Kevin Spanner - Sensible Business Solutions

The purpose of a password is to protect sensitive data from unauthorised access.

For a long time, to keep up this protective layer, we have advocated that employees create ever more complex passwords and change them even more often.

This is now wrong ! What’s the point of a password system if it makes employees lives even more complex and it doesn’t even properly provide protection any more? Most current password practices were designed for a different age and are no longer fit for purpose. One enormous lesson that the COVID pandemic has taught us, is that the work environment is now totally different :

Systems and data only used to be accessible in a single office, on a single device, on a single network, where we could easily identify the trusted people.
1. Now, many (unseen) people can now work on many (known and unknown) devices on many networks on many different systems at many locations – How do you know what to trust?
Cybercrime is now super-industrialised which means old defences are easily and cheaply beaten. Bad actors can easily be profitable targeting individuals, let alone small businesses.
1. Attacks will happen – so you need to contain and limit the spread and damage that will occur.

However, Human Nature is unchanged:

The more rules and complexities and changes you introduce , the more people will try to find an easy way around them.

Use the same passwords for every system – once known, access everything!
Predictable changes in passwords (e.g. !Password1 just changes to !Password2, etc.)
Use the same special characters all the time ( ! at start / end, $” for “s”, “@” for “a,” “1” for “l”, etc.)

The new Best Practice Password System:

Introduce 2-Factor Authentication for all systems (e.g. a separate notification on your smartphone to make sure it’s you).
Passwords should be a small phrase (not a single word) that contain no personal information and are easy to remember – e.g. the first few words of your favourite song.
Use a password management system so you can easily have different passwords for every system and not have to remember them.
Introduce risk-based protection / analysis
1. Automatically Report/ Block any logins from locations you will never travel.
2. Automatically Restrict what unknown devices can do with your data – e.g. if its unmanaged, don’t allow edits / downloads, etc.

If you do this, then:

Passwords can stay small – around 8 characters in length
Passwords rarely need changing at all (every 12 months or only if a breach is suspected)

Even better, with the right computer equipment, you can now even get rid of passwords all together when using a trusted device. Your employees will really appreciate the difference and your security will now actually work !

If you need help , feel free to give us a call; we’re happy to lend our expertise to your organisation.

All businesses worry about data security, and those that must meet compliance requirements even more so. It can be overwhelming to read through the articles and ads, warning that a single data breach could both financially cripple your business and ruin your reputation. With a significant rise in the frequency and sophistication of cyberattacks, now is a better time than ever to get secure.

As a business leader, your problem isn’t a lack of awareness of threats, but a lack of resources to help get secure and stay compliant. We recommend working with an IT provider and adopting a security-first mindset- ingraining cybersecurity methodologies into your business strategy.

What is a security-first mindset?

Having a security-fist mindset means you consider the security implication of every decision. Security becomes top of mind and your first question when evaluating a decision becomes “how does this impact our security?”. It also means to take into consideration any of your compliance requirements. Do you have any contractual obligations as well as legal ones to ensure you are propely protecting your revenue base? Have you audited your systems against your compliance requirements? Though you might not always know the answer, asking the question and leveraging an IT partner’s advice is the first step towards creating a culture of security.

Security-first helps you take a holistic approach to your business’ security and never make it an afterthought. Compliance standards and regulations attempt to establish best practices for data security, but you will constantly be behind the ball if you are just working to meet them.

It can be tough to adopt this mindset and put it in action. We can help.

We created our Sensible Security solutios: Sensible's Essential 8 Cybersecurity System, Sensible Advanced CyberSecurity System, and Sensible Compliance Audit Service to provide businesses with the IT support and resources necessary to stay up and running, secure, and compliant. We specifically help with ASD Aussie Essential 8, NIST SP 800, ISO 27001. Here are some of the strategies we utilise:

Compliance Audits

Compliance Audits are used to ensue you are protecting your income stream.

