Get in Touch

We are all ingraining ourselves into an Internet of Things (IoT) world that, for the most part, benefits everyone – improving efficiency and keeping us connected to the devices and people that are important to us. (more…)



All businesses worry about data security, and those that must meet compliance requirements even more so. It can be overwhelming to read through the articles and ads, warning that a single data breach could both financially cripple your business and ruin your reputation. With a significant rise in the frequency and sophistication of cyberattacks, now is a better time than ever to get secure.

As a business leader, your problem isn’t a lack of awareness of threats, but a lack of resources to help get secure and stay compliant. We recommend working with an IT provider and adopting a security-first mindset- ingraining cybersecurity methodologies into your business strategy.


What is a security-first mindset?

Having a security-fist mindset means you consider the security implication of every decision. Security becomes top of mind and your first question when evaluating a decision becomes “how does this impact our security?”. It also means to take into consideration any of your compliance requirements. Do you have any contractual obligations as well as legal ones to ensure you are propely protecting your revenue base? Have you audited your systems against your compliance requirements? Though you might not always know the answer, asking the question and leveraging an IT partner’s advice is the first step towards creating a culture of security.

Security-first helps you take a holistic approach to your business’ security and never make it an afterthought. Compliance standards and regulations attempt to establish best practices for data security, but you will constantly be behind the ball if you are just working to meet them.

It can be tough to adopt this mindset and put it in action. We can help.

We created our Sensible Security solutios: Sensible's Essential 8 Cybersecurity System, Sensible Advanced CyberSecurity System, and Sensible Compliance Audit Service to provide businesses with the IT support and resources necessary to stay up and running, secure, and compliant. We specifically help with ASD Aussie Essential 8, NIST SP 800, ISO 27001. Here are some of the strategies we utilise:



Compliance Audits

Compliance Audits are used to ensue you are protecting your income stream.

Do you have any contractual or legal requirements that require you to manage your data or systems in a particular way ?

By performing regular compliance audits you can ensure you don’t put any of your revenue at risk because you did not implement security systems in the right way. 


Unified Threat Management

UTMs, which are typically purchased as cloud services or network appliances, provide firewall, intrusion detection, antimalware, spam and content filtering, intrusion prevention and VPN capabilities in one integrated package that can be installed and updated easily. We can implement and configure a UTM to fit your business’ security needs.


Firewalls & Security Software

We practice what we preach and then some. Just like how we outfit our clients with top-notch security solutions, we have fortified ourselves as well. Our Firewall services also include intrusion protection and prevention as an added layer of security, and manage updates to the firewall software.

We also utilize anti-virus and anti-malware software and review the logs from our systems and thousands of client systems daily, taking action as necessary.


Endpoint Security

Endpoint security solutions help firewall connected systems monitor and update antivirus software and restrict access to websites in order to maintain and comply with the organisation's policies and standards. This allows us to ensure devices are staying updated and secure, and minimizes risks posed by your employees.



Multifactor Authentification

Multifactor authentification is an important security measure that can help keep cybercriminals our of your accounts. We frequently force the reauthentication of a user via multifactor authentication so that if a password becomes compromised, we can still block access.


Preventative Maintenance

A preventive maintenance program establishes consistent practices designed to improve the performance and safety of the equipment at your property. We want to continuously test and maintain your IT infrastructure so we can avoid prolonged downtime and reduce threats to the device’s integrity.



Cryptographic transformation of data (called "plaintext") into a form that conceals the data's original meaning (called "cipher text") to prevent it from being known or used is encryption. When sharing sensitive information, encryption helps protect that information from falling into the wrong hands. We can help configure your email to allow you to send encrypted messages.


Intrusion Prevention & Detection

Intrusion prevention and detection gathers and analyes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organisation) and misuse (attacks from within the organisation). This constant monitoring alerts us at the onset of a potential attack and allows us to prevent it from causing extensive damage.


Quarterly Security Audit & Best practice Realignment

Practice makes perfect. Every quarter we revisit our security efforts, check their effectivness through testing, and make sure cybersecurity protocals are being followed. Employee cybersecurity training and education is often an overlooked security strategy- but it is incredibly effective. Teaching your employees how to be more secure and creating a culture of cybersecurity is essential to the sustainability of your business.

