As from the 22nd February 2018, all organisations in Australia that are regulated by the Privacy act 1988 are subject to the requirements of the act covering a data breach. An organisation is required to notify any individuals likely to be at risk of ‘serious harm” because of a data breach, together with the Privacy Commissioner.
In understanding an organisations requirement it is highly recommended that an organisation seeks legal advice and guidance from the Australian Government Office of the Australian Information Commissioner website
Which data breaches require notification?
The criteria is based around the term “likely to cause serious harm.” A breach occurs when personal information is held by an organisation is lost or subjected to unauthorised access or disclosure.
If your organisation turns over 3 million then you have obligations under this act. This threshold applies to all types of organisations including Not for profit.
Note there are exceptions to the 3 million criteria and an organisation needs to seek advice as to whether they are coved by the act. If you do not turn over 3 million it does not mean you’re exempt as The Office of the Australian Information Commissioner website highlights some of the following exceptions to the 3 million threshold:
The above list is not exhaustive.
Assessing a data breach
For example, misplacing a computer or a USB stick that contains personal information where the device can be recovered by a third party would almost certainly be an eligible data breach. (source www.rk.com.au/insights/australias -new-data-breach-notification-law-what-does-it-mean-for-you/)
What are the 4 key steps if data breach occurs?
They following information is sourced from the Office Australian information Commissioner website
Contain the data breach to prevent any further compromise of personal information
Assess gather the facts and evaluating the risks including potential harm to affected individuals and where possible taking remediate any risk of harm
Notify the individuals and the commissioner as required by the act.
Review the incident identify and consider the actions that can be taken to prevent future breaches.
Do you need a response plan?
In short it is good business practice for an organisation to have a response plan. The plan is a framework that sets out the roles and responsibilities involved in managing a data breach. It also outlines in a descriptive format of the steps an entity will take if a data breach occurs.
Your data breach response plan should be in writing to ensure that your staff clearly understand what needs to happen in the event of a data breach. It is also important for staff to be aware of where they can access the data breach response plan on short notice.
You will need to regularly review and test your plan to make sure it is up to date and that your staff know what actions they are expected to take. You can test your plan by, for example, responding to a hypothetical data breach and reviewing how your response could be made more effective.
A checklist of what the plan should cover
Use this list to check whether your response plan addresses relevant issues.
This is a complex and confusing area of the law and all businesses should read widely and seek advice from the appropriate qualified personnel your legal representative.
Where does Compute Troubleshooters help you? We offer a range of services that are aimed at minimizing the risk associated with your organisation being impacted by a data breach. For more information contact your local Computer Troubleshooter on 1300 28 28 78.
Today’s business environment continues to move to the cloud and the associated cloud applications which entail a monthly subscription fee. Included in this trend is the continuing evolution of products and services with an increase in vendors and providers using a bundled approach that adds increased applications.
What happens in this situation is that often product and service names feed off each other. In the case of Microsoft 365, it is basically an extension and an increased bundle offering on the baseline product of Office 365.
Because the names are so similar and the fact that Office 365 is included in Microsoft 365, it is easy to see why businesses may think they have Microsoft 365 when in fact they only have Office 365.
Office 365 is a cloud-based suite of productivity tools including Outlook, Word, Excel, PowerPoint and other applications based on whether you have purchased the Essentials, Business or Enterprise packages.
Microsoft 365 is Office 365 plus Windows 10 Enterprise, Enterprise Mobility and Security. Microsoft 365 includes a simplified device deployment and user set up console.
Both Microsoft 365 and Office are paid for by a monthly subscription fee. The fee payable depends on the number of users and the package level purchased.
If you are not certain which package you should buy, it is recommended that you seek assistance from your local Computer Troubleshooter who can, when talking to you, assess your needs and be able to determine which package you need to meet your specific circumstances.
The key difference is that Microsoft 365 delivers an integrated platform that incorporates the office 365 productivity applications with the security of Windows 10. No more managing separate licenses and ensuring all your hardware has the latest versions.
