We have all heard stories about people being held to ransom by their own computer, an identity being stolen online, or even credit card information and passwords being stolen. Many of these occurrences can be traced back to the end user not being diligent when opening emails, clicking on links, downloading files etc.

So here are our top 6 rules when browsing online:

1. Keep your personal information private

Personal information in the public domain can be used against you maliciously in a multitude of ways – the best way to avoid this is keep your personal information offline.

1. Ensure privacy settings are switched on

To further ensure information isn’t unintentionally gleamed from you; ensure that you enable privacy settings on web browsers, social media, etc. as some sites will try and gleam as much information as possible, whether for marketing or to sell on. This includes when they ask you to opt in - seriously consider what information you might be allowing even reputed sites to take.

1. Maintain safe browsing habits

If it sounds to good to be true, it probably is. It’s very commonplace for a tempting offer, a link to something that sounds very appealing or a notification that you’ve won a competition. One unthought-out click could expose your data or even put malware onto your device.

1. Ensure you are using a secure internet connection or WiFi network

As we discussed in our article Is Public WIFI Worth the Risk?, using a public WiFi network opens you up to all sorts of vulnerabilities as you can’t tell where your data is being routed. We strongly recommend not using any personal information or login credentials when connected to an unknown or public WiFi.

1. Be careful what you download

The easiest way for a cybercriminal to get a virus or malware onto a targets PC is for them to voluntarily download it. When you are downloading from the internet, make sure you are getting it from the provider’s webpage and from a site that you trust.

1. Maintain strong passwords

One of the biggest vulnerabilities and typically an easy target for those with malicious intent, is the end-user’s password. People tend to use passwords that are easy to remember, and typically easy to guess (or brute force). We suggest using at least a 10-character password and a combination of letters, numbers and characters. It is also common to use a password manager, which can generate a password of varying complexities for all websites, using one master password for the password manager. Obviously, it is crucial to use a very complicated password for the manager as it is a single point of failure, and enable two factor authentication wherever possible.

For more information regarding internet safety and how you can better protect your information, get in contact with one of our team members.

What Is an API?

If you have talked with a programmer you may have heard them comment about API calls and ‘talking’ to another application via its API. API stands for Application Programming Interface, which allows different applications to communicate, without learning each other’s ‘language’.

The purpose of APIs

APIs make it easier for developers to communicate with other applications, using certain pre-defined methodologies when building applications. An API allows one application to permit another application to use only specific objects or actions in a way that ensures compatibility and integrity between the two.

What can an API do?

A request to gather information from a third-party application may use an API call as the means to communicate, allowing the programmer to gather and use information in a way that is accessible. The API acts as a middleman for the programmer when requesting information from another application, while also letting the programmer know what he can ask for, how to ask the question and how to process the answer.

Take for example when an order is placed on a front-end system, an API can be used to send the order details (delivery address, customer details, etc..) into an internal system that it doesn't natively communicate with. Whether an accounting system, fulfillment software or even directly into a database, it’s possible to streamline the way data is transferred and interpreted when utilising an API.

Why use an API

•  API’s provide an enhanced layer of security; through never exposing your data fully to the server, and the server never fully needing to expose itself in return. Instead, each communicates with the API, only sharing that which is necessary.
• An API allows for simplicity and reusability by implementing a standard programming method to interact with the server, allowing the same method to be used for each application.
• APIs are typically developer-friendly, easily accessible, and how to interact with it and what calls to make are usually well documented.

This all allows for an integration to be developed in less time, with rules governing how and what access is provided.

Things to keep in mind

Just as easily as they give access, capabilities given through APIs can be taken away. If an API that you rely on reduces its capabilities, or even an API that you utilise is shut down suddenly, you may find yourself in a tough situation with severely reduced functionality.

It pays to research the APIs you utilise and keep up to date with news and developments. 

If you have queries about custom software and about how Advance can help streamline your processes, get in touch. 

{{cta('dd78255c-b081-4f2e-a8c9-5a78a80cbed1')}}

Antivirus Software and Firewalls

These days almost everyone uses the internet on a regular basis, whether at home, work or on the go. The internet is a tremendously valuable resource; as the number of people accessing the internet grows, so do the risks associated with it. Regardless of whether you are accessing the internet for personal or professional purposes, it is imperative to ensure you are doing so safely.

