markanyon

About Mark Anyon

This author has not yet filled in any details.
So far Mark Anyon has created 7 blog entries.

Fission June 2018 Newsletter

2018-06-21T11:02:44+00:00

 

Hello!

We are happy to announce Adriaan as an additional team member on our support desk. Adriaan is Dean’s brother, and a lot of you will have dealt with Dean over the years.

IT Security projects are an increasingly large percentage of the work we are doing in recent months. The clients that have invested in a good firewall, have an extra layer of email filtering, cloud backups, and strong password policies are certainly being affected much less than the ones without, but often it requires an IT security event before the true value of these things are recognized. Most businesses will have IT systems/Data loss on their risk register, but its the actions taken that count.

Congratulations to Ben, Steven C and James S here for their recent Microsoft Server 2016 and Cloud tech certifications.

 

UFB Speeds to International websites and cloud services

 

There is often a misunderstanding as to the difference between internet access speeds and potential international traffic speeds. Whilst your UFB connection might supply you a 200mb connection speed, that is effectively the speed between your location and the Exchange that your ISP uses. Once your traffic leaves there it is at the mercy of other network speeds, and when it leaves NZ to head off overseas to connect to things like Office 365 and other cloud services your ISP hands that traffic over to other companies.

There are many factors that can affect international speeds, most of which are not under the control of the ISP.  Your router/firewall, the receiving/sending connection speed, it’s available capacity at any given moment, the limits it may apply on individual sessions, the distance and latency to get to/from that location all affect performance.

The bottom line is if you increase your UFB speed from 100mb to 200mb, or 1000mb, it doesn’t necessarily mean that you will  see any quicker speeds to the overseas services, but your national traffic will be faster.

There are certainly premium internet services available that offer guaranteed minimum international bandwidth, but these can be quite expensive.

 

Microsoft News

 

Microsoft continues to push its customers into monthly subscription based services. In 2020 it is understood that Microsoft intends to only allow access to its online services (such as Office 365) to those who pay for their Microsoft Office licenses via subscription. More info

Microsoft have revealed that they are bumping up the SharePoint data storage allocation that comes with Office 365. Each company now gets 1TB plus 10GB per user. So, a 20 user site would get 1.2TB (1200GB) of usable storage space in SharePoint all included in their base Office 365 licensing.
This change will take effect in July. If you are currently paying for extra storage space that you will no longer need to, it can be adjusted once the new limits are in place.

 

Draytek Router Cyber Attack

 

There has recently been a cyber attack on Draytek routers which effectively takes over the router, and changes network settings so that your computers have their web traffic redirected to malicious/fake web pages.

When you login the criminals now have your username and password. The site will normally redirect you back to the genuine web site to avoid arousing suspicion.  This could be a banking site, social media, other financial site or anything else.

We are actively working through the sites we are aware of who still run Draytek routers to install the latest software update for the router (that was released as a fix by Draytek). If you have a Draytek router and are aware of any suspicious activity let us know asap!

More Info

 

GDPR

 

You may have noticed a surge in the last month or so of notifications from various companies you have used in the past who are sending out email notifications of their new terms. This stems from the General Data Protection Regulation (GDPR) regulations which came into effect on May 25th.

The GDPR is a directive our of Europe which effectively puts regulatory teeth into governmental guidance about how EU member states handle personally identifiable information.
The fines in the EU are large for non-compliance, so companies are taking notice.

More info on how it can affect NZ based companies

 

PC Productivity Tips

 

WINDOWS 10 – Did you know – you can log into a computer with a PIN number, a fingerprint, a webcam, a picture password, so there are plenty of options to make logins easy on your device!

OUTLOOK – Setup one-click Quick Steps to move emails to certain folders quickly More info

EXCEL – Quickly add an entire column or row by clicking in the first empty cell in the column. Then enter ALT + ‘=’ (equals key) to add up the numbers in every cell above.

WORD – The wrong formatting can really mess up a document, whether you’ve edited it yourself or pasted it in from somewhere else. Use Ctrl+Space or click the Clear All Formatting button (an eraser on an A on the Home tab) to remove formatting from highlighted text.

Questions around anything on this newsletter?
We are here to help – please contact us on 09 527 2100

 

 

 

Fission June 2018 Newsletter2018-06-21T11:02:44+00:00

3 reasons why computer security updates are vital to your companies safety

2018-05-08T14:35:54+00:00

 

Most of us have experienced the annoyance of waiting for our computers to update while we anxious drum our fingers wanting to move onto the next task. But rather than be annoyed, it is important to remember why we have these updates in the first place. In this blog post, we will discuss 3 things to know about why updates are vital for your company’s safety.