Microsoft 365 has been built with small business in mind and the subscription-based model is very cost effective. A business owner can focus on their business while having the peace of mind that their data is protected, employees can collaborate, and communicate effectively anywhere on any device. This enables the business to grow without technology roadblocks.
If you are already using all the separate pieces then switching is an easy yes as it will be more cost effective, less time consuming and less expensive to manage.
Enhanced productivity of your team. By implementing Microsoft 365 they can more effectively collaborate with each other. Users can work on a variety of devices and they can be anywhere when working. The inclusion of Skype for Business can also mean you can still have meetings no matter where people are. This delivers enormous cost savings to a business in both physical costs and in minimizing the downtime of employees through travel.
Nothing is as simple as flicking a switch, all products and services have a variety of setup and implementation requirements. It is highly recommended that to ensure the quickest and most effective change over that you look at working with an established Microsoft partner such as your local Computer Troubleshooter who backs their work with a 100% guarantee.
It is highly recommended that you look at incorporating ongoing support from your local Computer Troubleshooter through one of the many support plans provided. Remember that with continual issues around security you need to ensure that all your policies related to passwords, user access, and email access are current and being proactively looked after.
50% of the global workforce will no longer be linked to a physical desk by 2020. Employees will work from various places and require the ability to communicate, collaborate and access vital information from a range of devices with maximum security.
59% of employees expect that their employers will provide them with the state of the art technology and tools of the trade when looking to move to a new role. Small to medium Businesses can lead the way by ensuring they are providing their employees with tools such as Microsoft 365 or Office 365.
To make certain you are taking advantage of these local technologies call your local Computer Troubleshooter on 1300 28 28 78 for a chat about your challenges and needs.
According to the Australian Cybercrime Online Reporting Network, a snapshot for the period ending 31 March 2018, showed that the top three cybercrimes reported have not changed in the past 12 months. The three top cybercrimes are Scams 51%, Purchase scams, 22% and 7% cyberbullying.
The biggest age bracket that falls victim to cyber-crime has also not changed in the last 12 months. The age bracket most susceptible being, the 20-40-year-old age bracket with email, social networking and website advertising, as the three top targets of cybercriminals.
For the residential non-business person, it is important to continue to think of Mobile devices as mini computers. Mobile device users must use a password, be aware when using Wi-Fi networks and ensure that they log out at the end of a session. Spam filters and a reputable Anti-virus solution needs to be deployed across all devices.
Other factors to consider are ensuring that you do not open unknown links or attachments that arrive in an email, protect your passwords and do not give them out under any circumstances. Remember there are a lot of people who have false identities on the internet. They are not necessarily who they say they are.
Is it any different for Small to Medium Business?
The small to medium business environment continues to face the threat of cyber-security daily. The Stay Smart Small Business guide highlights that 59% of Australian organizations have their business interrupted by a cyber breach every month. Cybercrime reports indicate that 43% of all cyber-crime targets small to medium businesses and that 80% of hacking-related data breaches involve weak or stolen passwords.
This is no comfortable environment for small to medium businesses to operate in. Reports and statistics continually show that a small to medium business needs to have the right support in place, so they can have confidence that they can minimize and mitigate the risk of cyber-crime. This is where Computer Troubleshooters are well placed to provide this assistance and guidance to a small to medium business. Computer Troubleshooters have a range of proactive subscription-based plans that target the needs of Australia’s small to medium businesses.
What’s the impact of a security breach?
A recent Telstra Security Report 2018 identified that the loss of productivity is the major impact followed by corrupted business data, loss of intellectual property, loss of reputation, loss of customers, loss of trust from customers and partners and increased stress to workers.
This is not new, but it highlights the need for businesses to adopt the approach of being alert, prepared and responsive.
What does alert, prepared and responsive mean?
Alert means that the business is aware of the importance of having a strategic and an action plan to ensure that it is minimizing and mitigating the risks to its business. It’s a constant discussion topic between the employees of the business and the owners, sharing of experiences take place. Policies are developed to minimize risk.
