Protecting your IT when employees leave in difficult circumstances

So it didn’t work with your newest employee, in fact it didn’t work out would be an understatement…they left under quite a cloud! 

A recent Symantec study states that “half of the employees who left or lost their jobs in the last 12 months kept confidential corporate data and 40 percent plan to use it in their new jobs.”

  • You’ve got the work laptop/computer back, but have they deleted things?
  • How do you know what they were doing and looking at before they left?
  • They used their own devices for work, do they still have their work material?

What to do when employees don’t leave on the best terms

The vast majority of staff finish employment and move on with no issues. But occasionally people leave in less harmonious circumstances, or they are just plain dishonest. We’d like to cover off on some of the basics to ensure that your risks are minimised for if, or when, this happens to you.

Importantly, it makes a big difference what systems you use and how you are set up, so keep that in mind. For the purposes of this simple article, we assume you are a small to medium kiwi business, with a fairly simple IT setup, using one of the lower-level Microsoft 365 licences for your email document storage and sharing.

Set up the employee properly when they join and have proper security

To get the best outcome when an employee leaves you need to start when they join the company. 

Practice ‘need to know’ access to systems and data:

  • People only get access to what they need for their job
  • This includes ensuring your work, documents, emails, etc are protected by permissions appropriate to the user. If they don’t need access, they don’t get it!

Set up an off-boarding system

The obvious (we don’t want to tell you how to suck eggs with your HR, but people sometimes don’t do these things, or forget) things to do when the person leaves:

  • You probably have an induction process when someone joins, but do you have an off-boarding process for when people leave? 
  • Ensure the off-boarding process is promptly followed. 
  • Ensure the off-boarding is responsive enough to handle an employee disappearing at no, or very little, notice.
  • Promptly close off email and other systems access.
  • Promptly close off remote access.
  • Take back company owned devices.
  • Ask specifically if there is any company data in their possession and if so, make a plan with them for retrieving it.

 The not so obvious things

Of course IT being the mysterious being it is to most of us you might not consider the less obvious things to do:

  • Don’t let people use personal devices for company work – give them the tools they need, and ensure those devices are properly set up by your IT.
  • Setup your business so that ALL work data/information is only ever stored in company systems. Do not allow people to save work anywhere else. Make sure they have a company owned folder they can save drafts and working documents to, if this is needed.
  • Have remote wipe enabled, meaning you can remotely wipe the data from any devices they have accessed. The next time they connect to the Internet, the data is wiped.
  • Review activity logs; these are detailed, but can give you a picture of what the person was up to.
  • If they delete emails or files, systems like 365 and Dropbox Business keep files for a ‘retention’ period and during this time you can restore them.
  • Use a company password manager such as LastPass so that people actually don’t know their passwords, so if they leave you (or your IT support) remove their access and they can’t get into anything.

Use technology to protect your organisation

If you are on a lower level 365 licence, such as Exchange Online, Business Basic or Business Standard, then talk to your ITA partner about the benefits and costs of moving to a higher licence with more security features such as 365 Business Premium. For example, configure 365 to prevent bulk downloading of company data, etc.

In summary

Put in place protections now, so that you have them there before you have a problem. Once the person has left, it is often too late. In general, these suggestions are a good place to start with ensuring your business is protected. 

If you need a hand with any of these steps get in touch with our team at Ultra IT.

Routers = Security + Speed….

More then just that flashing box, lighting up like a disco in the corner of the room, routers play a particularly vital role in keeping your business safe, and your data secure, as well as creating efficient, and safe remote working conditions.

Here we look at the role of the router, and what you can do to ensure you have the right one for your business.

Think of your router like an important Traffic Officer only allowing approved content in and out of your business.

The difference between an entry level router and a higher quality router, that we can provide is a lot. Sometimes it pays to think outside the box, and not just take the router provided for free in the box.

Top reasons why you need a good quality Router:

  • Determines the speed with which your internet will work.
  • Speed determines the productively of remote workers.
  • A good quality router means that multiple people can work remotely at once.
  • Ensures you can connect to the office remotely.
  • Controls what sites are allowed to be accessed during work hours.
  • Allowing access to other content to protect data loss from staff.
  • Adding additional security features from software such as intrusion protection.
  • Prevention from attacks like denial-of-service attack, designed to cripple your router, or make it just give up and let hackers in.
  • Keeps your business safe from Cyber-attacks
  • Ensures that accidental clicks from staff on content does not cause a security issue.

