The purpose of a password is to protect sensitive data from unauthorised access.
For a long time, to keep up this protective layer, we have advocated that employees create ever more complex passwords and change them even more often.
This is now wrong ! What’s the point of a password system if it makes employees lives even more complex and it doesn’t even properly provide protection any more? Most current password practices were designed for a different age and are no longer fit for purpose. One enormous lesson that the COVID pandemic has taught us, is that the work environment is now totally different :
However, Human Nature is unchanged:
The more rules and complexities and changes you introduce , the more people will try to find an easy way around them.
The new Best Practice Password System:
If you do this, then:
Even better, with the right computer equipment, you can now even get rid of passwords all together when using a trusted device. Your employees will really appreciate the difference and your security will now actually work !
If you need help , feel free to give us a call; we’re happy to lend our expertise to your organisation.
Microsoft Office 365 has proven itself to be one of the foremost business-level office solutions in the world, regardless of industry. It’s a set of tools that companies and MSPs all over the world utilise and promote—but that doesn’t mean it’s perfect, and it definitely doesn’t mean that people have mastered and taken advantage of all of its features. Unfortunately, one of the most important aspects of IT management is neglected in most Office 365 implementations: cybersecurity.
Here in Australia we’ve seen a number of high-profile successful cyberattacks in the past few months; Toll Group suffered two attacks, BlueScope Steel was hit by an attack that forced them to shut down operations company-wide, and money management company MyBudget was hacked, causing a nationwide shutdown that left over 13,000 customers financially upset.
If companies of that size are able to be hacked, so can your organisation—you cannot assume that your standard firewall and antivirus combination will keep you safe.
This takes us back to Office 365, which has a variety of security features that many organisations are not aware of, and therefore do not utilise. With more and more organisations moving to Office 365, there are more and more people not optimising their environment or taking the next steps to protect themselves. When we consider the growth and staying power of remote work environments, it becomes an even higher priority.
In our years of experience, we’ve run into a few cases where a company adopts Office 365 out-of-the-box, and experiences some form of cybercrime that they thought they were safe from. In one case, there was a malicious actor that was automatically forwarding every email the employee received to their company’s competition—including sensitive personal and financial information. Office 365 has a security feature that can alert the user and/or administrator if company emails are being forwarded outside of the network, or if there’s other strange behaviour—but this feature is not enabled automatically. The victimized company in that case was being spied on for two weeks before they found out —not many companies come out of that with revenue and reputation intact. If they had looked into their cybersecurity options, and didn’t assume that Office 365 automatically secured everything, this could have been mitigated or avoided entirely.
Another form of security that Office 365 supports is “impossible travel detection”. In an impossible travel scenario, the system detects if logins are being attempted from different geographic locations in a timeframe that you couldn’t physically achieve. e.g. Login attempt in London, and after an hour it’s being attempted again from New York. This is impossible travel, and it’s a major indicator that someone is trying to hack your account. There are tools to detect those things and alert the proper individuals—but again, these are not automatically turned on. You need to set it up specifically.
While those tools (and others like them) are less known or understood, there is one security feature that almost everyone is aware of—and also isn’t activated out-of-the-box : Multi-Factor Authentication (MFA). With MFA activated, users are required to validate their login attempt via another system—this could be a text message, a smartphone app, or token. While yes, MFA adds another step to every login, it also adds an impossible step to any hacker or social engineer that manages to get a hold of your password. If they don’t have both your password and your smartphone, they can’t get into your account to cause problems. Sensible recommends always implementing MFA.
Another major misconception and point of neglect with Office 365 is the assumption that data stored in OneDrive or other Cloud-based solutions are backed up. Microsoft only supplies a short term recycle bin. They do not supply backups at all: this is up to you to arrange. Just because you are working in the cloud does not mean your data is immune from accidental / intentional data loss or corruption.
So what can we do? Sensible is happy to work with you to improve your cloud defences and cybersecurity solutions, whether it involves an Office 365 subscription or not. We begin by discussing your current environment, and business, before auditing your company for security risks. Once we’ve audited your network and identified your weak points, we can work with you to improve. Whether there’s a certain cybersecurity benchmark you want to hit, or if you need to meet regulatory compliance criteria, we can help you get there.
If you’re interested, feel free to give us a call; we’re happy to lend our expertise to your organisation.
Businesses and organisations of all kinds are thinking about the eventual transition back into the office environment. This experience will be different for each organisation. Some have been running essential services during the COVID-19 outbreak, and haven’t really noticed much change in this. Their experience will differ greatly from the business that transitioned to an entirely remote workforce in response to the pandemic—their needs are going to be more costly and drastic. Whatever your experience has been, or what your situation currently is, it’s time to start planning for what comes next. Are you going to return to the office life, like before the pandemic? Are you going to stay entirely remote? The answer to both of these questions is likely “no.” Most organisations would benefit from adopting the Hybrid Working Model.