Hackers Exploit Out-of-Date Systems

Updates and patches are there for one main reason—to fix issues that users or the developers themselves have identified. Some of these errors allow for malicious users to hack into your computer or network and wreak havoc. You can liken a computer without the most recent updates to a business leaving their front door unlocked. It only takes someone with the wrong intent to check that door and find out it is open for them to cause whatever harm they desire.

Updates Can Pile Up

When you aren’t consistent about letting your computer update, the updates pile up and there never seems like a good time for you computer to spend an hour updating. Staying on top of your updates keeps your computer safe from being vulnerable. At Fission, we suggest planning updates for a time when your network isn’t busy. Perhaps set a weekly reminder on your phone or computer to run any updates on your computer if your device is not managed by us. Make it right before your lunch break or run updates before a meeting when you won’t be needing your device so it can update without causing any inconvenience to you.

Fission Can Help

At Fission IT, we can help manage your updates so they don’t seem overwhelming while still providing all the security you need for your computers and systems. Don’t leave your door unlocked—so to speak—and encourage staff to complete regular updates. To find out more about how Fission IT Security Services NZ can help, contact us today.

3 reasons why computer security updates are vital to your companies safety2018-05-08T14:35:54+00:00

4 ways to keep your data safe

2018-03-15T22:08:55+00:00

Security breaches can be disastrous for a business. Stolen data can result in financial liability and loss of customer confidence. Ransomware and other sabotage will lead to downtime and even permanent data loss. To avoid such outcomes, you need a comprehensive security strategy.

Access control

Only authorized people should have access to internal software and sensitive data. All accounts need to have strong passwords. Two-factor authentication gives greater protection, so that a stolen or guessed password isn’t enough to get in. Employees should have only the amount of access they need.

Employee accounts shouldn’t be accessible over the public Internet. Telecommuting is an excellent benefit, but employees should have access only through a VPN or equivalent security.

Software protection

Every computer on the network should have anti-malware software, and it needs to be regularly updated. New threats appear on the Internet every day, and any that get through to your computer can do serious damage if they aren’t caught quickly.

Spam filtering is equally necessary. If someone opens a malicious email attachment, it can mean serious trouble. If phishing mail doesn’t reach the victim’s inbox, it can’t do any harm.

Data encryption

Data that leaves the premises should be encrypted, and so should any sensitive on-premises data. If confidential information such as financial data needs to be stored, it should be in a hashed or encrypted form. Laptops and phones that hold proprietary information should use whole-device encryption.

Defense in depth is what this is about. Attackers shouldn’t have access to the data in the first place, but if they get it, it should be in a form they can’t do anything with.

Backup

People can delete data by mistake, or malware can destroy it. To keep it safe, you need an up-to-date offsite backup. If your only backup is on the premises and connected to the computer, it can be wiped out along with the original. The more frequent the backups are, the lower the risk. The backup needs to be encrypted both in transit and where it’s stored.

We are an IT company who provides managed IT support services that will keep your systems safe and smoothly running. Contact Fission to learn what we can do for you.

4 ways to keep your data safe2018-03-15T22:08:55+00:00

How to Lower The Cost of Your Company’s IT

2018-05-08T14:54:11+00:00

How to Lower The Cost of Your Company’s IT

IT operations can be expensive to handle in-house for any business. Many businesses don’t even have the ability to manage IT operations within on their own. Unless you are an IT Services company, these operations probably aren’t considered core to your business plans.

Finding IT support people to fill your staff is whole different ball game. Whether it’s knowledge and expertise or you’re trying to save on payroll, outsourcing may be a better idea.

Outsourced IT support has many benefits and it’s becoming a popular way for many businesses to manage this department. Wouldn’t you rather rest assured that your IT needs are taken care of, constantly, without the extra headaches?

In this article, we’re discussing how outsourced IT support can lower your company cost.

Keep reading to learn more.

Efficiency

Outsourcing allows a company to seek the best support and professional service available for a particular product. Outsourced IT support is no different.

IT Support Services NZ based staff will be knowledgeable and probably considered experts in the field. Their experience, coupled with fast and effective troubleshooting and fixes will save you lots of headaches. The last thing you want to deal with when you’re trying to promote your business or sales is an IT problem.

The efficiency and speed of an IT support specialist rival no other support you can get in the field of business.

Save on Investment

Instead of investing in an infrastructure for an IT department for your business, consider outsourced IT support, instead.

