Around the world today you can rarely find a café, hotel or airport without access to a public Wi-Fi network. More than ever we have internet access whenever and wherever we need it.

Unfortunately, public Wi-Fi does come with a catch – data sent over a public Wi-Fi connection provides an easy way for individuals with malicious intent to capture the data you send and track everything you do. Using specialised software whilst connected to the same networks allows access to the information you send, like someone eavesdropping on a conversation in a public place.

Surveys have shown that 83% of Australians have taken risks on-line when using Public Wi-Fi and an astounding 30% of Australians have used on-line banking over a Public Wi-Fi connection.

You should also be extra vigilant when connecting to these public hotspots, ensuring they are legitimate for the café or hotel you are in. It is not uncommon for an attacker to have a phishing hotspot setup with a similar or identical name.

Things to consider if you intend to utilise public hotspots

Use a VPN (Virtual Private Network) - to connect and secure your data. A VPN allows you to create a secure connection to another network over the internet and can shield your browsing activity and transferred data (usernames and passwords) from any malicious monitoring.

Refrain from visiting any sites which require a login with username and password, especially banking, email accounts and social media. Accessing these types of sites over a public network opens you up to potential issues which may only surface months later.

When setting up your laptop or workstation in a public area, take note to face your laptop screen away from any potential prying eyes, and monitor your surroundings over time to ensure you are the only one watching what you’re doing.

For more information on Public Wifi's and web VPN's, get in touch with one of our highly experienced staff today.

What should I do with my old hardware?

An all too common trend in the IT industry is to give ex-production hardware a new lease of life running the disaster recovery site. Tight budgets often restrict capital expenditure to areas where real value is visible, and the impacts and results are noticed throughout the organisation. 

These initial savings can be quickly forgotten when an unplanned incident forces the switch over to your disaster recover site. Previous testing may have been successful on the DR equipment during your routine maintenance and test restores, but when a major incident occurs, are you confident that your DR is up to the task?

These are the questions you should ask yourself:

Will the dated hardware run our complete production workload?

How big is the impact on our users?

How long can we operate utilising the DR site before losing business?

How big is the impact on our customers?

It is not unusual for companies to consider that having high-end hardware offsite, doing nothing 98% of the time to be a waste of resources…

The key is to justify the initial expense, leveraging the DR site to provide an additional return on investment. An effective strategy is to live boot a complete clone of the production environment on a separate virtual segment, presenting a fast and accurate test development system.

Utilising Veeam combined with HPE Nimble Secondary Flash Array technology and your favourite hypervisor, you achieve a fast, production ready DR solution. Accompanied with the additional benefit of a fully functional test or development system at your fingertips that can be spun up in minutes.

If you want to learn more about disaster recovery solutions, please contact the team at Advance today.

Cyber criminals are tricking CEOs out of millions of dollars by exploiting their organisations poor business processes and fooling unsuspecting employees into transferring money. The growing trend, known as ‘CEO Whaling’, involves plain text e-mails being sent to employees’ responsible financial transactions, masquerading as their boss requesting them to urgently pay invoices. Those falling victim have no way to recover the money with insurance generally not covering international fraud.

These highly organised con artists are not just spamming companies at random, instead they’re using social media to research potential victims, taking advantage when they’re most vulnerable. For example they may identify through social media that the boss or the person responsible for financial transfers is on a holiday and that’s when they strike, sending an e-mail saying they’re about to get on a flight and need an invoice paid urgently. They use a fake e-mail address and include some personal details uncovered via social media to give the e-mail just enough validity to trick the employee into believing it needs to be done and that requesting confirmation will probably make their boss angry due to the delay caused by being on a flight and unable to respond.

