The primary cyber threats faced every day by employees are phishing attacks. Phishing is a form of social engineering used to steal data or compromise usernames and passwords of employees. An attacker will send an email, instant message, text message or social media message impersonating a trustworthy source, such as a reputable business or even another employee.

Their intent is to trick the recipient into clicking on a malicious link to either install malware such as ransomware or provide details which would allow the attacker to gain access to corporate data and circumvent other cybersecurity defences. Once access is established, it is generally a matter of time before a data breach occurs, which can be devastating to a business.

Between 86% and 90% of cyberattacks start with, or involve, users and user behavior. This was found by Kaseya and Cisco.

Business Email Compromise (BEC) attacks, which focus exclusively on exploiting the ‘human factor’ are now the leading cause of cyber-related financial loss for Australian businesses. BEC attacks only account for 7% of all cybercrime, but the average successful attack costs the victim organisation $50,673 (ACSC 2020-2021 cybercrime report)

Also in the cybercrime report, the ACSC found the average costs of each successful cybercrime in Australia to be $8,899 (Small businesses, 1-19 staff), $33,442 (Medium businesses, 20-199 staff) and $19,306 (Large businesses, 200+ staff).

In a separate report, the ACSC found that 62% of SMBs (<200 staff) had been the victim of a cybersecurity incident. These stats make a strong case for cyber risk mitigation investment, and user training is a important pillar of a cyber risk mitigation strategy.

ACSC: Cybercrime reports and average reported loss by organisation size for financial year 2020–2021

Download the whitepaper to read more on how you can ensure your staff are prepared and trained to handle cybersecurity threats.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

As of 2022, ISO27001 is the most well-known information security standard, however few people outside of compliance experts know what it entails.

ISO27001 (full name, “ISO/IEC 27001:2013 – Information technology – Security techniques –   Information security management systems Requirements”) is an international standard for information security management.

Because of this status as a standard, organisations can undergo a process to obtain an ISO27001 certification from an external auditor. The resulting certificate can be used to evidence to external parties that the business has implemented rigorous information security controls in line with an internationally recognised specification.

Such a certificate can lead not only to the opening of new markets and increased competitive advantage, but also to reduced costs and improved performance in information security.

However, ISO27001 can be a time- and resource-consuming certification to achieve, and some organisations have found better outcomes by targeting their budget more directly at implementing security controls, rather than achieving certifications.

In this paper, we look at what ISO27001 requires of organisations, and investigate if Australian SMEs should consider the certification process. We not only discuss the standard and what it entails but also look at and compare other standards such as Essential 8 and NIST.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

Don't Get Hooked - Phishing

Did you know that you will receive an average of 14 phishing emails this year?
Did you also know that 90% of cybersecurity incidents start with a phishing email?
Are you confident you can spot 100% the signs, 100% of the time? Because even highly trained cybersecurity experts still occasionally fall for well designed Phishing emails…

Look out for:

• Urgency – Phishing emails will often use urgency and importance to make their victims act quickly without thinking through the consequences. A link to an overdue bill or outstanding payment, a document with details of a payment about to be made from your bank account, these are all examples of ways phishing emails will try to make you act quickly, before you notice it’s a phishing email.

• Senders – To try and make an email appear legitimate, the sender may try to fool you into think they are a legitimate contact. They might change the first name associated with their email account, such as Ebay (ebay@gmail.com) , or create new email addresses that look like legitimate ones (can you tell the difference between accounts@microsoft.com and accounts@mcirosoft.com?)

• Look closely at the Domain – Phishing emails will try to hide the actual website they are trying to send you to, such as using shortening services, like https://bit.ly/3JMHq9k, or by hiding the real link behind a legitimate looking one, such as www.microsoft.com.

• Too short or too long – Phishing emails usually go one way or the other, either overloading you with information to make you believe its real, or giving you so little information you feel you need to click the link or open the attachment to understand what’s going on. An example might be an email from a known sender that just says ‘here’s your bill’, with an attachment. Many recipients will open the attachment to understand what the bills is for.

• Requests for password or payment – Phishing emails are usually trying to obtain either your password, payment information or personal information. Be suspicious of any email that requests these, or links to a website that requests them.

Be on the lookout for anything suspicious. Double check everything, use google rather than the links in the email, and if it still seems suspicious report it to IT!

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

Did you know cybercriminals are now targeting your mobile phone?

