As we are all still trying to understand what the lasting impact of the COVID-19 pandemic will be, many organisations are taking a hard look at their operating costs and looking for potential cuts. Protecting cash flow is vital right now. At Sensible we want to help you implement strategies that can help reduce your IT costs and set you up with a system flexible enough to support your business through the many changes (or pivots) you might be making to position yourselves to thrive through it all. We want to offer you guidance and support through these times, and potentially help you save some money.
Take a look at your current technology solutions. Take stock of everything you are paying for and ask yourself these questions:
• Is this the right system for my business? Does it accomplish all I need it to?
• Are we currently utilising all the tools we are paying for? Can we cut any?
• Do we lack internal processes? Are there ways I can improve efficiency and save our employee’s time?
The easiest way to reduce costs is to get rid of what’s not working. Many companies have a habit of purchasing a new tool or service to meet an immediate need. Little do they know they usually already have a tool that could meet that need, it’s just not being used properly. Here is a free tip: Do you have Office 365? Most companies get this package so they can use programs like Word and Excel, but don’t fully utilise the other apps that come with it. Microsoft teams can easily replace Slack and Zoom, and Sharepoint or OneDrive can do the job of Google Drive and Dropbox. You’re already paying for Office 365, and the tools themselves are more powerful, providing integration of your information and files across all the apps. You might simply need some training or guidance on how to implement these tools into your business processes, and we can help with that.
Is IT your core skill set? Will you ever be as efficient and skilled as a complete team of specialists? Often your time will be better spent doing what you are best at, then wasting countless hours trying to learn an entirely new skill set. Additionally, can you really afford not to do IT the right way? Payroll and training costs alone can be a nightmare. Outsourcing a portion of your IT needs to a 3rd party resource like Sensible can help you simultaneously improve your technology management, and potentially save money. If you’re currently relying on an internal IT manager or a small internal team, are they struggling to keep up with the tsunami of complex and ever-changing technology needs and services? Important competitive projects may be delayed while your team has to complete training, and you become the test environment for their new skills, increasing your risk. Sensible offers a full-service solution for your IT needs, resulting in a higher standard than most organisations can achieve in-house.
How does your current IT resource handle your technology needs? Are you currently working with a “break-fix” style of management, where you pay for problems as they occur whether or not they happened before? Or are you paying a predictable monthly fee for a process that analyses your business, looks for opportunities to improve your staff productivity and tries to prevent problems in the first place? We believe you should engage a provider like us, who trusts their systems to offer you unlimited support for a fixed fee. Those quick fixes add up quickly, and with the right solution, you can eliminate them.
As we are working remotely, it is more imperative than ever to understand how to protect your data. Protecting your finances, your reputation, and your Intellectual property can be costly, mainly if not implemented properly. However, it is even more expensive if you don’t protect them adequately at all. Adhering to compliance regulations can be costly and often means implementing and maintaining a stringent security infrastructure- do you have the expertise to do this most cost-effectively?
We could cover many more steps to take, but these are the areas where we think you can make the most impact on you and your business. If you’re hesitant about tackling this problem on your own, that’s okay! We encourage you to contact Sensible. We can help you identify these problems and guide you on how to solve them. Give us a call!
As you begin to move your company away from a physical infrastructure and into the cloud, it's important to make sure that proper security policies are in place. While you may have a general information security policy, don't think that absolves your organisation from the need for a specific cloud security policy. The dangers that come along with using cloud software or infrastructure are markedly different than those of the typical security concerns encountered by most organisations.
1. The biggest risk for most cloud applications is a breach of the cloud provider's security. Your sensitive data could be leaked.
Take the recent Ashley Madison dating website hack - it is believed that 252,000 people in Sydney alone have had their private details leaked.
There is no real way to create a policy averting this risk, so the ideal solution is to look at things from the perspective of risk management—all cloud providers need to be evaluated for risk, based on their history, the architecture they use, stated security measures in place, and the value or risk of data being stored on that cloud platform. Do they encrypt their data? Do they offer dual factor authentication?