Two vital components to protect yourself and your system online are an effective anti-virus and a firewall.

Antivirus software

Anti-virus software is your primary defense against malicious threats online and offline. An anti-virus runs in the background of your computer, quietly checking every file that is accessed, monitoring for threats (this is often referred to as ‘real-time protection’). Your anti-virus runs these files through its database, checking against known viruses and other malware. Because of this method, it is very important that you regularly check for updates with your anti-virus software or set it to auto-update.

Anti-virus software can also perform a ‘full system scan’, where it will scan the selected locations to ensure there is no malware lying dormant. Full system scans are typically used when initially installing the software, or when you think your computer is acting up and something could have slipped through the cracks of your real-time protection.

Firewalls

In the most basic sense, a firewall is a barrier to keep damage away from your property – hence the name firewall. A firewall is a piece of software or hardware that sits between your computer or private network and the internet. Its job is to filter information (packets) coming through your connection, and if need be, reject them. A firewall gives you several options to establish rules to identify the traffic allowed in and out of your network, whether restricted by IP, certain ports or through application filtering amongst others.

By rejecting this unwanted traffic, the firewall prevents those with malicious intent being able to probe your network and attempt to cause damage by stealing information, uploading malware, performing denial of service attacks, using remote login, source routing and more.

Firewalls are effective at protecting your system from unauthorized entry, but they are not capable of removing malware from an already infected system – therefore firewalls should always be used in conjunction with some form of anti-virus software, ensuring that both are always up to date.

For more information on Managed Technology and Security please contact us

{{cta('dd78255c-b081-4f2e-a8c9-5a78a80cbed1')}}

We’ve all seen the notifications for when Windows Updates are available, and I’m sure most of us have thought to ourselves “Again?! I only just installed one last week!”.

Have you ever thought to yourself why they pop up at what seems to be the most inopportune moments, and with such importance?

What is a Windows Update?

Windows Update is an inbuilt Microsoft service used for periodic updating of system files, to patch known issues and vulnerabilities with Microsoft products. This includes the Windows OS itself, Microsoft Office, Microsoft Edge, etc.

Each Microsoft Update is assigned an associated Knowledge Base number (KB) which gives further information on the updates. Updates are classified as one of four types:

Critical Updates

• These fix major issues, found across all Microsoft Products, that cause errors or unexpected functions. Alongside Security Updates, these are the highest priority updates to apply and should be done as soon as possible.

Security Updates

• Security Updates are applied to address security vulnerabilities which can allow a system to become compromised. Security updates have five different levels of importance; Critical, Important, Moderate, Low or non-rated. Security updates classed as Critical are the most important updates for your system and ignoring these can leave your server or computer vulnerable to hackers and other malicious attacks.
• Security updates are provided with a Microsoft Security Bulletin number (MS) for further details.

Software Updates

• Applied to cover non-critical problems, often applying feature updates and addressing minor bugs.

Service Packs

• Service packs are an amalgamation of all updates up to a certain date, for a specific piece of software or operating system, typically including feature updates.

How can I ensure that my systems are secure?

All recent Microsoft Operating Systems have in-built automatic updating features, which allows you to schedule and download high-priority updates.

If you are managing multiple desktop computers and even servers, the most efficient and effective way to stay up-to-date is to offload what can be a mammoth task to a Managed Service Provider (MSP). Managed Service Providers employ professionals with years of experience maintaining, reviewing and applying Microsoft patches to a vast range of different environments.

Using monitoring software MSP’s are able to monitor patch statuses remotely and schedule regular patching cycles to ensure that all critical and relevant patches are applied as soon as they are available. If issues are to arise from any patches pushed by Microsoft, your MSP is able to analyse the issue and determine which patches can be causing the issue and disable them, or roll-back where necessary.

By removing the burden of responsibility internally and placing it in the hands of experienced professionals, you can rest easy knowing that your systems are receiving the best in pro-active care.

If you are interested in what Advance can offer in this scope, please don’t hesitate to get in touch.

Can you remember the last time you used the phone book or newspaper to find a product or service? I can’t.

The internet is now the main tool used to search for whatever you need; products, services, assistance, etc. If someone is looking for something and your business is a potential candidate, you need to be seen and you need to look good.

Your website is typically the first impression a potential customer gets when investigating your business and what you offer – you maintain a tidy and appealing store for when potential customers visit, why should your website be any different?

What makes a good website?