Outsourcing allows you to pass the infrastructure and development of your IT needs on to the specialized staff working for you. You can make it a requirement of the contract to build the IT for your company as necessary or required.

Save on Training and Recruiting

Training and recruiting, especially for IT can cost thousands of dollars to find the right staff. You want people with specialized skills that can handle a diverse workload and fix problems immediately.

You can save time to focus on other necessary functions of your business instead of arranging training programs and other meetings necessary for your IT staff. With outsourced support, you can hand the work directly over to the experts that will provide quality work, the first time.

24/7 Support

If you carry in-house support, your IT team are only working during business hours. With outsourcing, you can assign something at five o’ clock in the afternoon and expect it back on your desk the next morning because the IT support works on a different schedule.

Quicker Turnaround Times

Along with faster results, outsourced IT support allows you focus your attention on the business instead of IT problems.

Outsourcing puts some of the work on the outsourcing company when it comes to developing new ideas and concepts. They can help deliver faster products and ideas that may even give you a competitive edge.

Access the Best Talent

IT specialists can be difficult to come by, whether you’re looking to fill one vacancy or an entire department. It’s also an expensive position or positions to fill. But you want the best of the best, don’t you?

Access some of the best talent available by outsourcing your IT functions to specialists. They are knowledgeable and specifically trained to handle the daily needs of your business.

Risk Management

What if something occurs that prevents your company from running daily operations as normal? Usually, everything would stop, including IT operations.

With outsourced IT support, you can rest assured that your IT department is continuously functioning at optimal levels. No matter what stops your other daily operations from proceeding at full speed.

Consider this a risk management strategy that can even get the company back on track after a loss.

Cost Savings

Outsourced IT support is a sure way to save your company money. Outsourcing this type of work can be done for a very low cost in comparison to doing it yourself.

When you consider that the support you’re receiving from an outsourced company is professional and experienced, there’s no question. IT is an important component of your business after all. You need it to run smoothly and efficiently to keep other operations productive.

Outsourced IT support is cost-effective for the overall function of your business.

Outsourced IT Support

There’s no sense in spending extra money on IT support when you can outsource it for a significant savings overall.

Outsourcing is a popular way for many businesses to handle their costs. It’s one of the best ways to utilize your resources to the fullest. You can even stay ahead of your competition because your IT runs smoothly with outsourced support.

The benefits of outsourcing are beyond cost savings, too. Keep these tips in mind when you’re faced with the decision to outsource IT support.

If you’re ready to see what outsourcing can do for your business, contact us. We are a managed IT service provider based in Auckland, New Plymouth and Hawke’s Bay.

How to Lower The Cost of Your Company’s IT2018-05-08T14:54:11+00:00

Fortiguard releases latest IT security threat report

2018-02-27T14:28:56+00:00

 

 

 

 

 

FortiGuard Labs just released our latest Quarterly Threat Landscape report for Q4 of 2017. As usual, there are a lot of take-aways for CISOs, but a few items stood out. In particular, attacks were up per firm by 82% and swarm cyber attacks targeted the Internet of Things (IoT) with growing intensity.

 

Cyberattacks are being launched at an unprecedented rate. In fact, over Q4 of 2017 we detected an average of 274 attacks per firm, which is a staggering 82% increase over the previous quarter. The number of existing malware families also increased by 25%, to 3,317, and unique malware variants grew 19%, to 17,671, which not only indicates a dramatic growth in volume, but in the evolution of malware itself.

A deeper analysis of this trend shows that this dramatic increase in volume is probably intentional. In order to hit the maximum number of vulnerable targets before countermeasures, such as updated AV or IPS signatures can be put in place, a high volume of malware is necessary to accelerate its ability to spread more rapidly to other organizations.

But it’s not just about volume. According to our CISO Phil Quade, “The volume, sophistication, and variety of cyber threats continue to accelerate with the digital transformation of our global economy. Cybercriminals have become emboldened in their attack methods as they undergo a similar transformation, and their tools are now in the hands of many.” These increasingly sophisticated attacks are catching far too many organizations unprepared. For example, we are seeing new IoT-based attack swarms that span across malware families with new, harder to combat multi-vector attacks, along with the rapid development and propagation of new variants.

Here are just a few takeaways from this quarter’s report:

IoT Botnets

Three of the top twenty attacks identified in Q4 were IoT botnets. But unlike previous attacks, which focused on exploiting a single vulnerability, new IoT botnets such as Reaper and Hajime target multiple vulnerabilities simultaneously. This multi-vector approach is much harder to combat. In addition, Reaper was built using a flexible Lua engine and scripts to run its attacks. This framework means that rather than being limited to the static, pre-programmed attacks of previous IoT exploits, Reaper’s code can be easily updated on the fly to run new and more malicious attacks as they become available.