Do you have any contractual or legal requirements that require you to manage your data or systems in a particular way ?

By performing regular compliance audits you can ensure you don’t put any of your revenue at risk because you did not implement security systems in the right way.

Unified Threat Management

UTMs, which are typically purchased as cloud services or network appliances, provide firewall, intrusion detection, antimalware, spam and content filtering, intrusion prevention and VPN capabilities in one integrated package that can be installed and updated easily. We can implement and configure a UTM to fit your business’ security needs.

Firewalls & Security Software

We practice what we preach and then some. Just like how we outfit our clients with top-notch security solutions, we have fortified ourselves as well. Our Firewall services also include intrusion protection and prevention as an added layer of security, and manage updates to the firewall software.

We also utilize anti-virus and anti-malware software and review the logs from our systems and thousands of client systems daily, taking action as necessary.

Endpoint Security

Endpoint security solutions help firewall connected systems monitor and update antivirus software and restrict access to websites in order to maintain and comply with the organisation's policies and standards. This allows us to ensure devices are staying updated and secure, and minimizes risks posed by your employees.

Multifactor Authentification

Multifactor authentification is an important security measure that can help keep cybercriminals our of your accounts. We frequently force the reauthentication of a user via multifactor authentication so that if a password becomes compromised, we can still block access.

Preventative Maintenance

A preventive maintenance program establishes consistent practices designed to improve the performance and safety of the equipment at your property. We want to continuously test and maintain your IT infrastructure so we can avoid prolonged downtime and reduce threats to the device’s integrity.

Encryption

Cryptographic transformation of data (called "plaintext") into a form that conceals the data's original meaning (called "cipher text") to prevent it from being known or used is encryption. When sharing sensitive information, encryption helps protect that information from falling into the wrong hands. We can help configure your email to allow you to send encrypted messages.

Intrusion Prevention & Detection

Intrusion prevention and detection gathers and analyes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organisation) and misuse (attacks from within the organisation). This constant monitoring alerts us at the onset of a potential attack and allows us to prevent it from causing extensive damage.

Quarterly Security Audit & Best practice Realignment

Practice makes perfect. Every quarter we revisit our security efforts, check their effectivness through testing, and make sure cybersecurity protocals are being followed. Employee cybersecurity training and education is often an overlooked security strategy- but it is incredibly effective. Teaching your employees how to be more secure and creating a culture of cybersecurity is essential to the sustainability of your business.

These strategies are just components If you’re ready to stop worrying about your business’ security and compliance, give us a call. You can book an introductory call with us anytime here. We can help remove the guesswork from security and compliance and give you back time to devote to growing your business.

As technology has advanced, the role IT can play in your business has significantly increased. Correctly utilising technology solutions can enable you to rapidly grow your business.

All effective organisations know that achieving a positive Return On Investment (ROI) is good for business, but what about Return On Technology?

While ROI is typically discussed within a marketing or accounting parameter, businesses should also take the time to calculate this important figure for any technology investments. Whether you are thinking about installing new applications or want to purchase new devices, calculating an ROT can help you to make a more informed decision, which can provide immediate and long-term benefits.

Technology is not simply a maintenance cost. It is an asset used to maximise the leverage out of one of your most expensive costs- Labour.

If your current IT services aren’t helping you to optimise your business, you aren’t getting the best bang for your buck. Here at Sensible, we take the time to learn your business inside and out so that we can craft IT solutions that will give you a return on your investment.

3 Steps To Better Leverage Your IT

1. Work with a true IT partner

Strategic IT services involve the creation or optimisation of IT solutions that solve your business’ pain points and help you improve operations so you can meet your business goals. This approach requires a strong partnership between your IT provider and your business, so that they can customise their approach to your needs.

Managed IT Services is commonly a reactive service - you are responding to events as they occur and resolving the technical issue that occurred. Strategic IT services look at your business model and fit your IT systems accordingly. Your IT team should be looking at why events occur and plan your IT to minimise reactive events- making your operations as seamless and efficient as possible for your clients and your staff. If they aren’t it might be time to look into finding one that is.