Modern, clean and easy to navigate

• An effective website is modern, easy to navigate with all necessary information in easy reach – this includes contact details, location and opening hours if you have a store. It’s important that your website isn’t too overwhelming to the visitor, saving most of your information for pages other than the landing page.

Give the customer a solution to their problem

• Typically, the reason that someone has arrived on your site is that they are looking for a solution to a problem. It’s imperative that you offer the customer a solution, or an easy way to get started on the right track. Whether this is a product section or an offer for a free quote online, it’s important that the customer knows you can help them within a short time from arriving on your site.

Your website needs to look great on all platforms

• As of 2017, it’s estimated upwards of 35% of all web traffic in Australia was done on mobile devices, whether a mobile phone or tablet. It’s crucial that if a visitor uses their mobile device to view your site, that your site is just as accessible and clean as the desktop version.

Make it look professional

• When a user is viewing your site, it’s not a good look if there are visible spelling mistakes, or even blurry images that have been blown up too big. It pays to regularly ensure that all links are still active, with no dead links – it’s never a good look when a user hits a ‘404 Not Found’ error

The result of not having an effective website is your potential customer using that most useful of keys – the back button. If you want potential customers to stay on your site, envision yourself as a potential customer and keep the above in mind.

If you have questions about your website, or what we can provide for you, contact Advance Business Consulting below.

Within the industry, it is known that when an organisation fails to research their needs for an ECM system that there is a good chance that the project will fail, or the resulting implementation will leave a lot to be desired.

Therefore, the most cost-effective step you can take when purchasing and implementing an ECM system is to not rush through the process of choosing your supplier. This is assuming that you have identified a need for an ECM system in the first place, and that your employees are invested in an ECM solution.

To ensure that your ECM implementation will be a success, here are five points that you should consider:

1. Requirements Gathering 

It is imperative to start with finding out what your needs are, and how they will be addressed by your potential ECM solutions. You must gather feedback from all areas of the business who will be using the system. As ECM is a huge product category, and ECM suppliers provide a very wide variety of products and product features, it is vital to define and understand what functionality is required before moving further.

2. Supplier Selection

It can take a considerable amount of time to research a supplier, the customers they have and whether they “fit” your company, but it must be done to give your ECM implementation the greatest chance of success. Important questions to ask every potential supplier should include:

• What type of training and support do they provide?
• What technology platform do they use and how scalable is it?
• What do they know about your industry and potential problems within that industry?
• Do they have success stories and testimonials from other clients?

3. Post-Implementation Support 

It is important that after installation and configuration, that post implementation support is available, and you know the cost for that support. Ensure that you feel comfortable with the technical staff who will be providing that support.

4. Flexible Deployment Options 

Many ECM systems can be run on-premise or in the cloud, with different methods of accessing each. In the future you may need to setup users with different configurations, to adjust to the needs of your business. This includes flexible licensing options, which may allow for greater customisation in the long run.

5. Integration with Third Party Applications 

It is important to ensure that your solution can be integrated with any third-party apps or data that you currently use. Miss out on this step and you may end up having to take more steps to accommodate for those apps, resulting in more work for users.

When choosing an Enterprise Content Management solution, ensure that you cover all the above points. There are other things to consider of course – as each organisation has different needs. Choosing a solution that doesn’t meet the needs of your organisation could be costly, so invest time and money in clearly defining your needs and selecting suitable partners.

To learn more about Electronic Content Management, don't hesitate to speak to one of our team members by contacting us below.

It is now commonplace to see a blog section on any website that offers products or services. It allows that company to connect directly with their customers, to keep them informed about what is going on inside the company, or updates on the industry itself. Through a blog, information on new products and services can easily be pushed to common social media platforms, Facebook, LinkedIn, etc.

Although a passive method to reach out to your client base and potential customers, it is an indispensable tool for communication in today’s technology age.

How can I utilise a blog internally?

An internal blog is only seen by employees, and generally hosted within your intranet. Internal blogs allow for more freedom of expression and can be expanded upon or limited as deemed by management. A few reasons why you need an internal blog:

1. Information Sharing

An internal blog is a powerful tool for information and knowledge sharing. If there are changes, (a new employee, a new product, etc.) then blogging is a great medium for sharing that information. You can setup automated emails to staff, ensuring users get a notification to read the blog or set it up to display on your intranet home page for a certain period of time. Not only is this an effective way to share information, it also ensures employees are up-to-date on the latest company and industry news.