These strategies are just components If you’re ready to stop worrying about your business’ security and compliance, give us a call. You can book an introductory call with us anytime here. We can help remove the guesswork from security and compliance and give you back time to devote to growing your business.


As technology has advanced, the role IT can play in your business has significantly increased. Correctly utilising technology solutions can enable you to rapidly grow your business.

All effective organisations know that achieving a positive Return On Investment (ROI) is good for business, but what about Return On Technology?

While ROI is typically discussed within a marketing or accounting parameter, businesses should also take the time to calculate this important figure for any technology investments. Whether you are thinking about installing new applications or want to purchase new devices, calculating an ROT can help you to make a more informed decision, which can provide immediate and long-term benefits.

Technology is not simply a maintenance cost. It is an asset used to maximise the leverage out of one of your most expensive costs- Labour.

If your current IT services aren’t helping you to optimise your business, you aren’t getting the best bang for your buck. Here at Sensible, we take the time to learn your business inside and out so that we can craft IT solutions that will give you a return on your investment.


3 Steps To Better Leverage Your IT


1. Work with a true IT partner

Strategic IT services involve the creation or optimisation of IT solutions that solve your business’ pain points and help you improve operations so you can meet your business goals. This approach requires a strong partnership between your IT provider and your business, so that they can customise their approach to your needs.

Managed IT Services is commonly a reactive service - you are responding to events as they occur and resolving the technical issue that occurred. Strategic IT services look at your business model and fit your IT systems accordingly.  Your IT team should be looking at why events occur and plan your IT to minimise reactive events- making your operations as seamless and efficient as possible for your clients and your staff. If they aren’t it might be time to look into finding one that is.

2. Recognise the difference between maintaining and investing in IT

The key difference between an IT team that is focused on maintaining your IT systems and one that is focused on investing in your IT is the emphasis on strategy.

IT without strategy is simply providing upkeep to an existing system, fixing issues as they arise, and not evaluating the effectiveness of your IT. Technically this approach works, but it is also often inefficient and not cost-effective.

For example, instead of simply fixing issues as they come up, a strategic IT partner would investigate why the problems were arising, find the root of the issue, and determine how to eliminate it. This removes the interruption to your business, the headache around fixing the issue, and the money you would have spent continuing to apply quick fixes.

3. Measure your success

In order to know whether your IT solutions work for you, you need to be able to measure efficiency. All costs should be measured to see if you are extracting the right value for your organisation. IT has the most potential to ADD value to your bottom line if implemented properly. Working with experienced IT experts can help you identify which measurements of success should be evaluated and how they can be followed appropriately. Key performance indicators such as capacity utilisation, on-time delivery and earnings help you and your IT partner identify areas of your system that are underutilisation or need to be adjusted.

Additionally, metrics can help you track the adoption of new IT solutions by your employees.  After investing your time and money into an IT solution, you want it to be quickly adopted so you can begin to reap the benefits of it. If you are seeing a slow adoption you know you need to do more education or training on the new system or tweak it to better fit your employee’s needs.

Here at Sensible, we are devoted to delivering “Sensible” IT advisory and support services while continually identifying improvements. So, you have improved business operations, more productive staff, confidence in your technology, and predictable costs.

We use the same process and strategy to help improve our own business that we do for yours- that is how we know it works, and now others know it too.

We are proud to say that the program we have worked so hard on to create has landed us a spot on Channel Future’s 2020 MSP 501 list.

The success we can bring a client by providing them with IT business consulting and solutions is what drives us, so we are thrilled to be recognised for that work. In that spirit, we wanted to share with you the steps we take in analysing our client’s and our business’ technological opportunities. If your current provider is not helping you do this assessment or isn’t asking you these questions, your investment in them isn’t paying off as much as it could. You can book a call with us anytime here.


Identifying Technological Opportunities In Your Business

1. Get into the details.

The first thing we do with a new client is to sit down and learn as much as we can about their business’s goals, their current technological utilisation, and where their processes snag. We look to:

  • Understand the step by step of their workflows
  • Review the time it takes for tasks to be completed, and identify bottlenecks
  • Review historical trends for workloads, efficiency, profitability, etc.