Security and Routers:

When it comes to security, it is a good idea to take preventative measures. This is where the best secure routers come in, and where we can help you a lot with the right IT hardware. A router with built-in security controls and services that monitor your network around the clock is going to save you a lot of potential headaches. With your router protecting your area of coverage, your devices and your network safe.

SECURITY TIP

“You must always change the factory default password for the router and ensure that the firewall and other security features are in fact enabled”.

Ever been confused by the codes that come up when you go to log in to your network?

WPA2 and AES are the best settings to secure your Wi-Fi from hackers. Remember that if a hacker is able to breach your network, they could steal important information, like bank details, or even your identity.

We strongly suggest against using an open network. An open network means you won’t have a password, so anyone can have access to your Wi-Fi and all of your devices.

Make sure to apply WPA2 to your router for improved protection of your online information.

In Conclusion:

Routers can be complex and can create harmony or havoc depending on the route you choose to follow. Buying a router with the highest security is crucial to protect your network.

Remote working conditions are the new normal, which means that many of us may need to upgrade our home routers too.

By speaking to our team, you could find quick connectivity and security gains with an upgraded router. In the end this can save a lot of time and money, as well as keeping your business safe.

The Risk of Abandoned Domain names

One of the first things we all do is business owners is ponder our business name and what our domain name will be.

As our business evolves, sometimes we upgrade our business name, and our website. However, before you abandon your old website there are a few things that you need to know.

When you set up your Web presence, you select a domain name, and it’s part of all your URLs (FYI: URL stands for uniform resource locator).

For example, you are an accountant who specialises in small businesses in Whangarei, so you pick the domain name beancounter.co.nz for your business. Your emails come from Chiefbeancounter@beancounter.co.nz. From there you start building web traffic for your thriving accountancy firm.

You may even think ahead and purchase some similar domain names such as beancounter.com, or some similar names to redirect traffic and avoid losing customers to misspellings or typos.

The domain name is the basis of your business and is the foundation from where you grow. As you build the business, you may expand to new offerings and provide additional services that are beyond the scope of what you started with. For example, maybe you now also offer business counsulting so you need a more generic and umbrella type of term.

Before you abandon your old domain name  – WAIT!

Why domain names get abandoned:

  • If you have multiple domains, that can be a lot of small renewals to track and pay. Along the way, a domain renewal can easily get overlooked. So, the domain name is abandoned.
  • Domain names can also get abandoned as a result of a business rebranding or company restructuring.
  • You may decide a domain is no longer worth continued renewals.

The security risk of abandoning a domain name:

 After you stop paying for your domain name and after a certain grace period, anyone can buy that abandoned domain name.

Whilst on the face of it that doesn’t sound that bad, I mean you’ve moved on from just being a bean counter and you want to expand. You didn’t want that old domain anymore…right?

Heres the problem, you just don’t know who might snatch up your old online calling card. Bad actors buy up abandoned domain names and re-register them with catch-all emails.

What’s a catch-all email? Well, remember Cheifbeancounter@beancounter.co.nz? That was you. But maybe you also had distinct emails for accounts, sales, support, office, Mary and James. All of these were going through Beancounter.co.nz.  If someone emails someone at the previous domain owner’s business, it goes instead to the new owner. Having seized control of your old site, they gain access to all incoming emails, and they could see information you don’t want them to see.

The bad actor could also access online services once used by mary@beancounter.co.nz. All they would need to do is reset the password to hijack that account.

Security researchers have seen criminals claim abandoned domains to:

  • access confidential email correspondence;
  • access personal information of former clients and current or former employees;
  • hijack personal user accounts (e.g. LinkedIn, Facebook, etc.) linked to old domain e-mail addresses.

What to do with domain names:

Especially if you use a domain name for email, don’t let the renewal expire. We didn’t even mention pirates who look for business websites that have lapsed so they can charge exorbitant ransoms to return that domain.

When you move to a new domain address, communicate the change with all your clients and vendors. Close any cloud-based user accounts registered with the old domain email address. Also, unsubscribe from email notifications that might share sensitive data.