2. Recognise the difference between maintaining and investing in IT

The key difference between an IT team that is focused on maintaining your IT systems and one that is focused on investing in your IT is the emphasis on strategy.

IT without strategy is simply providing upkeep to an existing system, fixing issues as they arise, and not evaluating the effectiveness of your IT. Technically this approach works, but it is also often inefficient and not cost-effective.

For example, instead of simply fixing issues as they come up, a strategic IT partner would investigate why the problems were arising, find the root of the issue, and determine how to eliminate it. This removes the interruption to your business, the headache around fixing the issue, and the money you would have spent continuing to apply quick fixes.

3. Measure your success

In order to know whether your IT solutions work for you, you need to be able to measure efficiency. All costs should be measured to see if you are extracting the right value for your organisation. IT has the most potential to ADD value to your bottom line if implemented properly. Working with experienced IT experts can help you identify which measurements of success should be evaluated and how they can be followed appropriately. Key performance indicators such as capacity utilisation, on-time delivery and earnings help you and your IT partner identify areas of your system that are underutilisation or need to be adjusted.

Additionally, metrics can help you track the adoption of new IT solutions by your employees. After investing your time and money into an IT solution, you want it to be quickly adopted so you can begin to reap the benefits of it. If you are seeing a slow adoption you know you need to do more education or training on the new system or tweak it to better fit your employee’s needs.

Book A Call

The Internet of Things (IoT), has become a hot topic in the technology field. The exponential sophistication and adoption of devices have experts comparing this to the third industrial revolution from steam and power to computers, referring to this wave of new device usage as Industry 4.0 or the fourth iteration of industry as we know it.

IoT is already bigger than you might expect - from doorbells, security cameras, weather stations, smart workout gear, baby monitors, and even coffee pots are streaming data and connected to the internet. As with any cutting-edge technology, IoT does have its kinks that still need to be worked out. The biggest being the security threat that adding IoT devices poses to your network.

To read more on what is IoT: click here.

The Security Threat Posed By IoT Devices

The problem with IoT device security is that they are easily hacked, gateways to your entire network, and can't truly be protected by just a firewall.

In the first half of 2018, Kaspersky IoT honeypots detected 12 million attacks aimed at IoT devices coming from 69,000 IP addresses. By 2019 that increased to 105 million attacks from 276,000 IP addresses. Attempting to block all malicious IP addresses would be a huge and ineffective feat. Just recently, a Senior Researcher with Avast hacked into a WiFi-enabled coffee pot, devised a ransomware attack, and deployed it, causing the coffee pot to spew coffee and make noise until it was either unplugged or the ransom was paid.

The old castle-and-moat approach to cybersecurity - building an effective and strong firewall perimeter around your network, hasn't proven to be effective since smartphones and mobile devices have made working from home or on the go so easy. The more devices you connect, the higher the risk of a breach becomes.

How To Upgrade Your Security Approach For IoT Devices

Here at Sensible, we encourage the usage of IoT devices. They can be substantial productivity boosters, excellent solutions for your business needs, and can help your business scale. However, whenever introducing new devices to a client's network, we have to be cautious and mitigate the additional risk they pose to security. These are the steps we take to do so:

1. Evaluate the current security approach

As mentioned, only having a firewall isn't enough anymore. If we encounter a client that has not yet shed the castle-and-moat approach, we start by shifting their security to a more policy-based approach. Basically, this means we are adding extra security on the drawbridge over the moat. For every attempt to access the data, we put policies in place to prompt the user to verify they are who they are and that they should be accessing that information.

2. Be selective

With the addition of every IoT device, the security risks increase. We caution our clients against adding devices that they don't necessarily need. You shouldn't have to be accommodating for threats posed by your office coffee pot!