The most important part about this step is that it needs to be repeated regularly. Businesses change and evolve and implementing data points you can track over time help keep us in-tune with how things are going.

Example: Every quarter we review our budget and ask ourselves, “how did we improve profitability this quarter”. This prompts us to analyse what we were able to implement to improve our efficiency and profitability and encourages us to find tweaks or new technology that can help us continue to improve.

2. Complete a SWOT analysis on your current technology solutions.

SWOT is a great organisational framework we use to take what we have learned and categorise it into a helpful and actionable format. We use the questions provided below to help organize our information into each category.

S- Strengths: What does the company do well, what resources does it already utilise well, and how is the company making the best use of information technology?

W- Weaknesses: What processes or services could the company improve, in what areas does our competition have the technological edge, and what technology should the business actually avoid?

O- Opportunities:  Think about new market opportunities and how technology is changing. Are there interesting trends in technology that you would like to try, are there industry-specific solutions that could elevate business operations?

T- Threats: What information security threats should the business be most concerned about, how would their business fair if the technology went down?

3. Identify high impact areas for growth.

We then take our SWOT analysis and pinpoint opportunities that play to the company’s strengths, reduce weaknesses, and we note potential threats to plan for. Then we do our research to find the perfect technological solutions, create an implementation plan, and budget out the project and any ongoing service necessary.

We would love the opportunity to learn more about your business and help find you technological solutions meant to help automate and improve your business, and thus your profitability. Book a call with our CEO, Katherine Spanner, and let’s get started.


We are all ingraining ourselves into an Internet of Things (IoT) world that, for the most part, benefits everyone – improving efficiency and keeping us connected to the devices and people that are important to us.

With the advancement of technology, almost every aspect of our lives generates data and sends us infromation over the internet. Smartwatches track our steps, smart doorbells keep us safe, smartphones know our location, video streaming services know what we like to watch and make recommendations, social media puts ads and posts in front of us that it knows we will like, our coffee pots even know when we would like our coffee made in the morning.

IoT is emerging as a powerful tool in the business world as well. IoT devices record and transfer data, and this can be applied to monitor important processes, give us new insights, boost efficiency, and allow companies to make more informed decisions. They can tell you what is really happening, rather then what you assume is happening.


So, what really is the Internet of Things?

IoT is a system of interrelated, internet-connected devices that can collect and transfer data over a wireless network. By combining these connected devices with automated systems, you can gather information, analyse it and draw conclusions to inform decisions better or take action to help someone with a particular task or learn from a process.


How can IoT help my business?

Here at Sensible, we have had great success in improving our client’s efficiency, security, and profitability with the correct implementation of IoT devices. Having the ability to monitor, track, and analyse important data easily has given our clients the visibility they needed to make better-informed decisions and take productive action to improve their businesses.

Whether it’s as standard as finding a better way for employees to clock in and out of work, or as niche as monitoring and controlling the temperatures of food shipments while they were in route to their destinations, IoT devices can help. We can help you by making recommendations and vetting devices that could make an impact.


How do I know what IoT devices to get?

IoT devices are great, but you don’t want to overdo it. When working with a technology professional like ourselves, we can help pinpoint areas of your business that could be optimised with the help of IoT devices, and then research the best model of that device for your business.

There is a lot to consider when adding any device to your business’s network:

1. Is it compatible with your existing devices?
We help find a quality device that will function within your existing environment and won’t require a ton of additional work to get it to “talk” with your existing systems.

2. What security threats will it pose?
Unsecure devices that are connected to your network can create massive holes in your cybersecurity. Many IoT devices are insecure out-of-the-box and should be reconfigured properly immediately. Recently, a WiFi-enabled coffee pot was proven hackable and exposed the rest of the corporate network to a ransomware attack. We make sure that any devices that will be connected to your network have been configured to the security standards necessary to keep your information protected.