Prepared means undertaking steps such as developing an action plan, investing in a program of education for staff, conducting regular security audits so you’re aware of the risks, investing in software across the endpoints and network structures to minimise risks, implementation of a back-up solution, and engagement of a trusted technician to effectively support the organisation.
Responsive means that the organization has in place a proactive support plan that is provided by their trusted technology partner such as Computer Troubleshooters. Some elements that are being undertaken proactively are such things as patch management across all applications and operating systems, application whitelisting, management of administrative rights and network access, proactive policy implementation around password management, monitoring that the backup solution is working, implementation of the latest technologies and processes such as two-factor authentications.
How can Computer Troubleshooters assist you with Cybersecurity?
Start with a security audit and discussion about your business security needs. Seek information from a local expert who can guide you through the key questions you need to address for the size of your business.
Review the plan options around the Total Protection Plan, incorporated with a Microsoft Office 365 discussion, understand the backup options and finally ensure you have monitoring and at least patch management included in your plan to minimize the risk of a cybersecurity breach.
The Office Australia Information Commissioner Quarterly report identified that the biggest source of reported data breaches was caused by Human error, closely followed by malicious or criminal activities. The message is, do not forget to educate your staff.
For further assistance call your local Computer Troubleshooter by calling 1300-28 2878 or visit www.computertroubleshooters.com.au
Voice communications over the Internet Protocol (VOIP) delivers a range of benefits to businesses when looking at the challenge of Business communications. The key benefits that have driven the growth of VOIP are cost-savings, efficiency flexibility, and scalability.
Francisco Soliano JR Managing Director of Computer Troubleshooters East Perth sees “the biggest factor for clients in deciding to implement a VOIP system is cost-effectiveness and the speed with which a system can be deployed minimizing disruption to the business.”
A solution for communication needs to cover smartphones, landline communications and video conferencing, hence the term Unified Communications is often used when discussing a solution.
What are some of the trends impacting communications?
The introduction of modern technologies continually changes the way society acts, expectations and behavior. Think how the introduction of email has disrupted traditional mail, the introduction of the mobile phone and wireless technologies have all impacted on the way we communicate and act.
Some of these changes are:
What does this mean for a business today?
It means that if you have not at least assessed the area of VOIP and Unified communications then you may be limiting the capacity and viability of your business to compete against your competitors.
The starting point is to have a discussion with your IT provider about Unified communications and understand what your options are. One consideration in the discussion is the whole issue of security of your networks. Why? Because if using a VoIP then the solution sends the calls through the same path your network used for internet and other traffic. This naturally increases risk hence the conversation needs to cover security.
How can Computer Troubleshooters assist?
The local computer troubleshooter can consult with you about your requirements and then assist you in selecting a provider and then assist in the changeover. Computer Troubleshooters East Perth Managing Director Francisco Soliano Jr recommends the Fonality solution because of the ease and speed of deploying the Fonality system. Effectively the handsets are pre-configured and in effect, it’s a plug and play system. The costs are clear and the flat fee model of Fonality makes it easy to understand the costs and the returns.
Call 1300 28 28 78 to locate your nearest Computer Troubleshooter for a discussion on your needs.
Virtually every day, Computer Troubleshooter’s engineers receive an inquiry from small business clients and residential customers asking for assistance with recovering data files. By the time they call, panic has set in as they fear that they have lost their valuable information. The client is often willing to do anything to recover the file and the valuable information contained in the file.
In today’s environment clients are constantly storing data in digital format using a variety of devices. The risk of human error is ever increasing, and it is a known fact that over a quarter of data recovery requests are a result of human error.
Customers are often relieved when they hear that accidentally deleted files have the greatest chance of being successfully recovered. It is still a complicated process and often involves using data recovery software to achieve the recovery. Data recovery software is required to examine the storage of the computer to find the remnants of the deleted data files and then extract them back into a recognizable form.
Computer Troubleshooters recommend that if the information is valuable then you should have a data backup solution in place. This applies to residential clients as much as business clients. Key elements of this solution today are to include a cloud storage element enabling you to recover files quickly and efficiently. Computer Troubleshooters also recommend that the solution needs to include regular maintenance checks confirming that your data has indeed been backed up. Look at our affordable monthly subscription plans.