Cybercriminals love banking details, saved passwords, business data and even personal photos (to copy, delete then sell back to you), all of which can be found on our phones these days.

Unfortunately, many of the tools that protect computers aren’t switched on by default on phones, and that makes them the perfect target for cybercriminals.

We’ve all seen the SMS messages claiming to be ‘missed calls’ or ‘package tracking’, but which actually spread viruses, but how many of us have installed anti-virus on our phones?

Did you know almost 230,000 phones get infected with viruses each and every day? That’s more than 80 million a year…

How to keep your phone secure:

• Pin Codes – The Pin code to your phone is like the keys to your front door, and all your filing cabinets. If your phone is ever lost or stolen, the PIN code will stop anyone accessing or using it, but it will often act as the key to unlocking any files which are accessed remotely. Make sure a 6-digit pin code, or long password, and Face/Fingerprint ID are set up on your phone.

• Anti-Virus – Viruses exist on phones just like they do on computers. There are many different options from different vendors around to help protect your phone, install one ASAP!

• Updates – While operating system and app updates are annoying, they are also essential. Each time you see one that means the developer has found a problem that cybercriminals could exploit, so install them as soon as you can.

• Fake Apps – One sneaky way cybercriminals will try to get viruses onto your phone is to create fake apps. They will find a real company that doesn’t have an app, and use its name and logo on an app created by the cybercriminal. Unsuspecting users think they are downloading an app from a well known company, when in fact it’s a virus.

• Corporate Data – While we understand its well meaning, only set up your work emails and access corporate systems with your personal phone if your IT department allows it.

• Encryption – Encryption is a way for your phone to lock all your files while you are not using them. When switched on it means that data stolen from your phone is useless without your password.

• Lost device features – Switch on any ‘find my device’ and remote wipe features. That way if you lose your phone you can track it, or at least wipe it so no one can access all your banking details and personal photos.

Modern phones are really just small laptops, and therefore are vulnerable to the same issues, such as links from unknown senders, malware and viruses. Given how much our smart phones can access, and how much personal data they hold, we all need to be sensibly cautious in protecting our phones from cybercriminals.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

Log4Shell, or Logjam, is the name security researchers have given the disclosed vulnerability that threw security experts into crisis mode in early December. The name comes from the software package which has the vulnerability, which is called Log4j and is a part of the very common programming framework, Java.

In short, it is an extremely easy-to-exploit vulnerability that affects millions, if not billions, of devices, systems and programs worldwide, making it a very serious concern in the world of cybersecurity.

In this whitepaper we explore what the vulnerability is and why is caused such great concern.

WHAT IS IT?

The vulnerability exists within a standard way for systems to record information about what they are processing, known as logging. A computer may log information entered by users, such as usernames or clicks, or system data, such as error messages and error times. These logs can then be used later to troubleshoot issues, or better understand how the computer is working.

The Log4Shell vulnerability exists because when a specific, malicious combination of text is logged, the logging computer sees the text as a command to be executed rather than information to be entered into the log. The malicious command tells the computer to connect to a separate, external computer and download a program. If the attacker has written the text correctly, this second computer will be one they control, and the program it downloads will be anything the attacker chooses, likely something malicious.

To continue reading, donwload the whitepaper below:

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

In today’s digital and interconnected world all organisations, regardless of their industry or size, are becoming more cyber security aware. But without a large team of experts to guide them, how do they know if they’re doing the right things, and how do they know if they’re doing them well enough?

To help answer these questions, the Australian Government has produced a framework called the Essential 8 which organisations can use to identify, implement, and mature their cyber security and cyber defence strategy.

Since the Essential 8 was introduced, there has been a growing trend to use it not only to improve organisations’ cyber security, but also to evidence cyber security maturity externally. The Essential 8 already form the basis of mandatory cyber security requirements for all 98 non-corporate Commonwealth entities, and various state and federal government policies have been implemented to enforce regular assessment, adherence reporting, and minimum achievement standards against the Essential 8 for suppliers within the public sector.

Such a level of supply chain transparency is also becoming more commonplace in the private sector, with more and more B2B procurement processes taking into account cyber security maturity and following the government’s lead in using the Essential 8 as a reference point with which to measure it.

Whether to improve their own cyber defences, to become eligible for public- sector procurement or to become more competitive in private-sector procurement, business leaders need an understanding of the Essential 8 as it is quickly becoming the de facto standard for measuring and evidencing cyber security in Australia.