3. Does your network have the strength to support additional devices?
The more devices you add to your network, the more strain you put on it. There is a breaking point where your network connection will slow and no longer be reliable. Depending on how many devices you add, you may need to upgrade your network capacity. We can help you evaluate your existing network and determine what it would be able to support.


I’m ready to talk about taking a more Sensible approach to our IT, who do I talk to?

We would be delighted to talk further and discuss how we can help you implement IoT devices, or simply examine your current IT approach and offer advice for improvement. You can book a call with our CEO, Katherine Spanner, via the button below.


As we are all still trying to understand what the lasting impact of the COVID-19 pandemic will be, many organisations are taking a hard look at their operating costs and looking for potential cuts. Protecting cash flow is vital right now. At Sensible we want to help you implement strategies that can help reduce your IT costs and set you up with a system flexible enough to support your business through the many changes (or pivots) you might be making to position yourselves to thrive through it all. We want to offer you guidance and support through these times, and potentially help you save some money.

Step 1- Do an Internal Audit

Take a look at your current technology solutions. Take stock of everything you are paying for and ask yourself these questions:

• Is this the right system for my business? Does it accomplish all I need it to?

• Are we currently utilising all the tools we are paying for? Can we cut any?

• Do we lack internal processes? Are there ways I can improve efficiency and save our employee’s time?

Step 2- Cut Any Redundant or Unnecessary Services

The easiest way to reduce costs is to get rid of what’s not working. Many companies have a habit of purchasing a new tool or service to meet an immediate need. Little do they know they usually already have a tool that could meet that need, it’s just not being used properly. Here is a free tip: Do you have Office 365? Most companies get this package so they can use programs like Word and Excel, but don’t fully utilise the other apps that come with it. Microsoft teams can easily replace Slack and Zoom, and Sharepoint or OneDrive can do the job of Google Drive and Dropbox. You’re already paying for Office 365, and the tools themselves are more powerful, providing integration of your information and files across all the apps. You might simply need some training or guidance on how to implement these tools into your business processes, and we can help with that.

Step 3- Evaluate Whether It’s Cost Effective to Manage Your Own IT

Is IT your core skill set? Will you ever be as efficient and skilled as a complete team of specialists? Often your time will be better spent doing what you are best at, then wasting countless hours trying to learn an entirely new skill set. Additionally, can you really afford not to do IT the right way? Payroll and training costs alone can be a nightmare. Outsourcing a portion of your IT needs to a 3rd party resource like Sensible can help you simultaneously improve your technology management, and potentially save money. If you’re currently relying on an internal IT manager or a small internal team, are they struggling to keep up with the tsunami of complex and ever-changing technology needs and services? Important competitive projects may be delayed while your team has to complete training, and you become the test environment for their new skills, increasing your risk. Sensible offers a full-service solution for your IT needs, resulting in a higher standard than most organisations can achieve in-house.

Step 4- Don’t Pay for Quick Fixes, Invest in A Reliable Solution

How does your current IT resource handle your technology needs? Are you currently working with a “break-fix” style of management, where you pay for problems as they occur whether or not they happened before? Or are you paying a predictable monthly fee for a process that analyses your business, looks for opportunities to improve your staff productivity and tries to prevent problems in the first place? We believe you should engage a provider like us, who trusts their systems to offer you unlimited support for a fixed fee. Those quick fixes add up quickly, and with the right solution, you can eliminate them.

Step 5- Plan for The Future, Secure Your Information

As we are working remotely, it is more imperative than ever to understand how to protect your data. Protecting your finances, your reputation, and your Intellectual property can be costly, mainly if not implemented properly. However, it is even more expensive if you don’t protect them adequately at all. Adhering to compliance regulations can be costly and often means implementing and maintaining a stringent security infrastructure- do you have the expertise to do this most cost-effectively?

We could cover many more steps to take, but these are the areas where we think you can make the most impact on you and your business. If you’re hesitant about tackling this problem on your own, that’s okay! We encourage you to contact Sensible. We can help you identify these problems and guide you on how to solve them. Give us a call!

2020 has already proven itself to be a tough year, particularly here “Down Under” in Sydney, Australia. We’ve dealt with widespread and devastating bushfires, floods, and now the global pandemic of the COVID-19 strain of the coronavirus. Not just businesses, but entire nations are being shut down to contain the virus and minimise the death toll.