3. Research your options

As the need for IoT devices increases, the market is being flooded by tons of new products. Just like in purchasing a new computer, you should do your research to understand if the device is good quality, has the features you need, is compatible with your existing systems, and can be secured. Working with an IT partner like us, we can make informed recommendations on what you should be looking for, and even source the devices for you.

4. Configure the IoT devices adequately

Once you have settled on the device you would like to add, make sure you have technical support when configuring it. The majority of devices do not come out of the box set up to be secure. We can help add additional security or enact the devices existing security measures to ensure it doesn't become a liability.

Client Success Story: Recently, we helped a medical research company implement video cameras in their lab so they could adequately observe and record sample changes 24/7. We were able to help them evolve their security approach, determine the necessary devices required to achieve the solution they needed, source cameras that were compatible with their existing network, could add necessary additional security and featured the live streaming and recording options the lab required.

If you have a business need, we can help you find a sensible solution. We love to help businesses improve by crafting and offering informed technology solutions. Book a call with us anytime, and we'd be happy to lend you our expertise.

productivity

We’ve been discussing work-from-home (WFH) or hybrid working environments for a short while now, and there’s one concern that’s been ever present: how can organisations keep their staff accountable and just as productive outside of the office space? This is a question with many potential answers, but those answers can be broken down into four main categories: equipment, cloud familiarity, clear policy expectations, and closing the gap on social distancing. Let’s break them down one by one.

Having the Right Equipment

In regards to productivity, nothing makes it more stable that having the right equipment. Too many employees are relying on old laptops, with unsecured environments and potentially unreliable internet connections. There are also peripheral concerns—lack of additional monitors, non-ergonomic chairs, and so on. These things limit the tools available, slow down productivity, and leave employees uncomfortable and distracted. The University of Utah found that people with multiple (or simply larger) monitors complete tasks 52% faster than those without.

It’s also important to keep your staff cyber-safe. Make sure your team’s computers are equipped with the latest cybersecurity protection software. We also highly recommend setting your team up with multi-factor authentication for additional security. It goes without saying that a cybersecurity breach will have a devastating effect on productivity and your reputation.

Cloud Familiarity

It’s important to be familiar with your existing or potential cloud-based solutions. This could range from the known-and-trusted Microsoft Office 365 business suite to a cloud-based data storage solution, or more. If you’re already using Office 365, then we want to highlight one tool in particular: Teams. Teams is more than an instant messaging platform—it also supports video conferencing and recording, filesharing, collaboration, conversations, and more. We’ve noticed a lot of organisations underusing Team’s functionality, and we wanted to highlight it as a powerful tool for your use.
Clarity in Policy and Expectations

One of the easiest ways to improve employee accountability and productivity is to provide clear expectations and a comprehensive policy. For example, we at Sensible have been open about what are Key Performance Indicators are for our WFH employees, and we have provided guidelines for how to go about said work. These policies can be as rigid or loose as your organisation’s culture requires, but they should be clear and widely understood.

Closing The Gap On Social Distancing

It’s incredibly important to stay connected while socially distant. We’ve taken steps to keep our employees socially involved via online ‘huddles’, where we meet and socialize at least twice a day. Sharing this support, recognition, and encouragement has resulted in a noticeable spike in productivity. If your employees feel appreciated and supported, they will support you as well.

These are our tips to keep people productive and accountable in a WFH environment. It’s relatively simple, all things considered, but it’s important nonetheless. If you’re looking for assistance with your technology or hardware needs, Sensible is here and willing to help. Give us a call!

The COVID-19 pandemic is forcing lots of organisations to implement Social Distancing practices.

Employees are being forced to Work From Home (WFH).

Is your business ready to continue to operate in this environment so you can continue to serve your clients?

To help with this , we have developed a FREE COVID-19 Remote Work Readiness Self Assessment Tool for Australian businesses so you can work out how ready you are to implement Work From Home.

This will help keep people your employed, which is good for everyone involved.

Also, check out our other free information about Disaster Recovery Planning !