1. Communicating Company Vision

It is easy for employees to forget the company vision, goals and core values. Culture takes over from those visions and goals, and periodically employees need to be reminded of what the company stands for and the direction it is heading. An internal blog allows you to regularly communicate your company vision and values to employees via your intranet platform, helping employees feel more connected to your organization.

1. Increased Communication

An internal blog is a great addition to other communications tools such as Yammer and Slack (and more). Allowing all employees to create blogs (approved by a content manager), creates a great forum for discussion. This not only promotes open communication between employees, but also boosts employee engagement and morale. If you are an organization with many face-to-face meetings, a blog helps keep the conversation going long after the meeting is finished.

1. Growing the Company Community

Hosting an internal blog is a great way to build a sense of community. Employees can use the blog to promote upcoming events, increase awareness for causes or give praise and congratulations to other colleagues.

What we think..

Contributing to an internal blog is the best way for your organization to share information, communicate company vision, increase collaboration and help staff feel like they are part of a larger community. Establishing an internal blog can give as many as, and if not more benefits than a public blog.

Would you consider blogging on your Intranet?

Twenty years ago, backup media was easy to get your head around. Floppy Disk, Iomega, CD and Tape Drives, nothing to it.

Nowadays there’s so much more – what method of backup to use, where the backups are stored, how the backups are taken, when they are taken and how the backups are tested to ensure they are restorable.

Floppy disks and Iomega have gone the way of the dodo, but let’s look at current backup media still in use

• USB Stick
• Internal Hard Drive (via RAID)
• External Hard Drive
• NAS
• CD / DVD (some people still use it!)
• High Speed Tape Drives
• Remote Backup Services
• Syncing over internet (OneDrive, Google Drive etc.)
• Cloud Backup

Each of these methods has its place depending on many factors, but don’t fool yourself thinking that a cheaper version will be ‘OK’ - It rarely is.

Considerations when deciding on a backup media type

Type of backup

Whether you are backing up hourly or daily and what sort of files you are backing up should help determine what backup media to use. For example, if you have a large amount of data requiring a nightly backup, then you could not use DVDs.

Backup Media Cost

It is important to factor in the cost of backup media, as well as the number of devices you require to ensure a consistent and effective backup process.

Backup data security

Identifying what is backed-up and how sensitive that data is can help you decide the most appropriate backup media. If your data is integral to your business, don’t sacrifice quality for savings.

Restorability

You need to weigh the risk of your selected media - how often will a restore fail per 1000 times it is tried? Each type of backup media has its own pros and cons and you need to investigate them properly to make an informed decision.

Hardware Redundancy

Ensuring that your hardware is not going to become redundant over time is extremely important when choosing a media type. Five years down the line, you may need to restore data which seems recent today, and the hardware may be considered obsolete with the restore devices hard to find. Restoring from a 3.5” floppy disk today would not be the easiest task.

Restore speed and time

Depending on the data, whether it is ‘mission critical’ or whether you can do without for a day or more, all plays a part on which backup media to use and what processes to put in place. Consider putting your crucial servers on a quicker restoring media where possible.

These are only a few considerations when looking at backup media. You need to see the complete picture and envision where your organisation might be in five to ten years’ time. If you think back on how things have changed since the 1990s, you can appreciate that being open to new ideas and processes could not only save you time, but also money.

For more information on back-up software and processes, get in touch with one of our highly experienced staff today. 

{{cta('dd78255c-b081-4f2e-a8c9-5a78a80cbed1')}}

Is Public Wi-Fi worth the risk?

Around the world today you can rarely find a café, hotel or airport without access to a public Wi-Fi network. More than ever we have internet access whenever and wherever we need it.

Unfortunately, public Wi-Fi does come with a catch – data sent over a public Wi-Fi connection provides an easy way for individuals with malicious intent to capture the data you send and track everything you do. Using specialised software whilst connected to the same networks allows access to the information you send, like someone eavesdropping on a conversation in a public place.

Surveys have shown that 83% of Australians have taken risks on-line when using Public Wi-Fi and an astounding 30% of Australians have used on-line banking over a Public Wi-Fi connection.

You should also be extra vigilant when connecting to these public hotspots, ensuring they are legitimate for the café or hotel you are in. It is not uncommon for an attacker to have a phishing hotspot setup with a similar or identical name.