Many organisations may be forced to lay off employees to survive, or shut down entirely, which will hurt both the business and the employees. There’s a way for your organisation to continue operating amidst this crisis, and keep people employed, which is good for everyone involved.

Fortunately, there is a way to do that for many industries. Remote work has been a growing trend worldwide, and has now become a necessity. Social distancing recommendations given to us by our governments and the World Health Organisation disallow communal gatherings in the name of safety :  in-person workspaces may be next. The answer, then, is to work from home. Facilitating a remote workforce gives more flexibility to both the business and the employee, and it keeps both safe in this time of crisis. Many companies may not have the infrastructure built up for this yet, but we’ve been helping organisations improve their technology for over 35 years; and is something we can help you with.

Modern IT Best Practices

Modern IT Best Practices make a huge difference in how a company will respond to this crisis. We’ve noticed that the organisations that follow seven specific practices are adapting to the current climate much more smoothly than others. The 7 modern IT practices are:

  1. C-Level executives directly engage multiple times a year with their business-savvy IT provider to ensure their IT systems properly deliver their business requirements.
  2. They no longer have onsite IT departments who are not geared for providing uninterrupted remote support.
  3. They have provided secure systems for their staff to perform all their major functions from anywhere
  4. They have already carefully migrated a large part of their systems to securely configured cloud based systems.
  5. They have migrated to cloud-based communication systems.
  6. Their IT Support team are already experienced in the (more complex) back-end world of the cloud.
  7. They have invested in regularly training their staff to properly use their technologies and measuring these productivity gains.

If you examine your organisation, how many of those seven things do you do or have done?

We can help you get these policies in place, and adapt to the current reality. Swift action might be the thing that minimises the damage to, or outright saves, your business in this trying time. Schedule an introductory chat via our calendar.

As you begin to move your company away from a physical infrastructure and into the cloud, it's important to make sure that proper security policies are in place. While you may have a general information security policy, don't think that absolves your organisation from the need for a specific cloud security policy. The dangers that come along with using cloud software or infrastructure are markedly different than those of the typical security concerns encountered by most organisations.

1. The biggest risk for most cloud applications is a breach of the cloud provider's security. Your sensitive data could be leaked.

Take the recent Ashley Madison dating website hack - it is believed that 252,000 people in Sydney alone have had their private details leaked.

There is no real way to create a policy averting this risk, so the ideal solution is to look at things from the perspective of risk management—all cloud providers need to be evaluated for risk, based on their history, the architecture they use, stated security measures in place, and the value or risk of data being stored on that cloud platform. Do they encrypt their data? Do they offer dual factor authentication?

2. The second biggest risk for organisations is employee negligence and inappropriate cloud usage. Curbing this risk requires several steps. First is identifying a point person in your organisation, usually the IT manager, who will evaluate cloud services and approve or deny requests to use certain cloud providers. Next, employees need to be informed that they are not to use cloud services unless they have been vetted and approved by the point person. Third, employees need to be trained on how to identify security risks themselves. Finally, organisational data needs to be stratified by level of security it requires, so that cloud services can be evaluated for certain levels of security. For example, while one service may be perfectly fine to temporarily store or transport low–security information, it might not be secure enough for high–security information. Employees must be made aware that using cloud services is a major risk, and not to be done without authorisation.

All cloud policies should integrate a worst–case–scenario plan. This can include plenty of redundant backups in case the cloud service storing your data goes down. It should also include a communication plan to inform your clients and customers in the event of a security breach at your cloud service provider.

Cloud services can offer your business a lot of flexibility and significant savings, but unless they are approached in a methodical and cautious manner, they can result in significant risk. A good cloud service policy is the biggest step towards minimising this risk.

Contact your IT Manager to ensure they have implemented the right risk reduction techniques that put you back in control and let you implement and enforce the policies you want.

Wi-Fi has become a staple for millions of people, but one of the main problems that Wi-Fi users face is weak signal strength. Weak signal strength can seriously hamper your productivity since it results in slow connection speeds and a smaller range of coverage.