This paper explains the Essential 8 framework in plain English so business leaders from all background can gain a working knowledge of how these cyber strategies and maturity criteria can be used to improve defences and gain advantage over competitors.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

The best way to set a strong password is to use a password manager, which we covered in a previous blog. If, however, this is not possible, the below represents the best advice on how to create strong passwords you can easily remember.

Years of ‘at least 8 characters, must include lower case, upper case, numbers and special characters’ have actually made our passwords less secure and easier for criminals to guess.

While creating these passwords is better than using a single word, the complexity leads to them being hard for the human brain to remember, and result in passwords being written down and reused with only minor changes. Both of these factors greatly undermine a password’s security.

There is a much better way to create passwords that are easy to remember, but still long and strong, which is a Passphrase. A Passphrase is a short phrase in place of a password.

It’s unlikely most people could remember lots of different 20 random character passwords, but most people can remember lyrics from their favourite songs, which will contain more than 20 words and hundreds of characters.

To create a passphrase, try this:

First, take six random words, for example: ‘crystal apple long truck high jump’

Next, create a picture of the words in your head, like so:

Finally, make it unique by adding in the name of the service in a random way:

‘crystal apple long truck Facebook high jump’ or ‘insta crystal apple long truck high jump’.

Now you have a password that’s quite easy to remember, but also 40 characters long and almost impossible to guess.

Even using the best modern computers and techniques, it would take a guessing program longer than the life expectancy of the earth to guess that password!

So, next time your asked to create or change a password, think passphrase.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

There are several methods criminals could use to obtain a password/passphrase, they include:

• Brute forcing - This is the term given to the method discussed earlier of using a computer program to make lots of random guesses very quickly. This is the primary reason we need long and complex passwords/passphrases, as it makes this process much harder, and take much longer.

• Phishing - Pronounced ‘fishing’, is a social engineering technique where criminals create emails and websites, often using well-known brands, such as google, amazon or financial institutions. They then trick users into entering a username and password, which is then sent to the criminals rather than the legitimate organisation.

• Breaches - A breach is when a criminal gains access to a website or system’s list of usernames and passwords, often through a security flaw. When this happens the criminals usually gain access to every username and password registered with that website.
  This doesn’t just happen to small websites that can’t afford good security, some recognisable names have suffered very large breaches of varying severity.

  • Facebook - 540,000,000 user records breached

  • eBay - 145,000,000 user records breached

  • Equifax - 147,900,000 user records breached

  • LinkedIn - 165,000,000 user records breached

  • Yahoo - 3,000,000,000 user records breached

• Criminal Collaboration - after one of the above techniques has been used successfully, criminals will often sell and share the usernames and passwords they have gained access to. In some cases, these are then compiled into large databases that contain millions of stolen email address and password combinations. Many times, these large databases will be published publicly online, giving access to anyone and everyone.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

Password Managers

Password managers are growing in popularity, and are highly recommended for all business and users.

Password managers randomly generate very complex, very long and unique passwords. They store them securely, along with other account details, so the user doesn’t need to remember them on each login. Password managers will also automatically prefill account and password information, greatly improving the experience of users who regularly login into multiple different websites or systems.

Once set up, the user will only need to type one password and then enjoy a seamless, one click login experience while simultaneously getting the benefit of very secure passwords.

Key features of a good password manager are:

• ‘No Trust’ architecture – this means all data is encrypted before leaving the device, so even if the password manager infrastructure suffers a breach, the criminals can’t read any passwords.

• Generate passwords – In order to be effective a Password Manager must generate long, strong, unique and random passwords.

• Multifactor Authentication – As a Password Manager will hold all passwords, it is critically important that it is highly secure. A good password manager will have the option for MFA to be used on every login.

• Breach Monitoring – No matter how strong a password is, accounts can be compromised if passwords are given to the wrong person as a result of being tricked. Good Password Managers will monitor various dark web and underworld websites, and notify the user if their email addresses are included in the data criminals are exchanging

Unfortunately, password managers don’t always work for every corporate and personal application. They also need an initial password or passphrase from the user, and so the ability to create and remember strong passwords is still an extremely important skill for all users.

Why do you need different passwords?

There are many ways that a criminal could come to learn a password through no fault of the users. Once a criminal has a password, the length and complexity no longer matter.