Things to consider if you intend to utilise public hotspots

Use a VPN (Virtual Private Network) - to connect and secure your data. A VPN allows you to create a secure connection to another network over the internet and can shield your browsing activity and transferred data (usernames and passwords) from any malicious monitoring.

Refrain from visiting any sites which require a login with username and password, especially banking, email accounts and social media. Accessing these types of sites over a public network opens you up to potential issues which may only surface months later.

When setting up your laptop or workstation in a public area, take note to face your laptop screen away from any potential prying eyes, and monitor your surroundings over time to ensure you are the only one watching what you’re doing.

For more information on Public Wifi's and web VPN's, get in touch with one of our highly experienced staff today.

Did you ever dream of being the entrepreneur who created ‘that’ app?

Here are a few loose guidelines to help you along that process:

Come up with the ‘million-dollar idea’

All great ideas address a specific problem – one that can be, and needs to be solved. Successful entrepreneurs solve problems in a way that we cannot imagine, through using innovative methods or processes that make it, in retrospect, look easy!

Look around you; every product and service you use now was created to solve a problem. Start by looking at problems in your daily life and keep a list of them. Once you have the list review it and see which ones can potentially be solved with an app.

Refinement and research

Once you’ve identified several needs which could be targeted, reach out to others and see if they are having similar problems. It is important to remember that not everyone may have the same problems as you, but they may have in the future – the tricky part is gauging the problem against it’s need.

Write down every idea

Once you have identified a need and decided to address it, you can start to elaborate on the details. When you are noting your ideas down, be as detailed as possible and make sure to note down everything that comes to mind –  even things that might not seem helpful now, or may seem like a terrible idea.

Once you have finished noting down all you can, cherry pick these to construct a layout and the main, necessary features of the application – this gives you a base to work from.

Remove non-core features

From the previous notes, look closely at features that you can put aside and ignore for the immediate future - do not start out offering the world. You want the initial costs of the app to be as small as possible in the first release. The sooner you can get a basic app out there to market (to test the waters and gain feedback/interest) the better. There will always be room for additional features down the line.

Put user experience first

Even the greatest ideas fail if the user experience isn’t satisfying. If the user doesn’t ‘get’ the app, then it will never take off, regardless of how great the features are. Features are important, but how users perceive and use the app initially is crucial for longevity and uptake.

Hire a developer

You need to find a developer that suits your needs and fits the scale you are looking for. You can look for a freelance developer, directly approach a development company, or even do it yourself. This can prove to be the most difficult part of the process, as often you need to be able to work with other people to define your vision and have them buy into it, whilst meeting your budget.

Keep the updates coming

You should have released the first version with only a limited feature set. Now you can continue to evaluate the feedback over time, and look to tailor your development schedule around this. It is then a cycle of looking at your analytics and feedback, whilst continuing to update.

It’s important to note the steps above are not set in stone but are a simple guideline for moving yourself along the exciting journey of creating your first mobile application.

For more information on Application Development click here or contact us!

In my youth, it was always exciting to visit the trash and treasure markets at local drive-in theatres on a weekend. Endless hours spent wandering through the hundreds of car boots, make-shift stalls and pop-up stands whilst we scrutinised boxes and fold-out tables covered with people’s unwanted items, occasionally discovering something of value. It was a lot of work to sift through the trash to find my treasure.

These days my kids use their phones to pinpoint almost anything they desire and within minutes they negotiate, order, pay and arrange delivery… all while relaxing on the couch during a Netflix binging session.

Their generation have significantly improved the efficiency of finding treasure amongst the trash, through use of well-designed technology.

It’s alarming how many organisations still mirror my childhood experience at the trash and treasure market when attempting to locate valuable information on their network shares.  Sadly, there’s a similarity between the boxes of junk at the trash and treasure market and the muddled and disordered state most network shares end up in, even with people’s best intentions to ‘sort them out’ by adding their own ideas of sub-folder structures.

Fortunately, the way out of this mess no longer involves a steep investment of sifting through your network shares and ‘re-organising’ them into new folder structures or importing and classifying into an ECM. Instead, implementation is fast and simple, and access is more in-line with how we can pin-point information though the power of indexed searches.

Using the M-Files External Connectors to connect to external repositories like network folders, the information can be indexed and accessed through your platform of choice. The files remain on the network share and can continue to be accessed that way using your legacy systems.