What to do if you accidentally delete a file?
Don’t Panic – we recommend that you keep the computer turned on, and all applications open while you investigate the simple solutions below:
If you tried these simple solutions with no luck, then it may be time to get serious,
After completing the above procedures you may have recovered your deleted files. Of course, being proactive about protecting your data is always the best protection. Back up regularly whether it’s for your business or your personal data. Denial is not a river in Egypt.
Even with a tested and reliable backup system, sometimes unexpected accidents can still happen. 74% of data recovery involves physical damage or corruption which can happen to all data storage devices including hard drives, cell phones, and memory sticks.
For the more sophisticated problems we can use our Data Recovery Partner for the following specialized data recovery services:
Computer Troubleshooters is Here to Protect You and Your Data
If you have accidentally deleted files; don’t panic, if approached logically the deleted files can generally be retrieved.
If you need for help recovering a deleted file, or more serious data recovery services, or assistance in establishing solution call Computer Troubleshooters and one of our technology professionals can help you.
Ho Ho Ho – Have a virus-free Christmas and a malware free New Year. It’s only a few days and holiday season will be with us. At this time of year, we often see an increase in malware activity and clients concerned about shopping online. This article is intended to help our clients and prospective clients stay virus free. Christmas has always been a virus author’s paradise, and a computer user’s nemesis.
The short-history of Christmas malware.
Hints for Staying Safe and Virus free.
Microsoft Office 365 provides so many benefits for an organisation in terms of increased productivity, mobility and access to your data and communications no matter where you are allowing a quicker response to problems. All this, plus greater collaboration between staff members due to the power of the cloud.
For many organisations the fear of the unknown stops them from reaping the benefits of Microsoft Office 365 but once you have experienced its power there is no going back. Computer Troubleshooters as an Office 365 expert helps organisations minimise the risk and disruption of a migration to Microsoft Office 365.
How does Computer Troubleshooters mitigate the risks of transitioning to Microsoft 365?
The key services provided by Computer Troubleshooters include an initial IT assessment. This is supported by the development of a plan that outlines how an organisation can benefit through the application of Microsoft Office 365 in terms of daily communications and workflows. This includes a plan for migration and the ongoing maintenance and management of Microsoft Office 365.
One of the key benefits is less headaches around licence version control, renewals of licences and ensuring all licences are legitimate, let alone concerning yourself with infrastructure (email servers, back up security) to run your email system.
This combined with a subscription monthly fee means it is a lot easier to plan and budget for the IT expenditure related to software, infrastructure and maintenance of your IT System.
How does support work for Microsoft Office 365?
For a small monthly fee, you can engage your Computer Troubleshooter technician to manage your Microsoft Office 365 environment. This means you have peace of mind and a first level of response with a person you have trust in and a person who understands your business.
Your Computer Troubleshooter technician will constantly ensure that you are managing your users, maintaining and resetting passwords. At the same time, they will be checking that your system is running at optimal performance and therefore they are preventing issues that may be brewing.
Microsoft offer standard technical support and if an event is classified as critical, this is defined as an event that prevent you from accessing or using services, you can expect a response within one hour. Microsoft Office 365 support is focused around the operation of their centralised hosted applications theta they control within their data centers.
Why engage a professional technician to support your Office 365 implementation?
The simple reality is that for every minute your business is affected by an IT event that creates downtime then your businesses productivity is impacted and as a result impacts your revenue, and profitability.
The other factors to consider are cost control as you now have affixed monthly cost that is directly aligned to the number of staff you are employing. You only pay for what you need supported.
As Microsoft 365 is a cloud product, so consequently there is rarely fees for call outs as the product is supported remotely by the technician.
Access to an expert who specialises in Microsoft Office 365. This means you can rest easy knowing that your local expert is able to utilise their years of experience to your businesses benefit. Microsoft Office 365 is a critical platform of your business and by outsourcing to the specialist means no headache employing people, training them and managing their performance. All these activities are draining and divert your attention away from your core business activities.