As soon as the criminal has a password, they will begin trying it on as many systems as possible to see if the user has used the same password on facebook, Instagram, Hotmail, gmail, and so on.
Often this will be automated, with the email address and password combination tried on thousands of websites within seconds.

Other times the process my be more targeted, with the criminal using the email address to locate the user on LinkedIn, finding out where they work, then attempting to use the user name / password combination to access corporate data.

The uniqueness of the password prevents this, and ensures tthat if a password does become known, the breach is contained and the criminal only has access to a single system where the password was first set.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

Multi-Factor Authentication (MFA) or Two Factor Authentication (2FA or TFA) is when a secondary (or more) authentication method is used to verify the users identify. This is normally carried out by validating the user has something physically (such as a smart phone, token, smart card etc) or that they are something (such as biometrics including fingerprint and face scan technologies). Modern MFA techniques leverage smart phones and one-time codes via SMS or app-based login approval.

It’s now commonly accepted that modern MFA techniques block 99.9% of attempts to take over an account, but why is this?

In traditional criminal investigations, investigators often look at three key elements, means, motive and opportunity.

Unfortunately, with account take over, particularly when the system is internet based, all that is required to carry out an attack is an internet connected device, anywhere in the world. This means that billions of people have both the means and the opportunity to commit account take over attacks.

Multi Factor Authentication combats this problem by requiring a secondary verification method which is much harder to fake from different physical locations.

When a Modern smart phone is used for MFA, a third verification is often added, seamlessly to the user. Most modern phones will require either a pin code or face/fingerprint scan to unlock them, and in doing this the user has provided a third identity verification.

It may not seem like a much, but by glancing at an iPhone and pressing the accept button within an authentication app, the user attempting to login has verified that their face biometrically matches the face of the approved user, and they have performed this biometric check on the only device in the world that will allow access.

Defeating MFA is not completely impossible, but in most cases gaining access to an account protected by MFA becomes far too hard for an attacker, and they look for easier targets.

The usual process of a criminal breaking into an account would involve them using a list of a million or more-email address, along with a database of billions of possible passwords and using a high powered computer to attempt combinations over and over again until one works.

When an account is protected by MFA, breaking into that single account would require targeted physical action, such as pickpocketing a device or sim-swapping, then the attacker would have to overcome the devices biometric verification, only then could the criminal begin attempting to guess the password, and each guess would take several seconds, rather than millions per second for non-MFA protected accounts. Its for these reasons that MFA is able to block 99.9% of attempts to illegitmately access accounts.

Almost no criminals have the means to overcome MFA, and even those that do know that they will have much more lucrative results pursuing the other 999,999 accounts, each of which can be targeted in a matter of hours, rather than spending many weeks trying to break into a single MFA protected account.

MFA should be set up where ever it is available, but if that is not possible at the very least it should be enabled for a users more important accounts, such as internet banking and email.

It’s not something often considered, but most modern online system rely on email accounts as a backup verification. If the user forgets their password, the ‘I’ve forgotten my password’ functionality will send a message with password reset instructions to the users’ emails address.

If a criminal were to gain access to an email account, they can use it to reset many other passwords and ultimately gain access to many other accounts. This is why it’s important to have a very strong password/passphrase, which is not used anywhere else, and to enable MFA for email accounts.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

While there are many new safeguards designed to prevent password guessing, the length, complexity and uniqueness of a password are still important factors to make an account secure.

Computer programs designed to guess passwords work by harnessing new technologies to make millions of guesses per second. The longer and more complex a password the more guesses are required before the correct combination is found.

Modern password guessing programs will also try dictionary words, common variations and commonly used passwords, which makes unique passwords important.

Many safeguards have been developed to protect against these guessing methods and are often extremely effective where they are implemented.

In some cases, systems may only allow three incorrect login attempts, or there may be inherent limitations, such as bandwidth and processing power, that stop multiple login attempts.

Additionally, new cryptographic storage techniques are making it harder for attackers to guess passwords, even in ‘offline’ attempts.

Unfortunately, while these safeguards are very effective when implemented, they are not implemented universally, and are not completely full proof.

Individuals should never rely on security features which may or may not be present.

It is for this reason that making passwords long (lots of characters), strong (using lower case, upper case, special characters, and numbers) and unique (only used for one system/login) is still an important baseline for personal security.

To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.