However, there are several things you can easily do to increase your signal strength and throughput:

1. Move your Wireless Router or Access Point to a Central Location

Distance is a major consideration when it comes to Wi-Fi. The signal weakens the farther away you are from the wireless router or access point.

Remember, WiFi signals hate water. They're also not too crazy about metal, mirrors, glass, brick, insulation, and human bodies. Keep your wi-fi equipment away from as many obstacles as possible.

The distance between the router and connecting devices, as well as the number of walls and floors in between, make a big difference.

In order to get even coverage throughout your home or office, you should always choose a central, high location for your Wi-Fi equipment - out in the open.

Mobile apps like Assia's Cloudcheck or Amped Wireless's Wi-Fi Analytics Tool let you walk through your office and identify dead spots, so you can figure out the best places to put your WiFi devices.

2. Change the Channel

Wireless routers and access points broadcast Wi-Fi on a specific channel. If you live in a crowded area with many Wi-Fi networks, like an apartment complex, then signals from other wireless routers or access points could interfere with the signal from your own.

To avoid this problem, use a less crowded channel. You can change the channel by accessing your wireless router's settings through a connected device. Many modern wireless routers and access points even come with software to help you determine the optimal channel to get the most out of your wireless network.

Mobile apps like WiEye for Android let you view all the wireless nets nearby to see what channels they're on. (Sorry, iPhone fans — Apple has banished WiFi scanners from the iTunes Store; you'll have to rely on a desktop app like WiFi Scanner for Mac or WiFi Channel Scanner for Windows.)

3. Turn on Security

Someone could be stealing your Wi-fi signal. They could be saturating your throughput so you miss out.

Lock them out with better security. Set up a password on your wi-fi router so that only authorised users/devices can connect to your wi-fi signal.

Ensure you are using the latest WPA/WPA2 security algorithm options that keep hackers from breaking into your network

Also, don't publicise your wi-fi Network Name to strangers. Configure your router and uncheck "Enable SSID Broadcast." You can still access your network, of course, but it won't be discoverable by those not in the know.

4. Check for interference from a nearby cordless device

Baby monitors, older cordless phones, microwave ovens and wireless speakers are just some of the common household gadgets that also use the most common 2.4Ghz wi-fi frequency. These can interfere with the wireless signal from your router.

Deal with the conflict by moving the router away from these devices and ensuring that no devices that could potentially interfere lie in a straight line between your router and the gadget you're trying to get online with.

5. Update the Firmware

Wireless routers and access points — much like the devices you connect to them — run on embedded, permanent software. This type of software is called firmware.

Updating your device's firmware can improve its performance. To do this, you need to visit the website of your router's manufacturer. There, you can download the router's latest firmware. You can upload the updated firmware into the router by using a connected device.

In addition to keeping the firmware on your wireless router or access point up-to-date, you also need to regularly update the firmware on your mobile device's wireless adapter.

6. Add Additional Hardware

You can also boost the signal by using additional equipment. External antennae and wireless range extenders can increase the range of coverage for your wireless router or access point. You can also use a wireless repeater to send the signal even farther.

If you are still having trouble, you should consider buying a newer wireless router or access point, since newer models have larger ranges and faster signal speeds.

7. Use wires when possible.

As fast as the newest WiFi standard is, a wireless connection still isn't as fast or reliable as a standard wired one. When possible, connect bandwidth-hungry devices that stay in one location directly to your router via networking cable, and save the wireless connections for the stuff that moves around.

Wi-fi devices are designed for only a small number of connections. Limit this number and the stronger speed you get out of it

Life at Sony Pictures Entertainment Inc. is slowly getting back to normal after becoming the victim of one of the most malicious cyber attacks in history. Sony's employees arrived at the office on November 24, 2014, to find the image of a red skull on all of their computers. The foreboding image came with a warning saying that the company's secrets would soon be revealed.

As part of an investigation into the attack, the company discovered that hackers made off with more than 100 terabytes of confidential files. The attackers also deleted the original copies of these files and wiped Sony's internal data centers. They destroyed 75% of the company's servers and used file-sharing networks to publicly release a huge amount of the stolen information.