2. The second biggest risk for organisations is employee negligence and inappropriate cloud usage. Curbing this risk requires several steps. First is identifying a point person in your organisation, usually the IT manager, who will evaluate cloud services and approve or deny requests to use certain cloud providers. Next, employees need to be informed that they are not to use cloud services unless they have been vetted and approved by the point person. Third, employees need to be trained on how to identify security risks themselves. Finally, organisational data needs to be stratified by level of security it requires, so that cloud services can be evaluated for certain levels of security. For example, while one service may be perfectly fine to temporarily store or transport low–security information, it might not be secure enough for high–security information. Employees must be made aware that using cloud services is a major risk, and not to be done without authorisation.
All cloud policies should integrate a worst–case–scenario plan. This can include plenty of redundant backups in case the cloud service storing your data goes down. It should also include a communication plan to inform your clients and customers in the event of a security breach at your cloud service provider.
Cloud services can offer your business a lot of flexibility and significant savings, but unless they are approached in a methodical and cautious manner, they can result in significant risk. A good cloud service policy is the biggest step towards minimising this risk.
Contact your IT Manager to ensure they have implemented the right risk reduction techniques that put you back in control and let you implement and enforce the policies you want.
Life at Sony Pictures Entertainment Inc. is slowly getting back to normal after becoming the victim of one of the most malicious cyber attacks in history. Sony's employees arrived at the office on November 24, 2014, to find the image of a red skull on all of their computers. The foreboding image came with a warning saying that the company's secrets would soon be revealed.
As part of an investigation into the attack, the company discovered that hackers made off with more than 100 terabytes of confidential files. The attackers also deleted the original copies of these files and wiped Sony's internal data centers. They destroyed 75% of the company's servers and used file-sharing networks to publicly release a huge amount of the stolen information.
The list of released files featured corporate documents, private emails from Sony executives, and details about salaries and bonuses. It also included the usernames and passwords of hundreds of employees, as well as personal information, such as their social security numbers.
In addition, the attackers stole a number of movies that were scheduled for release in theaters during the 2014 holiday season. They posted these films online, hitting the company even harder.
Following the attack, Sony shut down nearly all of its global IT infrastructure. This left the company's employees without any voice mail, corporate email, or production systems.
Sony's problems didn't end with the attack on its systems. The hackers, calling themselves the "Guardians of Peace," threatened to attack theaters if Sony went ahead with its planned Christmas day release of "The Interview," a comedic movie depicting the assassination of North Korean leader Kim Jong Un.
Shaken by the security breach and the threat of attacks against theaters, the company initially decided to cancel the movie's release. A wave of criticism followed the move, and Sony was forced to change its stance. The movie was ultimately screened at a limited number of theaters, and made available online by the company.
The Hackers and Their Suspected Methods
It remains unclear exactly how the attackers managed to break into Sony's networks, though security experts suspect that a specific type of malware was used to steal the data and erase the original copies. It is believed that the attackers first stole the login credentials of a high-level systems administrator working in Sony's IT department. Using this information, they were able to access the company's entire network.
The US government has stated that it believes that North Korea was behind the attack, with the FBI releasing the IP range from which the attack originated, leaving little room for doubt as to the source.
Sony clearly didn't have a disaster recovery plan. After discovering that it had been hacked, the company shut down its entire local system, rendering its landline phones, computers and corporate email system inoperable.
The company's senior executives used a phone tree to relay updates from one person to the next. More than 6,000 employees were forced to use cell phones, Gmail accounts and notepads to remain operational. The payroll department had to use an old machine to manually issue paychecks instead of using its electronic direct deposit system. The company's network remained impaired for weeks.
The attack on Sony exposed its poor cyber security practices. A lack of IT training, strong password protection protocols, and file encryption technology played a role in Sony's faulty operations.
The company's employees used easy-to-guess passwords, such as "password" and "s0ny123." The passwords, along with other important data, were all stored in one place. This made it remarkably easy for the hackers to gain access.
In addition, Sony executives sent plaintext passwords in unencrypted e-mails. The company also failed to encrypt sensitive materials related to some of its employees, such as salaries, revenue numbers, medical information, and strategic plans. Without encryption, this information was relatively simple to steal.