Everyone else can use the beautifully designed modern interfaces of the M-Files clients available for Windows desktops, web browsers, and mobile phones. Yes, that’s right, you can lounge on the couch with your kids and use your phone to find whatever you’re after on your network share using the gorgeous M-Files App – search for files, check them out, make edits, add metadata and check them back in.

Adding metadata to these files enriches them as version history is maintained and the metadata makes them show up in metadata based searches and any common views you may have. Changes made to the files on the external system are synchronised with the M-Files system.

With the technology available in the M-Files External Connectors there’s no reason to be a dinosaur stuck at your desktop, plodding aimlessly through the mess that your network shares have deteriorated into. Instead you can get instant access to the treasure you need from all your technology devices whenever you desire.

M-Files have External Connectors planned for SharePoint Online, Exchange, OneDrive, Dropbox, Google Drive and Box just to name a few. Powerful instant searches across everything in your organisation is within reach using M-Files External Connectors.

If you want to know more about M-Files and the External Connectors please contact us.

It has come to our attention that scammers pretending to be from ASIC have been contacting registry customers asking them to pay fees and give personal information to renew their business or company name.

These emails most often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link.

Warning signs the email is not from ASIC

An email is probably a scam and is not from ASIC if it asks you:

• to make a payment over the phone
• to make a payment to receive a refund
• for your credit card or bank details directly by email or phone

Here is an example of a scam email from 5 December

If the email you received contains the above information, it is not from ASIC. 

How do I protect myself from email scams?

To help protect yourself:

• keep your anti-virus software up to date
• be wary of emails that don't address you by name or misspell your details and have unknown attachments
• don't click any links on a suspicious email

It is also highly advised to check your registration renewal date; ASIC will only issue a renewal notice 30 days before your renewal date. Be sure to search your business name on the ASIC register - if it's outside of your usual renewal time frame it's most likely a scam.

How do I notify ASIC of a potential scam?

If you would like to notify ASIC of a potential scam email, you can forward the entire email to ReportASICEmailFraud@asic.gov.au

To ensure your systems are well protected, get it touch with the Advance team today. We're always looking out for you!

What should I do with my old hardware?

An all too common trend in the IT industry is to give ex-production hardware a new lease of life running the disaster recovery site. Tight budgets often restrict capital expenditure to areas where real value is visible, and the impacts and results are noticed throughout the organisation. 

These initial savings can be quickly forgotten when an unplanned incident forces the switch over to your disaster recover site. Previous testing may have been successful on the DR equipment during your routine maintenance and test restores, but when a major incident occurs, are you confident that your DR is up to the task?

These are the questions you should ask yourself:

Will the dated hardware run our complete production workload?

How big is the impact on our users?

How long can we operate utilising the DR site before losing business?

How big is the impact on our customers?

It is not unusual for companies to consider that having high-end hardware offsite, doing nothing 98% of the time to be a waste of resources…

The key is to justify the initial expense, leveraging the DR site to provide an additional return on investment. An effective strategy is to live boot a complete clone of the production environment on a separate virtual segment, presenting a fast and accurate test development system.

Utilising Veeam combined with HPE Nimble Secondary Flash Array technology and your favourite hypervisor, you achieve a fast, production ready DR solution. Accompanied with the additional benefit of a fully functional test or development system at your fingertips that can be spun up in minutes.

If you want to learn more about disaster recovery solutions, please contact the team at Advance today.

What is Ransomware?

Ransomware is a piece of software that has been installed or downloaded to a computer, that once activated it will block access to that computer system until a sum of money has been paid. Typically, the sum of money demanded is not a large amount compared to the cost of time and effort it might take to restore or otherwise resurrect the files.

For example, your work computer containing important documents has been held ‘hostage’ and you are required to pay USD$500 to regain access to your files – when calculating the time and effort required to restore the computer back to the original state, even with good backups, you are likely to exceed that figure.

Two well-known ransomware threats that have received considerable press coverage recently for their widespread nature are the WannaCry and Petya attacks. These aren’t the only Ransomware threats out there, there are hundreds and they won’t stop circulating.

How do I minimise my risk of getting ransomware or having to pay for my files to be decrypted?

This is truly a case of being vigilant and taking precautions so as not to be caught out and taken advantage of by a Ransomware attacker.