What to do next:

Not sure about your domain name registrations, renewals, and what’s set to expire? We can help you with this. We will make sure you don’t abandon domain names, and ensure you close any associated accounts properly to protect your security. Contact our team here.

The Christmas IT Checklist

2021 may be the Christmas that we all collectively exhale and exclaim “Thank goodness this year is over”.

However, before you rush out the office door for Christmas time, mistletoe and wine, here are a few quick IT tips, to ensure you have a relaxing break.  

Every season you’re going to need good support from IT professionals. Keep your technology in tip top shape, and you’ll have a happier holiday season. A few preparations before leaving for Christmas holidays, will ensure a relaxing time for all. Here we help you with a quick check list:

Staffing and training:

Have you got your organization covered over the Christmas and New Year period? While everyone rushes off, it pays to ensure that your organization has adequate staffing levels, and/or availability of key resources. 

If you are working on a skeleton staff, make sure that there is a backup contact in case of any information security or cyber incident. Also make sure that the staff running the show, actually know what they are doing! Many a security event has happened when staff are not adequately trained.


Business Continuity Plan:

This is also a good time to review your company’s disaster recovery/business continuity plans, to ensure they cover these scenarios:

  • Contact information for key people e.g. staff, suppliers, authorities, couriers, support.
  • Clear descriptions of responsibilities for individuals
  • Making important information readily available such as alarm codes, building access codes, passwords.
  • Have passwords and codes changed and has your plan been updated to reflect this?
  • A process for communicating important messages to your customers

Out of Office on:

Nothing irritates customers more then not getting a quick reply. Be sure to communicate your office hours clearly to your customer, along with clear back up contact numbers.

Start telling customers your availability as soon as possible. Communicate it via as many avenues as possible:

  • Social Media.
  • Email communication.
  • Invoices.
  • Posters.
  • Ensure customers receive clear contact details, back up numbers, email contacts and clarity around dates.
  • Make sure your Email out of office is switched on (possibly for external emails only), and your message is clear.
  • Add a temporary message to your mobile phone so you are not disturbed.
  • If you run social media accounts, consider archiving them for a few weeks so that you don’t have to ruin your summer monitoring social media.

Update and upgrade IT

If Christmas is a busy time for you, ensure that your technology can handle more traffic. Review system integrations to make sure front-and back-ends can communicate smoothly. Identify any issues or bottlenecks in advance to be able to upgrade or update any IT that needs help.

If you do need major IT upgrades or system changes, postpone them until after the holidays. Don’t mess with what works right now if you don’t have to do so.

Safeguard business data

Unfortunately, cyber criminals don’t seem to take a holiday. In fact, holiday season is a ripe time for cyber-attacks, as people are distracted.

In 2020, the greatest number of daily attacks in the last quarter of the year were on December 31.

Make sure you are protecting systems, detecting threats, and defending against attacks. A security assessment can help determine what you are doing well and could be doing better. Please contact your Ultra IT team member to discuss your specific concerns.

Social Media

Beware what you share!

Whilst social media is a great tool to share holidays snaps, it pays to remember Social media can be difficult to keep these connections private, with a potential audience of…um… the entire world! The impact on the privacy of your devices, your sensitive information and even your personal security plays as a key disadvantage of social networking.

There is an abundance of fake accounts, trolls and fraudsters online, who seek to obtain and collect your personal information for possible criminal activity. Be strict with your privacy settings and be vigilant of the things you post. Avoid accidentally sharing information that could hint at:

  • Login Details – email addresses, usernames and passwords. For example, potential answers to security questions ‘What was your first pets name”
  • Promoting that you’re out whilst your house/workplace is unoccupied

In conclusion…..

If it is a slow time in your office, it can also be an ideal time to clear out old data and perform maintenance on PC’s such as clean the dust, move old data, and clean up user information. Take a break!

Some people will be working over the Christmas and New Year period, and if you are we’d like to THANK YOU for keeping the country running and services/goods flowing!

But for those of us who are taking a break – PLEASE – make sure you do get to switch off and have a real break away from your business / mahi. We all need to switch off for a while every year. Be well, stay healthy and return ready for an awesome 2022!

Plan to refresh your IT/Online strategy

Things are moving so fast, and IT/online technologies are moving faster. What opportunities can you create, or gaps can you plug, with a smart IT/online strategy?