Organisations with business processes that rely on an e-mail from the boss for financial approvals are at high risk of falling victim to this scam as the process doesn’t include any validation that the invoice hasn’t been modified or that the approval has come from the person with authority to approving it. Busy people find the use of e-mail in a process like this convenient as they can be sent at will from virtually anywhere, on any device, at any time, putting them at risk of being exploited. Processes that involve printing, stamping, signing and shuffling paper around for approval stall when the approver is not in the same location as the document. Allowing e-mails to be used in place of an actual signature on the document makes the process susceptible to scammers. This issue was recently reported on in The Advertiser, read that article here http://www.adelaidenow.com.au/technology/how-australian-bosses-are-being-tricked-out-of-millions-of-dollars-by-cyber-criminals/news-story/57318e06c02a8215b8d67d521a219aea.

The solution to avoid being tricked by the scammers is to implement a flexible solution like M-Files where the business process is migrated into the system with secure access provided via desktop, web and mobile app. M-Files stores a single electronic version of the invoice with security that restricts access to only the people involved. This avoids copies of the invoice being e-mailed, instead those involved all refer to the same version stored in M-Files. With the approval process managed via workflow, the approver is notified of an invoice to approve and is required to authenticate themselves to view and approve, which can be done quickly a simply via the mobile app using fingerprint authentication. The people responsible for payment are then notified and required to authenticate to access the approved invoice. M-Files keeps a detailed version history of every change the document goes through, so if the person responsible for payment wants validation that the boss approved the invoice for payment, they can review the documents history to confirm it was actually approved by the boss’s user account. The version history can be used to identify changes to the original document and can potentially identify fraud attempts where bank details for payment have been changed on an invoice. Aside from not falling victim to fraud, the benefits of keeping the records electronically rather than physically include incredibly fast retrieval of information and increased office space when you recycle the filing cabinets for scrap metal.

If you’re still using a manual process that involves printing, stamping, signing and shuffling paper around your organisation for approval that can be short circuited by e-mails, you are at risk of being scammed. If you think it won’t happen to you, think again as the Federal Government have been briefed on the severity of this trend because the losses are increasing into the millions. If you want to know more about how M-Files can help your business, please contact us.

The public cloud is a hot topic in IT today. Even though it has been around for about ten years, cloud offerings from AWS, Azure and Google cloud have made the public cloud more mainstream and easier to get onto. In some instances though companies are jumping on board without really understanding it. So in an effort to debunk some myths here are five myths to consider if you are contemplating moving to the public cloud:

1. Public Cloud is Cheaper

The AWS/Azure public cloud “pay by use” methodology was a huge game changer for companies jumping onto the pubic cloud, but there is an assumption that “pay by use” will automatically make the subscription cheaper.

It can in some instances, but it should be noted that in many cases High Availability environments will usually come out cheaper with a hosting provider rather than a public cloud option. Data out transfer costs and dedicated resource costs both come into play in a big way in a High Availability environment, and things can get very expensive, very quickly. Many companies have tried out the public cloud and have gone back to dedicated resources in a managed cloud where the investment is more reasonable and consistent.   

2. Everything should go to the Public Cloud

Due to the time it can take to tailor your application to the public cloud (not all applications are really built for the cloud/virtualization, much less the public cloud), not all companies environments are sitting in the public cloud. You really need to have an in-depth discussion with your IT Provider to determine what can be in the public cloud and what should be in the public cloud.

3. Full Security/Compliance Comes with Cloud Infrastructure

Security is much better in the cloud today than it has been in years past. Even though public cloud offerings like AWS and Azure offer HIPPA or PCI compliant solutions, it does not mean that will automatically make you compliant on moving to the public cloud. The infrastructure they provide to you is compliant, but once you configure your application on top of it, it becomes a completely different story.

4. Moving to Public Cloud is Simple

Some applications can be moved to the cloud simply, however putting a full environment that has not been configured and is technical within itself is a different story. Use your IT Provider or someone with the right expertise and experience to migrate the environment as it can get complicated quickly and without a good foundation getting your application to work on top of it may end up being expensive.