Or call us on +618 8238 6500

Just over a year ago, I experienced a couple of light-bulb moments...

• Not everyone is, nor do they want to be, a data analyst – it might sound obvious, but the way that everyone accesses and consumes data can vary dramatically, even if they perform similar roles. I found that some people would like to view data in table form, like a big spreadsheet; these are generally financial, accountant types. Sales and entrepreneurial types liked big numbers and graphs.

• More work is being done away from our desks; at coffee shops or at client meetings. Therefore, having easy access to important metrics and data isn’t always possible.

• Many operational staff regularly like an emailed report, only to open it up and search for an issue or a value that needs their attention.

I thought, how can I take QlikView (or Qlik Sense, Excel and more, for that matter) and make it easily available to anyone, so that they can consume the information the way they want to?

The idea of KPI Pulse was created!

The concept was to have a locally installed publishing application which would automate the reloading of data into QlikView and then allow the designer to create a series of snapshots (they could be images like a graph, a complete dashboard, a data file or even a PDF report). These snapshots would then be available within a mobile app, a website, via email, a desktop app or even within Excel.

KPI Pulse was born!

We can now take QlikView metrics, personalise them for each user and push them up to your own secure cloud server. From there, these metrics are available on our mobile app, email, online Head Up Display, desktop app, Slack and Excel. We can schedule the distribution of key metrics any way you like and get everyone on the same page – aligned with your business performance goals.

Executives and managers can instantly see their own metrics on their phone, without needing to log in. If they then need to share that metric, they easily can with Slack, email or a text message.

You don’t need any extra QlikView licenses, allowing you to easily push metrics to all staff who require them, and even provide metrics within a website to your customers, clients or other stakeholders.

KPI Pulse is easy!

Right from the start, my goal for KPI Pulse was to make it easy to distribute the great work that a QlikView Designer has done, getting relevant metrics to the right people, easily.

One of the great things about QlikView (and Qlik Sense) is that it’s like the Swiss Army Knife; it’s the one package that you need to learn, allowing you to do so much. When looking at other BI solutions, there’s always a stack of tools that you need to learn and use.

Now, with this one easy to use application, the reach and effectiveness of QlikView has become even more powerful.

Watch our quick video!

Contact us today to find out more about KPI Pulse, and what it can do for your organisation.

Or visit our website at www.kpipulse.com

It has come to our attention that scammers pretending to be from ASIC have been contacting registry customers asking them to pay fees and give personal information to renew their business or company name.

These emails most often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link.

Warning signs the email is not from ASIC

An email is probably a scam and is not from ASIC if it asks you:

• to make a payment over the phone
• to make a payment to receive a refund
• for your credit card or bank details directly by email or phone

Here is an example of a scam email from 5 December

If the email you received contains the above information, it is not from ASIC. 

How do I protect myself from email scams?

To help protect yourself:

• keep your anti-virus software up to date
• be wary of emails that don't address you by name or misspell your details and have unknown attachments
• don't click any links on a suspicious email

It is also highly advised to check your registration renewal date; ASIC will only issue a renewal notice 30 days before your renewal date. Be sure to search your business name on the ASIC register - if it's outside of your usual renewal time frame it's most likely a scam.

How do I notify ASIC of a potential scam?

If you would like to notify ASIC of a potential scam email, you can forward the entire email to ReportASICEmailFraud@asic.gov.au

To ensure your systems are well protected, get it touch with the Advance team today. We're always looking out for you!

What is Ransomware?

Ransomware is a piece of software that has been installed or downloaded to a computer, that once activated it will block access to that computer system until a sum of money has been paid. Typically, the sum of money demanded is not a large amount compared to the cost of time and effort it might take to restore or otherwise resurrect the files.

For example, your work computer containing important documents has been held ‘hostage’ and you are required to pay USD$500 to regain access to your files – when calculating the time and effort required to restore the computer back to the original state, even with good backups, you are likely to exceed that figure.

Two well-known ransomware threats that have received considerable press coverage recently for their widespread nature are the WannaCry and Petya attacks. These aren’t the only Ransomware threats out there, there are hundreds and they won’t stop circulating.

How do I minimise my risk of getting ransomware or having to pay for my files to be decrypted?

This is truly a case of being vigilant and taking precautions so as not to be caught out and taken advantage of by a Ransomware attacker.