Devices like Wi-Fi cameras in particular were targeted by cybercriminals, with over four times the number of exploit attempts detected over Q3. The challenge is that none of these detections is associated with a known or named CVE, which is one of the more troubling aspects of the myriad of vulnerable devices that make up the IoT.

These issues are being compounded by a number of critical challenges that are slowing down the IoT industry’s ability to address this alarming growth in attacks. The first is that few IoT manufacturers have a Product Security and Incident Response Teams (PSIRT) in place that can respond quickly to new vulnerabilities. This means that after we or other researchers detect device vulnerabilities, getting that information to the right team inside their organization is often a complicated process. And second, the lack of regulations around IoT security means getting some of these manufacturers to prioritize a known threat can be even more frustrating, as evidenced by the number of exploits that have been successfully targeting known vulnerabilities for months that still don’t have an official CVE attached to them.

Cryptojacking

Cybercriminals are clearly motivated to exploit the growing interest in digital currencies. As a result, we have documented a significant spike in attacks targeted at this trend. Cryptojacking takes many different forms, and a malicious infection can result in everything from browser hang ups, system crashes, and degraded network performance to data theft and ransomware. There are three primary trends in this area, and each of them is unique in its approach.

The first is the injection of JavaScript into vulnerable websites, or delivering malicious JavaScript-based malware attached to email, that hijacks the CPU processing power of devices and uses it to perform cryptomining on behalf of the attacker. The crudest of these attacks simply utilize all available CPU, causing machines to become virtually unusable. Of course, this sort of approach has a very short shelf life, as users quickly turn off their machines and look for ways to remove the attack. New, more sophisticated attacks actually monitor device CPU and rate limit the amount of processing power they steal, often using 50% or less of available CPU power at any given moment.

Second, with the growing number of cryptocurrencies on the rise, and the dramatic growth in value of many of these making the news around the world, cybercriminals are looking for ways to exploit those individuals looking to cash in on a new opportunity. Which explains why we have detected a new social engineering-based attack that gets users to download malware by posing a link or attachment as a new crypto-currency wallet. This “wallet” then gets users to provide personal information during a fake registration process, while simultaneously downloading malicious malware, such as ransomware, onto their device. Ironically, criminals use a fake digital currency to gain access to a device and then demand payment with another, legitimate cryptocurrency to unlock it.

Finally, we are seeing a shift on the Darknet from only accepting Bitcoin for payment, the value of which has become unpredictable, to other forms of digital currency, including ransomware demands for payment such as Monero.

Ransomware

The growth in volume and sophistication of ransomware is a common thread across all of our threat reports to date. Several strains of ransomware topped the list of malware variants. Locky was the most widespread malware variant and GlobeImposter followed as the second. A new strain of Locky emerged, tricking recipients with spam before requesting a ransom. Ransomware continues to morph and leverage new delivery channels such as social engineering (e.g., cryptomining). It is also much easier for criminals to access with the emergence of Ransomware-as-a-Service models.

Steganography

Steganography is an attack that embeds malicious code in images. It’s an attack vector that has not had much visibility over the past several years, but appears to be on the resurgence. The Sundown exploit kit uses steganography to steal information, and while it has been around for some time, it was reported by more organizations than any other exploit kit. It was found
dropping multiple ransomware variants. As a result, it is a threat vector that we will be watching closely in the coming quarters.

Critical Takeaways

Traditional threat detection tools and signature-based antivirus are simply unable to keep pace with the volume, variety, and velocity of today’s malware. According to Phil Quade, “The stark reality is that traditional security strategies and architectures simply are no longer sufficient for a digital-dependent organization. There is incredible urgency to counter today’s attacks with a security transformation that mirrors digital transformation efforts. Yesterday’s solutions, working individually, are not adequate. Point products and static defenses must give way to integrated and automated solutions that operate at speed and scale.”

To address the challenges facing organizations today, security teams need to take a more proactive approach that includes the following:

Managing vulnerabilities. Organizations need to prioritize patching based on malware volume. At the same time, they need to implement advanced threat protection capabilities such as sandboxing to detect and respond to unknown threats before they can impact the network.

Being prepared. As attacks like cryptojacking gain momentum, organizations need to prioritize cybersecurity awareness programs, including educating users on how to recognize social engineering attacks. In addition, as new digital currencies grow in popularity among cybercriminals, organizations may want to stay informed of cryptocurrency trends as much as possible.

