees using generic and basic passwords such as their dogs name, or date of birth, and lets the password management system create a unique password that has all of the factors required for high security, including symbols, upper and lower case, numbers.

Let’s face it, it is much harder to hack KiUR&*!RTQ then it is Snoopy1222!

#2. Eliminate employee password reuse:

With a password management system, passwords are automatically updated and renewed with the integrated. This ensures employees practice good password hygiene.

#3. Manage passwords from one place:

There is nothing worse than trying to keep tabs on every employee’s passwords. When a staff member is on leave, the last thing you want to do is try and find the post-it note they left with the login details.

Similarly, if a disgruntled employee leaves and takes their passwords, this can create an unnecessary headache.

With a password management system, you can easily give every user their own personalized vault, while maintaining oversight of all passwords with an admin dashboard.

#4. Protect your sensitive data:

Keep everyone’s credentials, notes, and information safe using the password management system.

#5. Admin functions make managing passwords a breeze:

Have multiple employees working on a particular app? No problem. With a good password management system, you can securely share credentials where employees and clients require access and organize shared credentials by Groups.

Admin functions may include (depending on the system you use):

  • Instantly add and remove team members.
  • Safely share passwords with others.
  • Give each employee their own vault for safeguarding passwords.
  • Store digital records: WiFi logins, software licenses, employee IDs, and more.
  • Set security controls and restrictions based on your team’s needs.

#6. Notification of a data breach

A password management system will constantly monitor all of your email addresses and sends instant alerts whenever it suspects that your data has been compromised. This allows you to act promptly and change all the necessary passwords, thereby preventing your information from being used by hackers and identity thieves.

#7. Multifactor authentication for employees

Another feature available in most password systems is that is multifactor authentication. This provides a second layer of security to verify the user’s login, usually in the form of fingerprint verification, one-tap mobile notifications, SMS codes, etc. This can be used to ensure the highest levels of security in businesses.

Which password management system is right for you?

There are a number of password management systems available. Finding one that is easy for your team to use, economical and with a long track record is imperative. To find out more information about which system is right for you, please contact us here.

Top IT Tips for 2022

Top IT Tips for 2022

A New Year is a definitely a chance to kick things off the way you mean to go on.

For Northland businesses, we have compiled some key IT tips that can help your business to thrive.

#1. The Remote mobile working office is here to stay:

If Covid has taught us all one thing, it is the need for flexibility around how we work. Agility is fast becoming one of the key differentiators of a business’s success. Creating easy ways for your team to communicate by enabling an all-in-one solution for communication, collaboration, will ensure that you stay connected and productive.

#2. Security, security, security!

We know we say it all the time, but Cyber threats aren’t going anywhere. Keep the focus on security in 2022, as every business, no matter the size is at risk. Don’t risk losing time and money to a data breach or ransomware, instead talk to your IT company about the following:

  • Getting a cybersecurity audit done.
  • Securing all email.
  • Have notifications for remote workers to know when they are connecting to unsafe networks.
  • Put a disaster recovery plan in place.
  • Ensure backups of all data are secure.
  • Implement a password management system.
  • Prohibit third-party apps on work devices.

#3. Make sure I.T is in the 2022 budget

In this era, I.T is an area where you don’t want to be taking shortcuts. Budgeting for your I.T is a wise move to ensure that you have continuously upgraded internet access, software and hardware upgrades as required. Unreliable internet service can cause downtime that has a run on effect with productivity, and can even lose your business valuable clients. Skimping on your I.T budget can lead to much bigger costs further down the road.

#4. Safe and Professional Email addresses

This might sound basic, but if you haven’t already shifted to a professional email, 2022 is the time to do this. Using a gmail account or similar doesn’t make a professional first impression, and more importantly is a security risk. We can easily help you to upgrade to reliable business-grade emails. Our team at Ultra IT can easily help you to navigate this.

#5. Audit your Equipment

Taking time to do an audit of your current technology, and how it is performing can identify any potential problems and streamline processes. There are still some supply issues with computer hardware, so make sure you are aware of what your business is likely to need in 2022, including any new employees, plus upgraded equipment, so you can plan ahead. If you can give us as much notice as possible, we can make sure that we do our best to source what you require.

#6. Partner up with a managed service provider

Now is also a good time to hire a managed service provider. Partnering with an IT professional helps you make good technology decisions that can ultimately save you a lot of money. Getting advice from industry experts who understand the increasingly complex world of technology, security, and optimizing IT resources is an investment that ends up being a lot more economical then having the ambulance at the bottom of the hill.

Don’t worry if all of this feels overwhelming, our team at Ultra IT can offer you many options to help you have a stress free year with IT in 2022. If you would like further information, please feel free to contact us here.

The Data Protection Solution

Data Protection Solution Northland

If you are a health practitioner, accountant, lawyer, marketer, or you deal with client’s sensitive information on a daily basis, its really important to have a very clear understanding of how, as a [location] business, you are going to keep your client’s information safe. With so many warnings that cybersecurity is on the rise, it’s really important for [location] business to have this part of their IT support sorted with confidence.

Continue reading