5. Managing the Public Cloud is Simple

Once someone has designed, built and migrated your application to the public cloud, it should be simple to manage from there – surely? You would think so but it is not the case! You really need to have your IT Provider work on maintaining, tweaking and scaling the configurations to keep your cloud “humming” along.

The simple suggestion here is to let the experts build, migrate and manage it for you. Cutting corners in the public cloud will come back to bite you.

For more information on Cloud & IT Services click here

We have all heard stories about people being held to ransom by their own computer, an identity being stolen online, or even credit card information and passwords being stolen. Many of these occurrences can be traced back to the end user not being diligent when opening emails, clicking on links, downloading files etc.

So here are our top 6 rules when browsing online:

1. Keep your personal information private

Personal information in the public domain can be used against you maliciously in a multitude of ways – the best way to avoid this is keep your personal information offline.

1. Ensure privacy settings are switched on

To further ensure information isn’t unintentionally gleamed from you; ensure that you enable privacy settings on web browsers, social media, etc. as some sites will try and gleam as much information as possible, whether for marketing or to sell on. This includes when they ask you to opt in - seriously consider what information you might be allowing even reputed sites to take.

1. Maintain safe browsing habits

If it sounds to good to be true, it probably is. It’s very commonplace for a tempting offer, a link to something that sounds very appealing or a notification that you’ve won a competition. One unthought-out click could expose your data or even put malware onto your device.

1. Ensure you are using a secure internet connection or WiFi network

As we discussed in our article Is Public WIFI Worth the Risk?, using a public WiFi network opens you up to all sorts of vulnerabilities as you can’t tell where your data is being routed. We strongly recommend not using any personal information or login credentials when connected to an unknown or public WiFi.

1. Be careful what you download

The easiest way for a cybercriminal to get a virus or malware onto a targets PC is for them to voluntarily download it. When you are downloading from the internet, make sure you are getting it from the provider’s webpage and from a site that you trust.

1. Maintain strong passwords

One of the biggest vulnerabilities and typically an easy target for those with malicious intent, is the end-user’s password. People tend to use passwords that are easy to remember, and typically easy to guess (or brute force). We suggest using at least a 10-character password and a combination of letters, numbers and characters. It is also common to use a password manager, which can generate a password of varying complexities for all websites, using one master password for the password manager. Obviously, it is crucial to use a very complicated password for the manager as it is a single point of failure, and enable two factor authentication wherever possible.

For more information regarding internet safety and how you can better protect your information, get in contact with one of our team members.

Is Public Wi-Fi worth the risk?

Around the world today you can rarely find a café, hotel or airport without access to a public Wi-Fi network. More than ever we have internet access whenever and wherever we need it.

Unfortunately, public Wi-Fi does come with a catch – data sent over a public Wi-Fi connection provides an easy way for individuals with malicious intent to capture the data you send and track everything you do. Using specialised software whilst connected to the same networks allows access to the information you send, like someone eavesdropping on a conversation in a public place.

Surveys have shown that 83% of Australians have taken risks on-line when using Public Wi-Fi and an astounding 30% of Australians have used on-line banking over a Public Wi-Fi connection.

You should also be extra vigilant when connecting to these public hotspots, ensuring they are legitimate for the café or hotel you are in. It is not uncommon for an attacker to have a phishing hotspot setup with a similar or identical name.

Things to consider if you intend to utilise public hotspots

Use a VPN (Virtual Private Network) - to connect and secure your data. A VPN allows you to create a secure connection to another network over the internet and can shield your browsing activity and transferred data (usernames and passwords) from any malicious monitoring.

Refrain from visiting any sites which require a login with username and password, especially banking, email accounts and social media. Accessing these types of sites over a public network opens you up to potential issues which may only surface months later.

When setting up your laptop or workstation in a public area, take note to face your laptop screen away from any potential prying eyes, and monitor your surroundings over time to ensure you are the only one watching what you’re doing.

For more information on Public Wifi's and web VPN's, get in touch with one of our highly experienced staff today.