How does Microsoft Office 365 allow my business to grow?
Given today’s changing technology environment, changing expectations of the younger generation, and the need for greater flexibility as to where employees work, Microsoft Office 365 allows a small business to meet these challenges head on.
How? With the power of the cloud, flexible communication technologies, and the applications available MS Word, MS Excel, Powerpoint, Outlook and Skype for Business, allows each small business to develop efficient collaboration between staff and increased communication capability between staff no matter what location, device being used or time of day.
It means every business can look professional and compete against each other no matter what size they are.
A Dimensional research survey of 300 SMB professionals indicated that the key requirement, for small business is “anytime, anywhere access to data and applications makes employees more effective” (1) using Office 365 enables this ensuring that a business is maximizing the opportunity for staff to be more productive, through effective sharing of documents no matter where your team is.
The new generation of workers are using mobile technology at levels we have never seen before. They are mobile in nature and expect to be able to work from any device. Email delivered to the phone, the ability to access documents and work on those immediately is all possible on the phone with Microsoft Office 365.
What is your first step to make certain you are utilising Microsoft Office 365 effectively or the first step to see how you can benefit from Microsoft Office 365 is to call your nearest Computer troubleshooter on 1300 28 28 78 or visit www.computertroublehsooters.com.au
1) Bridging the Information Worker Productivity Gap: New Challenges and Opportunities for IT, IDC, September 2012
The latest Security Flaw: Wifi KRACK
Sounds scary and technical, another vulnerability, another frightening acronym KRACK, makes one think what is the risk and how does one overcome this concern?
It’s been everywhere in the news, social media and blogs for the past week and this article will aim to try and simplify the technical side and answer some of the questions one has.
What does KRACK stand for?
Discovered and named by Marty Vanhoef a Belgian researcher, KRACK stands for Key Reinstallation Attack. This in effect is a security flaw which allows a hacker (attacker) to break the internet communications between a router and a device. For the weakness to be exploited though the hacker needs to be in close physical proximity of the access point of the communications.
What does this mean for an individual or a business?
It means there is a potential for a cyber security incident where the attacker can capture or interrupt the flow of information from your communications or they can use the weakness to potentially inject and manipulate data. For example, this may mean an attacker injecting ransomware or other malware into websites.
What is at risk?
Like all vulnerabilities, the risk is the loss of sensitive information such as credit card numbers, passwords, emails, photos, and documents.
What is the most likely scenario for a KRACK attack?
This is difficult to say as there are potentially so many situations, however, one potential target is those organizations that provide wifi access without a lot of IT resources. An example of this would be your local coffee shop.
Is changing passwords the best way to protect myself?
Changing passwords regularly is a basic security measure that is recommended, however, this will not prevent or mitigate an attack. In fact, the key element to protect yourself includes ensuring all devices are up to date with the latest updates. This includes ensuring the firmware on your router is updated.
A simple tip is to ensure you have automatic updates turned on which will help ensure you have the latest versions and protection installed.
Until you are sure that your device has been updated limit your usage of public networks especially with phones utilizing the Android operating system.
Only transact with websites that have an SSL certificate meaning that the sites URL will start with https instead of HTTP. This in effect means the site is using encryption which therefore makes it difficult to see what data is being transferred.
Keep yourself informed and be sensible with your usage of public wifi if in doubt do not connect and turn the wifi option off on your device. If still uncertain contact our nearest Computer Troubleshooter on 1300 28 28 78 and ask for a KRACK risk assessment.
Cyber security threats are continually evolving. Viruses, worms, trojan horses, spyware, phishing, adware and scareware have all been around for a long time. Lately, one particular form of malware known as ransomware has been creating havoc with businesses and organizations worldwide.
Ransomware when detonated works by locking up your files using encryption. You are then asked to pay a ransom to get the code that allows you to unlock your files. Lately, some cyber criminals don’t even add value to this “service” they offer. They just take your ransom and don’t give you the code.
Many customers we see during our daily work (and rescues) don’t even have the most basic cyber security measures in place. This article is intended for the non-technical amongst us to assist and educate about the need to protect computer users against these ever-evolving cyber threats.