A large part of this IT mismanagement stemmed from a lack of knowledge and preparation. Sony failed to implement company-wide protection measures or develop an adequate computer training program for its employees.
According to the company's former employees, Sony repeatedly ignored warnings about specific vulnerabilities. While the company did carry out risk assessments, it rarely acted on them.
Physical security was another major problem for the company. According to a statement made by one of the alleged hackers, the company did not have the most basic physical security parameters like locked doors, CCTV cameras, or proximity card readers.
It appears that Sony also failed to protect itself against social engineering. Several media reports have suggested that the hackers tricked some executives into revealing passwords. The attackers also allegedly convinced some sympathetic employees to help them.
According to security experts, Sony's haphazard practices are commonplace in the corporate world. Both multinational conglomerates and small businesses are equally vulnerable in this regard. Abandoning these ineffective policies are crucial to securing a company's IT infrastructure.
Basic precautions are vital, especially when it comes to physical security. Even the little things, like failing to lock a door, can have a huge impact on cyber security.
Simple mistakes are prevalent in the digital world as well. These include using obvious passwords, repeating passwords, or sending passwords via email. Using encryption and password managers can help companies eliminate these costly errors.
Hackers are becoming more and more sophisticated in the level of their attacks. In light of these new and dangerous threats, companies must have up-to-date, comprehensive anti-malware and antivirus programs.
Finally, companies should educate their employees about IT. An awareness of these issues, along with the help of outside experts, goes a long way toward preventing attacks.
For those of you that know me, you will know that I am a massive football (soccer) fan.
So, when we were approached last year by their Chief Executive, Lyall Gorman, to assist the new Western Sydney Wanderers A-League club with their IT, I was chuffed.
This was a brand new business with no office location, no staff and no football team with the season kicking off in a matter of a few months.
Now look what s happened the impossible!
In their fairy-tale maiden season they finished as premiers of the league and have a fan base that is the envy of any sporting team.
Lyall s executive assistant, Fiona Gibson takes up the story:
It was in October last year that we gave our information technology requirements to Sensible Business Solutions. We were a brand new business in a competitive market and we just need our technology to work. Sensible understood our brief, took control and did everything, amidst the whirlwind of moving and fitting out a brand new office in Blacktown.
Kevin Spanner and his team at Sensible Business Solutions designed a full technology solution and undertook the project management of our new infrastructure.
The Sensible Project Team assisted the architects with office design, then set up our internet, network, all our servers, computers, photocopiers, messaging systems, membership photo ID system and scanning equipment. They managed contract negotiations for our phone and internet services, organised third party partners and liaised with site contacts.
We saved time because Kevin and the team were in the background sorting out any IT concerns and it was reassuring to know the expert team were in control. Sensible were given an up & running date and the team worked to enable the smooth operation of the set up so that we could continue business as usual and concentrate on our football operations. It was comforting to know that Kevin and the team were only a phone call away and always contactable.
The Sensible Team facilitated the smooth migration from our temporary office systems to our new environment which included all our email, files, settings and internet connectivity.
Sensible effortlessly co-ordinated this medium size enterprise environment with the extra challenges of a mobile workforce that need to connect to key systems internationally. Kevin and the team conducted our site relocation after hours so that we were able to finish work one afternoon and were up and running the next business day in the new environment.
The Sensible team have also been asked to provide an ongoing IT support service for our business, providing help desk and ongoing maintenance functions to keep our systems running optimally. This means that we can concentrate on running a football club and let someone who knows IT the best do the rest.
Sensible made our business their priority, making sure the project ran smoothly. We are glad they are the single point of contact for our entire IT and communications systems.
We like to think, that in a small way, we have helped the Western Sydney Wanderers achieve their amazing success.
Imagine what you could achieve with your business if you could focus on what you do best and have an experienced, full-service IT team with proven systems manage all of your IT operations?
If you would like us to take an obligation free look at your systems, call Sensible on 1300-SENSIBLE.
CEO Sensible Business Solutions