On your computer

Make sure important data is not only stored on the computer! Backing up important files to an external hard drive (not attached permanently to the computer) is a good idea. It is important to note that cloud backups with an automatic sync (such as DropBox, Google Drive, OneDrive etc) may also be infected due to the infected files syncing. It poses the question; do you always need to have these turned on by default?

Ensure that your operating system and antivirus is up to date (including latest security updates and virus definitions) and that you use some form of ad-block to avoid the threat of malicious ads. To go even further, refrain from using an administrative account on your computer and disable macros in Office products by default.

Keep your browsers updated and remove outdated plugins and add-ons from your browsers. Remove Adobe Flash, Adobe Reader, Java and Silverlight from your browser plugins - if they are needed then set the browser to prompt for activation when these plugins are required to run.

General Behaviour

Learn the typical signs of a spam message and don’t open any suspected spam message from an unknown sender.

Be very cautious of any attachment within an email that you are not expecting. Sometimes a contact could be caught out and a virus distributed from their email account, which may look totally innocent. If in doubt you can ask the user whether they intentionally sent the attachment to you, over the phone or IM.

Be extra cautious of all links in emails, as links can be made to look valid but take you to malicious sites instead.

Conclusion

The best form of protection against a virus or ransomware is prevention. By changing your mindset around emails, links, attachments and computer updates you can drastically increase your chances of avoiding these threats. Stay vigilant!

For more information on minimising a ransomware attack in your business, speak to a member of the Advance team today!

With an increase in the use of external websites which store data, personal mobile devices being used for work and the rising trend of employees performing their duties outside the traditional workplace model – you need to ask yourself, are you doing enough to ensure the security and confidentiality of yours and your customer’s information?

When an employee leaves a business, it is imperative that a process is followed to de-provision access to systems they may have used. Here a problem arises – it is likely that the Company has not kept sufficient records of what information the now ex-employee could access, and as such will likely miss one or more areas that the employee can access.

As an example, have a look at some access rights that an employee may begin with and gain over their tenure with your business:

• Internet Access
• Internal WiFi Access
• Domain Access
• Security/Alarm access codes
• Website Passwords
• Social Media Passwords
• Credit Card Details
• Car Keys
• WiFi access
• Stored login information on personal devices
• Cloud Account login information
• USB backups held offsite by that employee
• VPN Details to connect to the internal server
• Knowledge of other employee’s usernames and passwords

More information given in confidence to an employee results in more work that needs to be done to remove that employee, leaving the whole termination process liable to human error. It is vital to ensure that employee access to systems and data is de-provisioned completely and on-time to protect your business.

Simple Steps: Begin with provisioning and recording

Once a decision has been made to hire an employee for a certain role; access rights, hardware requirements and external access should be determined prior to their start date. This information needs to be recorded consistently, and an approval process needs to be in place for any security related process or device.

Using a hardware or software solution, you should enable enough security to prevent users from using their own file sync solutions (e.g DropBox, Box etc). The same applies with USB devices, implement hardware or software restrictions to ensure that USB’s can only be used with the right approval.

If users have private work information or data on a mobile phone, implement a device management system that supports the remote wiping of data on mobile devices – this includes tablets. An extra measure would be to encrypt laptops and hard drives to ensure that no sensitive information is lost when a device is lost or misplaced.

Simple Steps: Employee leaving

Once an end-date has been determined for an employee, they should be put into a process to have their rights and access removed – starting with a review of your documentation on their current access. Once their end date is reached, the removal should begin almost as soon as they are out the door.

Retrieve any hardware and mobile devices that belong to the business, change passwords for accounts that didn’t have unique logins for each user (e.g social media), remove the users security access to the building (change the pin code if necessary) and if the office WiFi uses a single password, have this changed. If the employee had a credit card, ensure it is cancelled completely and they are removed from the account.

Simple Steps full stop

To reduce the impact of an employee’s departure, it is beneficial to implement policies and access methods that reduce the need for hands-on changes which can affect other staff (password reset’s, access code changes, etc)

Our tips:

• Ensure that each user has their own personal login where possible, including domain access, systems that are used and websites.
• Ensure that important financial information is never given out to employees. If they do have a credit card, it should be on the business account but under their details, with its own limit.
• Limit access to USB ports and other ports that can transfer information, ensuring that employees do not have installation rights.
• All employees to understand the importance of not sharing usernames and passwords
• Rather than using a WiFi password to authenticate wireless users, this should be done by MAC address with approval, keeping record of who devices belong to.
• Do not give any employee access to social media sites. This should be controlled by one person only and when that person leaves then all passwords should be changed immediately.