On your computer

Make sure important data is not only stored on the computer! Backing up important files to an external hard drive (not attached permanently to the computer) is a good idea. It is important to note that cloud backups with an automatic sync (such as DropBox, Google Drive, OneDrive etc) may also be infected due to the infected files syncing. It poses the question; do you always need to have these turned on by default?

Ensure that your operating system and antivirus is up to date (including latest security updates and virus definitions) and that you use some form of ad-block to avoid the threat of malicious ads. To go even further, refrain from using an administrative account on your computer and disable macros in Office products by default.

Keep your browsers updated and remove outdated plugins and add-ons from your browsers. Remove Adobe Flash, Adobe Reader, Java and Silverlight from your browser plugins - if they are needed then set the browser to prompt for activation when these plugins are required to run.

General Behaviour

Learn the typical signs of a spam message and don’t open any suspected spam message from an unknown sender.

Be very cautious of any attachment within an email that you are not expecting. Sometimes a contact could be caught out and a virus distributed from their email account, which may look totally innocent. If in doubt you can ask the user whether they intentionally sent the attachment to you, over the phone or IM.

Be extra cautious of all links in emails, as links can be made to look valid but take you to malicious sites instead.

Conclusion

The best form of protection against a virus or ransomware is prevention. By changing your mindset around emails, links, attachments and computer updates you can drastically increase your chances of avoiding these threats. Stay vigilant!

For more information on minimising a ransomware attack in your business, speak to a member of the Advance team today!

With an increase in the use of external websites which store data, personal mobile devices being used for work and the rising trend of employees performing their duties outside the traditional workplace model – you need to ask yourself, are you doing enough to ensure the security and confidentiality of yours and your customer’s information?

When an employee leaves a business, it is imperative that a process is followed to de-provision access to systems they may have used. Here a problem arises – it is likely that the Company has not kept sufficient records of what information the now ex-employee could access, and as such will likely miss one or more areas that the employee can access.

As an example, have a look at some access rights that an employee may begin with and gain over their tenure with your business:

• Internet Access
• Internal WiFi Access
• Domain Access
• Security/Alarm access codes
• Website Passwords
• Social Media Passwords
• Credit Card Details
• Car Keys
• WiFi access
• Stored login information on personal devices
• Cloud Account login information
• USB backups held offsite by that employee
• VPN Details to connect to the internal server
• Knowledge of other employee’s usernames and passwords

More information given in confidence to an employee results in more work that needs to be done to remove that employee, leaving the whole termination process liable to human error. It is vital to ensure that employee access to systems and data is de-provisioned completely and on-time to protect your business.

Simple Steps: Begin with provisioning and recording

Once a decision has been made to hire an employee for a certain role; access rights, hardware requirements and external access should be determined prior to their start date. This information needs to be recorded consistently, and an approval process needs to be in place for any security related process or device.

Using a hardware or software solution, you should enable enough security to prevent users from using their own file sync solutions (e.g DropBox, Box etc). The same applies with USB devices, implement hardware or software restrictions to ensure that USB’s can only be used with the right approval.

If users have private work information or data on a mobile phone, implement a device management system that supports the remote wiping of data on mobile devices – this includes tablets. An extra measure would be to encrypt laptops and hard drives to ensure that no sensitive information is lost when a device is lost or misplaced.

Simple Steps: Employee leaving

Once an end-date has been determined for an employee, they should be put into a process to have their rights and access removed – starting with a review of your documentation on their current access. Once their end date is reached, the removal should begin almost as soon as they are out the door.

Retrieve any hardware and mobile devices that belong to the business, change passwords for accounts that didn’t have unique logins for each user (e.g social media), remove the users security access to the building (change the pin code if necessary) and if the office WiFi uses a single password, have this changed. If the employee had a credit card, ensure it is cancelled completely and they are removed from the account.

Simple Steps full stop

To reduce the impact of an employee’s departure, it is beneficial to implement policies and access methods that reduce the need for hands-on changes which can affect other staff (password reset’s, access code changes, etc)

Our tips:

• Ensure that each user has their own personal login where possible, including domain access, systems that are used and websites.
• Ensure that important financial information is never given out to employees. If they do have a credit card, it should be on the business account but under their details, with its own limit.
• Limit access to USB ports and other ports that can transfer information, ensuring that employees do not have installation rights.
• All employees to understand the importance of not sharing usernames and passwords
• Rather than using a WiFi password to authenticate wireless users, this should be done by MAC address with approval, keeping record of who devices belong to.
• Do not give any employee access to social media sites. This should be controlled by one person only and when that person leaves then all passwords should be changed immediately.