Fighting fire with fire. Malware continues to evolve, with new IoT-based attacks that swarm together to target multiple vulnerabilities and devices simultaneously across multiple access points. These new multi-vector threats must be met with integrated, collaborative, and automated security approaches that can pit swarm versus swarm. The Fortinet Security Fabric, for example, provides a swarm-like defense deployed across the entire distributed network. It leverages integrated security technologies and automation to identify and share events and notifications, correlate threat intelligence, and orchestrate a response that uses the combined resources of the entire security infrastructure to repel attacks anywhere across the extended and highly elastic attack surface.

Fortiguard releases latest IT security threat report2018-02-27T14:28:56+00:00

24 ways to protect against Ransomware / Cyber Attacks

2018-05-08T15:07:45+00:00

How can a small/medium sized business protect against ransomware and Cyber-attacks? I believe that’s by reducing your exposure through limiting your IT ‘surface area’. Small adjustments to your IT infrastructure can make your systems significantly more secure. No system is completely safe though, so plan for the worst and hope for the best!

A few years ago, malware was usually just an inconvenience, but it now has the ability to cause serious data loss and major business down time

A brief outline of some security considerations:

1.      Have a formal business process in place should you receive any communications from a supplier asking you to change bank account details for making payments so that the request can be verified as legitimate

2.      Ensure you have a good quality monitored backup solution in place which covers all business data you wouldn’t want to lose

3.      Have a disaster recovery plan that has been tested and updated every 6 to 12 months, think business continuity. Ensure responsibilities are clear and that all aspects of your IT/Comms environment are covered

4.      Have a documented process in place so that when staff leave the business all their various accounts are disabled/deleted immediately

5.      Ask your employees to take extra care, and only use their computers for business usage. Create an internal IT policy which clearly defines acceptable use. Update this document as technology changes

6.      Staff opening suspect emails is still a prime route into your PCs. Train staff and consider using a free third-party service like https://www.knowbe4.com/phishing-security-test-offer to see how prone they are to phishing emails

7.      Ensure your IT systems are updated often with the latest security patches and firmware

8.      Spread your IT risk, use a mixture of cloud services and onsite IT solutions

9.      Change over to a firewall with integrated security services, have your existing firewall policies reviewed. Don’t use a normal ISP supplied router which has next to no protection

10.   Retire old vulnerable software and hardware from your business

11.   Ensure your staff are aware of the risk of inserting an unknown USB drive

12.   Implement Mobile Management policy for your company laptops, tablets and mobile devices

13.   Upgrade to latest wireless security protocols, get rid of WEP protocols, ensure you separate your wifi networks so that any guest’s devices are completely isolated on a separate network

14.   Look at 2 Factor authentication (2FA) for protecting access to critical parts of your IT systems

15.   Add additional layers of security to email, even if it already comes with security built in. Standard filtering is often not good enough

16.   Change your passwords every couple of months, ensure you use complex passwords and don’t recycle passwords or share them!

17.   Would your business benefit from DDoS protection for critical internet connections or websites?

18.   Is your data 100% safe in the cloud, think about backing up your cloud services such as Office 365, Dropbox, Google etc

19.   Allow only authorised devices on your network using network access controls solutions where appropriate

20.   Think about Encryption for laptops, tablets and removable storage devices, consider a Data Loss Protection solution

21.   Run Security audits or independent Vulnerability Scans against your computer systems

22.   Ensure you have a relationship with a professional IT Services Auckland company that can improve your IT security and help if the unfortunate happens

23.   Desktops and Laptops should be protected by anti-malware not just antivirus

24. Did I mention backups?

24 ways to protect against Ransomware / Cyber Attacks2018-05-08T15:07:45+00:00

More international bandwidth is coming to NZ

2018-02-16T10:43:33+00:00

More International internet bandwidth coming to NZ! The construction of the $500 million fibre cable between NZ, Australia and USA is 50% done, and should be completed by June. The ship Responder docked in Auckland last week prior to laying the NZ segment of the cable which will land near Mangawhai Heads. Total capacity of the fibre link will be 43 Terabits, which is nearly 10 times the current bandwidth used by Australia and NZ! The cable will compete with the existing Southern Cross Cable which is part owned by Spark. Last year Microsoft and Facebook teamed up to connect Virginia Beach in the USA with Spain through over 4000 miles of cable, and Google has recently joined the undersea cable business and announced that it will circle the world three times over not to be left behind

More international bandwidth is coming to NZ2018-02-16T10:43:33+00:00