The Hybrid Working Model (HWM) is simply a simultaneous adoption of in-office and remote work environments. We’re expecting to see a significant number of workers continue to work from home after the social distancing and quarantine restrictions are lifted, and we expect that number to stay fairly consistent. There are also good reasons for returning to the office: face-to-face collaboration can be more effective than remote collaboration, it’s easier to stay focused without the trappings of home, and there are social benefits to working in the office with other people. With these things in mind, we need to look at what businesses and non-profit organisations need to do to prepare for this kind of HWM environment.
Security is always important, but it’s even more important right now. Ransomware attacks have increased by 400% over that last three months as a result of the COVID-19 pandemic response. With businesses and organisations everywhere trying to function with a hastily-assembled remote work environment, hackers are taking advantage of the generally weakened cybersecurity. Your business needs to take steps now to solidify your cybersecurity solution and prepare for securing your HWM environment. We expect issues regarding file version control and virus corruption to spike as employees move back into the office, which can put company data at risk.
The quickest and most cost-efficient step you can take to shore up your security is to enable Multi-factor Authentication or Two-Factor Authentication across all of your accounts and devices. Requiring a secondary verification source (like a smartphone app or a text code) to access accounts and data adds a layer of defense that all but the most dedicated hackers and cybercriminals won’t be able to penetrate. Beyond that, Sensible is happy to work with you to refine and strengthen your cybersecurity offering.
When your team is split between the office and remote work, there are a few things that can make a positive impact. The first of which is establishing solid policies around transferring data between home and the office. The second one is to learn and leverage the full functionality of your current tools. We very commonly see people using great tools like Microsoft Teams, but not using it effectively. For example, Teams has a chat function, a collaborative file sharing function, video conferencing, and task management; a lot of companies only use it for communication. Leveraging your tools to the fullest extent, especially when on-site and remote workers are working together on one project.
We hope this article highlighted some helpful things for you, and gave you an idea of what you need to prepare for when implementing your Hybrid Working Model environment. If you’re interested in working with a trusted IT partner, Sensible is happy to help you figure out how to best meet your needs.
Microsoft Office 2016, the latest Windows-based version of the major technology company's application suite, is scheduled for an Australian release either in late 2015 or early 2016 . However, we already know quite a bit about the product, thanks to a preview and testing program that Microsoft has been running.
Here are 6 details to look forward to, ahead of the product's mainstream release:
Microsoft Office 2016 will emphasise the value of better security parameters. In addition to a file-level encryption functionality, new data loss protection tools inside of Microsoft Word, Microsoft Excel, and Microsoft PowerPoint will warn users when they attempt to save confidential files to unsafe locations. Microsoft Outlook will also be more secure, thanks to a multi-factor authentication feature.
Similarly, the application suite will have stronger information rights management tools that let you limit what people can do with your documents or emails after you've shared access with them. For example, you can allow access to a certain document to expire after a set period of time, and prevent it from being forwarded. These tools will also stop people from copying and pasting information out of Microsoft Office 2016 applications.
Microsoft Excel lives up to its name in Microsoft Office 2016. The latest version of this application features a built-in business intelligence tool called Power Query. This tool can dramatically change the way that you approach your data.
Using it, you can quickly combine your own numbers with figures from public databases like the Microsoft Azure Marketplace and Data.gov. After doing this, the application has another tool that lets you create detailed visualisations of the combined data.
The data analysis tool "Power Pivot" has got an upgrade and will now be capable of analysing millions of rows of data. The application will also be able to automatically find trends within your data and extrapolate them out into charts and tables.
The Tell Me feature makes Microsoft Office 2016 even easier to use. If you are ever lost or confused while working with a particular application, you can use this feature — found in the title bar of each program — to search for help. Just tell the application what you are looking for and it will offer a few options for you.
The Smart Lookup feature allows you to search the Internet for something without leaving your application. After highlighting a word and then selecting Smart Lookup, a panel will open up on the side of the screen with Bing search results for the highlighted word. The application will also scan the document so that it can provide the right information for the word based on the context.
Microsoft Office 2016 will expand on the real-time co-authoring capabilities of Microsoft Office Online. The additions will make it easier to collaborate with colleagues remotely. Microsoft has already added the co-authoring feature to Microsoft Word, and experts expect that other applications will soon have it as well.
The tech giant has also added features that let you create and manage groups from within Microsoft Outlook. Thanks to these features, you can monitor activity within your groups, read through the groups' conversation logs, and keep track of files and notes stored in OneDrive.
Microsoft has also improved the way that attachments work in Microsoft Outlook by adding a sleeker drop-down menu filled with recent opened files. After choosing a file, the application will ask you if you want to share a link to the file stored through Microsoft SharePoint, Microsoft OneDrive, or Microsoft OneDrive for Business.
A new feature called Clutter will improve the way that you manage your inbox in Microsoft Outlook. This feature will analyse your inbox, looking for the low-priority email messages that you are most likely to ignore. It will then send these messages to its Clutter folder. By moving these messages out of your inbox, the Clutter tool will let you focus on more important things.