The list of released files featured corporate documents, private emails from Sony executives, and details about salaries and bonuses. It also included the usernames and passwords of hundreds of employees, as well as personal information, such as their social security numbers.

In addition, the attackers stole a number of movies that were scheduled for release in theaters during the 2014 holiday season. They posted these films online, hitting the company even harder.

Following the attack, Sony shut down nearly all of its global IT infrastructure. This left the company's employees without any voice mail, corporate email, or production systems.

Sony's problems didn't end with the attack on its systems. The hackers, calling themselves the "Guardians of Peace," threatened to attack theaters if Sony went ahead with its planned Christmas day release of "The Interview," a comedic movie depicting the assassination of North Korean leader Kim Jong Un.

Shaken by the security breach and the threat of attacks against theaters, the company initially decided to cancel the movie's release. A wave of criticism followed the move, and Sony was forced to change its stance. The movie was ultimately screened at a limited number of theaters, and made available online by the company.
The Hackers and Their Suspected Methods

It remains unclear exactly how the attackers managed to break into Sony's networks, though security experts suspect that a specific type of malware was used to steal the data and erase the original copies. It is believed that the attackers first stole the login credentials of a high-level systems administrator working in Sony's IT department. Using this information, they were able to access the company's entire network.

The US government has stated that it believes that North Korea was behind the attack, with the FBI releasing the IP range from which the attack originated, leaving little room for doubt as to the source.

Sony's Attempts to Regroup Following the Attack

Sony clearly didn't have a disaster recovery plan. After discovering that it had been hacked, the company shut down its entire local system, rendering its landline phones, computers and corporate email system inoperable.

The company's senior executives used a phone tree to relay updates from one person to the next. More than 6,000 employees were forced to use cell phones, Gmail accounts and notepads to remain operational. The payroll department had to use an old machine to manually issue paychecks instead of using its electronic direct deposit system. The company's network remained impaired for weeks.

A Long List of IT Failures

The attack on Sony exposed its poor cyber security practices. A lack of IT training, strong password protection protocols, and file encryption technology played a role in Sony's faulty operations.

The company's employees used easy-to-guess passwords, such as "password" and "s0ny123." The passwords, along with other important data, were all stored in one place. This made it remarkably easy for the hackers to gain access.

In addition, Sony executives sent plaintext passwords in unencrypted e-mails. The company also failed to encrypt sensitive materials related to some of its employees, such as salaries, revenue numbers, medical information, and strategic plans. Without encryption, this information was relatively simple to steal.

A large part of this IT mismanagement stemmed from a lack of knowledge and preparation. Sony failed to implement company-wide protection measures or develop an adequate computer training program for its employees.

According to the company's former employees, Sony repeatedly ignored warnings about specific vulnerabilities. While the company did carry out risk assessments, it rarely acted on them.

Physical security was another major problem for the company. According to a statement made by one of the alleged hackers, the company did not have the most basic physical security parameters like locked doors, CCTV cameras, or proximity card readers.

It appears that Sony also failed to protect itself against social engineering. Several media reports have suggested that the hackers tricked some executives into revealing passwords. The attackers also allegedly convinced some sympathetic employees to help them.

The Keys to Better Cyber Security

According to security experts, Sony's haphazard practices are commonplace in the corporate world. Both multinational conglomerates and small businesses are equally vulnerable in this regard. Abandoning these ineffective policies are crucial to securing a company's IT infrastructure.

Basic precautions are vital, especially when it comes to physical security. Even the little things, like failing to lock a door, can have a huge impact on cyber security.

Simple mistakes are prevalent in the digital world as well. These include using obvious passwords, repeating passwords, or sending passwords via email. Using encryption and password managers can help companies eliminate these costly errors.

Hackers are becoming more and more sophisticated in the level of their attacks. In light of these new and dangerous threats, companies must have up-to-date, comprehensive anti-malware and antivirus programs.

Finally, companies should educate their employees about IT. An awareness of these issues, along with the help of outside experts, goes a long way toward preventing attacks.

Sensible Business Solutions © 2022 All Right Reserved
Privacy Policy