In every case we have seen so far, the ransomware package has been physically detonated by a human using the endpoint. Ransomware mostly arrives in email as either an attachment or as a link to a malicious or compromised website. It can also be spread from software downloads, websites and advertising delivered over online ad networks.
What can you do?
Educating yourself and your employees are the #1 defense against cyber criminals.
The most basic cyber security needed on your computers and network.
Beyond basic – The next level of cyber security measures.
Once the basics are covered off, we can then talk topics like firewalls, VPS, cloud virus and spam pre-filtering of emails, changing settings in software, 2-factor authentication, and an application that detects and stops unauthorized encryption etc. These will give a much more comprehensive solution beyond basic, however “comprehensive” is probably beyond the scope of this document titled “Basic Cyber Security” and would make it rather long and too technical.
How can Computer Troubleshooters help?
Technical Stuff/Further Reading
Australian Government – Australian Cyber Security Centre – Essential 8 Explained PDF Download
The facts according to the Boston Computing Network’s Data Loss Statistics, are that 60% of companies that lose their data, will shut down within 6 months of the disaster. This is something that every business wants to avoid.
The following article provides a high-level understanding of how, as a business owner the question for you is one of Business Continuity of which Backup is a key component.
What is Business Continuity?
Business continuity involves a mindset of being proactive and putting plans, processes and systems in place, so that when the unexpected occurs you can return to normal operations with minimal delay thereby reducing the level of disruption and cost to your business.
The aim is to ensure that all essential functions can be up and running or be returned to operational status quickly during various unexpected events such as a natural disaster (Flood, Fire), cyberattacks, theft, or major IT system failure.
What is involved?
The key aspect is to develop a plan that then is well communicated and understood by your staff so they know what to do when the disaster occurs. Like all plans, if it is not communicated and shared then it’s not worth the paper that it is written on.
The process of writing the plan involves identifying the key risks, identifying the ways you can prevent those risks occurring for instance:
Then the last element of the plan is documenting the steps in responding and recovery if an incident occurs that does bring down your systems.
Businesses today are more reliant than ever on IT, one of the biggest threats these days being a cybersecurity breach. A fair portion of the plan will need to focus on recovery from an IT disaster.
The plan will need to be reviewed regularly as a business grows and circumstances change and the recovery processes should be thoroughly tested to ensure it will work.
What are your backup options?
There are many options available to businesses these days for backup. With today’s modern technologies and cloud storage services, a hybrid combination of traditional on-site backup plus off-site backup to the cloud, has become the popular choice amongst businesses wanting to ensure high levels of continuity.
The key questions in making a choice is determining the level of risk and the importance of the system and the data that is being backed up. Answering these questions will impact on the choice that you make. You can see I have not mentioned cost or price. One might ask Why? Well because you need to remember this is about having a solution that will minimise the cost of failure which will far outweigh the cost of the solution you choose.
If you are not certain about this statement ask somebody who has experienced the loss of data due to a failed system backup.
What are the traditional onsite backup options?
Onsite with machines all backing up either to tape or disc and then being stored onsite. Usually scheduled to occur daily, every couple of days, or weekly. The greatest weakness is that if something happens to the premises the backups can become corrupted and lost and an external service provider such as Kroll Ontrack may need to be used to try and recover the data.
To overcome the above weakness some business’s will transport the discs/ tapes to an offsite location where they are stored.
What is happening today?
The cost of online storage has reduced with the introduction of data centre services and the continued adoption of cloud storage services. Today most businesses will have a recovery strategy based around using cloud storage, with onsite backup devices that then replicate to a data centre.
The drivers behind this are many but one can put it down to speed of recovery, ability to quickly monitor and ensure backup has occurred, hence no unpleasant surprises if a data loss breach or cyberattack occurs.
The first step is to make sure you have a plan and an understanding of your options. This is where you should have a chat with your local computer troubleshooter to understand how they can help you to minimise the disruption to your business from a data loss/breach. Visit www.computertroubleshooters.com.au to locate your nearest provider.