Ponder on this and give us a call in the new year to discuss how information, communication and online technologies can serve you. The team at Ultra IT wish you a happy Christmas and a wonderful New Year.

Seven Bonuses for Small Business in Office 365

You’ve probably seen all the ads for Office 365. They’re popping up on your desktop, your employees are sending you meaningful looks, and clearly, it’s not going away. You’ve probably even jumped online to see what all the fuss is about. But is Office 365 a necessary upgrade for your small to medium Northland business? The answer is YES. Office 365 is more than a refreshed set of tools, it’s an efficiency and productivity powerhouse. Here are 7 spot-on reasons why small business owners should upgrade now.

#1. Data security is built in

Office 365 was created with data security at its core. The built-in compliance and security protocols mean your cloud storage is safe, and you can control access so your valuable data remains exactly where you want it. Storing your data in the 365 cloud keeps it safe in case of emergency, with 1TB of storage per user included at no extra cost.

#2. Ditch the licensing drama

Software version differences can be a real nightmare in a small office. Not every system can do the same things, and half the time, they can’t even open the same files. It quickly becomes a hodge-podge of workarounds and lost time. Office 365 includes site-wide licenses with upgrades at the same time.

#3. Mail storage for real people

Not everyone lives in the land of inbox zero. In fact, most people tend to leave messages in their inbox forever. Occasionally we’ll do a quick clean up, but only when the alert comes in that the mailbox is full. Meanwhile, new emails from customers may be bouncing away with the old ‘mailbox full’ message. Eek! In Office 365, your employees can communicate without worrying about storage space.

#4. Better time management

Every person in your business is juggling meetings, emails and contacts – usually across multiple platforms. Office 365 brings all those elements together, integrating seamlessly for more efficient time management. Contacts updated via mobile while offsite are automatically updated across all connected devices. Meetings scheduled in an email are added instantly to the calendar. You can even access files from any device, edit on the run and then back in the office, simply pick up where you left off.

#5. Predictable costs

Forget about planning (and delaying) those costly upgrades. Office 365 has small business covered. You can choose a plan based on your unique needs and change at any time. You can even add or decrease the number of users as you scale and streamline. It’s so easy to fit Office 365 into your monthly budget while knowing you’ve got the very best and latest in small business software.

#6. Work on the go

The days of fiddling with private network and security settings are over, thanks to Office 365. You don’t even need any special IT skills or extra software. Users can now securely access their files from home, during their commute, or in meetings for on-the-fly impressive presentations. Got an internet connection? That’s all they’ll need to squeeze productivity out of every day

#7. Stay up and running with no downtime

A whopping 25% of small businesses shut down permanently after flood, fire, crash or cyber-attack. With Office 365, all your data is stored in the cloud with built-in backups for redundancy. No matter what happens, your data will be there, letting you stay up and running – and always ahead of the pack.

We can help you to find out more about Office 365 and how it can best suit your business needs. To find out more about this and other IT issues please call us or email us here to book a 1:1 free, no obligation appointment.

 

What Is Shadow IT, and Why Is It an Issue?

An old-time radio show used to start with the promise “The Shadow knows!” Yet when it comes to shadow IT, the problem is the exact opposite. Shadow IT is the stuff Northland employees download onto a business system that IT doesn’t know about, and it can be a big problem.

You may have an IT policy telling employees not to download unsanctioned applications, but they want to boost their productivity, or perhaps they prefer to work with an app they already know and love. So, they get a tool or service that meets their needs without telling IT.

The employee may have the best of intentions. They want to work better for your business. They don’t see the harm in adding that convenient app to their computer. Or they don’t think it’s a big deal to use their own device to complete their work (even if unsanctioned). Maybe they want to be efficient, so they use a personal email account to conduct your business.

Any of these examples are part of Shadow IT, and it’s running rampant. In Frost & Sullivan research, 80% of employees admitted they had used non-approved software. Even 83% of IT workers were using non-vetted Software as a Service (SaaS) applications. So, what’s the big deal? We’ll cover that next.

The Potential Pitfalls with Shadow IT

First, if your business is in a regulated industry, Shadow IT could put you at risk of noncompliance. That unsanctioned device may not be encrypted. Sharing business data over a personal email would be a big no-no in a healthcare or banking space. Shadow IT certainly undermines audit accountability.