What can’t be helped

Even with the best security and processes in place, there will always be ways that your security could be compromised. However, with effective internal processes, good documentation, follow ups and reviews of your procedures you can drastically minimise the effect of an employee leaving.

Why not start looking at your systems now?

For more information on strengthening your IT security please contact us.

As organisations grow over the years, so does the assortment of tools that are employed for various projects and departments. This often causes a headache for employees and business owners while information can become scattered amongst several disparate systems and locations.

Generally there are different products on different platforms with different security and data requirements. Together they assist a user do their job, but they are on different servers and possibly even different locations with different access and user rights.

This is a problem that affects many organisations today, and the problem will only get worse as more data is made available to employees.

By using an Enterprise Portal organisations can optimise their information management and empower their staff with personalised information in one place, sometimes with just one click.

An Enterprise Portal can be designed to merge this disparate information into one place, ready for the user to click on a button to access as well as interact with the program. An example might be where information is gathered from the:

• ERP system

• Production planning and control system

• Employee timekeeping system

• Inventory management

to be made available to the user with a simple mouse click. An extra benefit here is that users don’t need to log into each individual system separately which saves time.

The security level is placed on the user’s login to the Enterprise Portal as to how much they see and what rights they then have within each produce. Effectively you now have one secure system that accesses all of the information relevant to that particular employee’s function.

Further, if an employee enters the number of a certain product component, all information on this component is displayed immediately on the portal page, including:

• How this product is selling

• What revenue the company achieves with this component

• Whether there have been any complaints

• An image of the component

• How much time has been estimated for producing this product

• How much time is actually needed to manufacture this product

The data for this comprehensive information page is compiled from different systems, and provides the validated employee with the right information just when and where they need it.

It’s a holistic view which allows employees to serve their customers and managers quickly with relevant information. When a customer calls to enquire about an orders ETA, customer service staff can access relevant information, quickly and with accuracy as it is linked to inventory and manufacturing systems.

Contact us to learn more about how the Advance team can assist with your technology needs.

Five challenges faced on Small Data reporting

Big data is often touted as imperative to businesses, however in recent years perhaps we have been so blinded by Big Data that we are ignoring its poorer cousin, Small Data?

Big Data simply put looks at trends, information and patterns that can be utilised to forecast as well as give an overview of how your business is tracking. Big data takes high volumes of different sets of data and displays this information in a way that management can make decisions quickly and efficiently. Usually Big Data is generally generated outside of the business to assist the business make decisions moving forward.

Small Data on the other hand allows for the business to extract transactional information from data sources that end users can make use of immediately. Its focus is on providing information to the end user, so they can take action right now. It allows users to be able to determine why things happen, analyse this in real time and then take corrective action. Small Data can be generated as a sub set of Big Data or from other non-traditional data sources. The main thing to remember here is that it helps the end user achieve a result.

Big Data and Small Data each have their place in the business aiming to make inroads into improving decision making ability and resolve problems.

Formulating a plan to extract Small Data that suits each need within the company is paramount. If you ignore Small Data over Big Data then you are robbing yourself of some analytical tools that can help your company develop and improve.

Challenges facing managers looking at developing tools that allow Small Data reporting is:

• what type of data is required?
• where will it be obtained?
• who requires it?
• what format is it required?
• how will you extract the data?

The best methodology is to look at the problem you have and work backwards from that point.

As an example let’s look at the problem statement “Average Days Debtors take to pay have increased”. If we look at our challenge we can see that want to interrogate each customer and determine what the payments days are for each invoice payment has been made against (What). We check with accounts and find that this data can be retrieved from their SAP Accounts database (Where). It has been determined that Accounts Staff and Sales Account Managers will use the data (Who), accounts to chase up overdue accounts, and sales to check credit terms prior to selling. The decision then needs to be made as to what format they want to see the data in (What). An example may be a program that can run real time analysis of the accounting data and display that to screen. Selecting the right tool to extract and display this information is paramount to ensuring that the tool gets used (How). There are many good Business Intelligence tools that will allow quick extraction, analysis and display of the results the user requires.

As they say “look after the pennies and the pounds will look after themselves”. In other words Small Data can and will affect Big Data if looked after properly.