It can also drive up IT costs. Say accounting doesn’t know that the business has already paid to use certain software. So, they pay for it again out of their own budget.

If IT is unaware of the Shadow applications or devices, they can’t manage the vulnerabilities. The business doesn’t know customer data or personal identification information about employees is at risk.

And there is greater threat of a data breach or ransomware attack. Employees downloading a third-party app could inadvertently give a hacker access to your network.

Additionally, the business risks losing productivity. The work someone does on a shadow app, for example, could be lost to the company if that employee moves on. IT wouldn’t have access to that account to retrieve the information or files. They don’t even know it is out there on that unknown app or device.

Shine a Light on Shadow IT

Because this IT lingers in the shadows, it can be challenging to coral. Still, there are several steps you can take.

# 1 Educate employees about cyber policies.

Create and communicate acceptable use guidelines, and make sure your workers know what your policies are regarding:

  • SaaS downloads;
  • use of personal devices (e.g. mobile phones, laptops, USB flash drives, portable data storage devices);
  • emailing from personal accounts or using messaging apps;
  • online document sharing;
  • online voice or meeting technology.

Establish clear information classifications distinguishing between public, private, and confidential data. This can help employees recognize they are putting important data at risk when they disregard use policies. For further information Read our blog about Six steps to protect customer data here.

#2 Do a dive to discover Shadow IT.

IT needs to get to know what technology is in use at the business (both on- and off-site). This is more challenging now with people working from home due to COVID-19. Still, a survey of employees and their devices can help gather information about unknowns.

#3 Determine the value of IT discovered.

Don’t overreact. You don’t want to necessarily ban all Shadow IT that you discover. Some of the services could have value. Vet the applications or devices found or reported. Review their connection to private or confidential data or essential network systems. If several employees use an unsanctioned app, you may want to invest in it. With a professional version, your IT team can safely manage the app.

# 4 Deliver the IT your people need.

Why are people circumventing your IT policies? Are they are under pressure? Are they are looking to meet an unmet need? Are they are more comfortable with a familiar app or device? It’s important to understand what the employee is aiming to accomplish or why they’ve turned to shadow IT. This can help you identify IT needs and areas where you need to improve.

Shadow IT is data or applications that are outside your business protection. IT can only watch what it knows about. Shadow IT is unsafe and unpredictable.

Every business is different. It’s always best to chat to a IT Professional about your business needs first. To find out more about Shadow IT, and other IT issues please call us or email us here to book a 1:1 free, no obligation appointment.

5 Red Flags of Phishing Emails for Northland companies: Think Before You Click

Phishing emails in Northland Companies are on the rise. These can be the difference between maintaining data security and suffering massive financial losses.

From the moment just one employee takes the bait in a phishing email, your business is vulnerable to data breaches and
extensive downtime.


Quickly spot the red flags and put phishing emails where they belong:

Poor spelling and grammar


While occasional typos happen to even the best of us, an email filled with errors is a clear warning sign.
Most companies push their campaigns through multiple review stages where errors are blitzed and
language is refined. Unlikely errors throughout the entire message indicate that the same level of care
was not taken, and therefore the message is likely fraudulent.

An offer too good to be true


Free items or a lottery win sure sound great, but when the offer comes out of nowhere and with no catch? There’s definitely cause for concern. Take care not to get carried away and click without
investigating deeper.

Random sender who knows too much


Phishing has advanced in recent years to include ‘spear phishing’, which is an email or offer designed
especially for your business. Culprits take details from your public channels, such as a recent function or
award, and then use it against you. The only clues? The sender is unknown – they weren’t at the event
or involved in any way. Take a moment to see if their story checks out. Here are some more tips on Cybersecurity

The URL or email address is not quite right


One of the most effective techniques used in phishing emails is to use domains which sound almost
right. For example, [microsoft.info.com] or [pay-pal.com]
Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is
completely different from the link text, send that email to the bin.

It asks for personal, financial, or business details


Alarm bells should ring loudly when a message contains a request for personal, business or financial
information. If you believe there may be a genuine issue, you can initiate a check using established,
trusted channels.


While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and
solid anti-virus system provide peace of mind that your Northland business has the best protection
available.
Here are some tips to protect your customer data too.


If you would like to make sure your business is secure from data breaches, reach out
on support@ultrait.nz