What can’t be helped

Even with the best security and processes in place, there will always be ways that your security could be compromised. However, with effective internal processes, good documentation, follow ups and reviews of your procedures you can drastically minimise the effect of an employee leaving.

Why not start looking at your systems now?

For more information on strengthening your IT security please contact us.

Cyber criminals are tricking CEOs out of millions of dollars by exploiting their organisations poor business processes and fooling unsuspecting employees into transferring money. The growing trend, known as ‘CEO Whaling’, involves plain text e-mails being sent to employees’ responsible financial transactions, masquerading as their boss requesting them to urgently pay invoices. Those falling victim have no way to recover the money with insurance generally not covering international fraud.

These highly organised con artists are not just spamming companies at random, instead they’re using social media to research potential victims, taking advantage when they’re most vulnerable. For example they may identify through social media that the boss or the person responsible for financial transfers is on a holiday and that’s when they strike, sending an e-mail saying they’re about to get on a flight and need an invoice paid urgently. They use a fake e-mail address and include some personal details uncovered via social media to give the e-mail just enough validity to trick the employee into believing it needs to be done and that requesting confirmation will probably make their boss angry due to the delay caused by being on a flight and unable to respond.

Organisations with business processes that rely on an e-mail from the boss for financial approvals are at high risk of falling victim to this scam as the process doesn’t include any validation that the invoice hasn’t been modified or that the approval has come from the person with authority to approving it. Busy people find the use of e-mail in a process like this convenient as they can be sent at will from virtually anywhere, on any device, at any time, putting them at risk of being exploited. Processes that involve printing, stamping, signing and shuffling paper around for approval stall when the approver is not in the same location as the document. Allowing e-mails to be used in place of an actual signature on the document makes the process susceptible to scammers. This issue was recently reported on in The Advertiser, read that article here http://www.adelaidenow.com.au/technology/how-australian-bosses-are-being-tricked-out-of-millions-of-dollars-by-cyber-criminals/news-story/57318e06c02a8215b8d67d521a219aea.

The solution to avoid being tricked by the scammers is to implement a flexible solution like M-Files where the business process is migrated into the system with secure access provided via desktop, web and mobile app. M-Files stores a single electronic version of the invoice with security that restricts access to only the people involved. This avoids copies of the invoice being e-mailed, instead those involved all refer to the same version stored in M-Files. With the approval process managed via workflow, the approver is notified of an invoice to approve and is required to authenticate themselves to view and approve, which can be done quickly a simply via the mobile app using fingerprint authentication. The people responsible for payment are then notified and required to authenticate to access the approved invoice. M-Files keeps a detailed version history of every change the document goes through, so if the person responsible for payment wants validation that the boss approved the invoice for payment, they can review the documents history to confirm it was actually approved by the boss’s user account. The version history can be used to identify changes to the original document and can potentially identify fraud attempts where bank details for payment have been changed on an invoice. Aside from not falling victim to fraud, the benefits of keeping the records electronically rather than physically include incredibly fast retrieval of information and increased office space when you recycle the filing cabinets for scrap metal.

If you’re still using a manual process that involves printing, stamping, signing and shuffling paper around your organisation for approval that can be short circuited by e-mails, you are at risk of being scammed. If you think it won’t happen to you, think again as the Federal Government have been briefed on the severity of this trend because the losses are increasing into the millions. If you want to know more about how M-Files can help your business, please contact us.

M-File’s next release will include some powerful artificial intelligence services to help end users with metadata suggestions.

I mentioned in another article that the power behind IML’s ‘Intelligence Components’ comes from the integration of Abbyy’s Artificial Intelligence (AI) technologies into M-Files. Based on textual content capture and OCR these AI technologies interpret text using algorithms that analyse the meaning of the words and the relationships between them allowing real time classification of complex and unstructured data.

Even though it sounds complex, it couldn’t be simpler for the end user. Drag a document into the vault and you’re presented with ‘tags’ or ‘suggestions’ that you can click on to populate the metadata fields. The ‘tags’ are based on information in the document that matches metadata already in the vault. For example, your vault may have a list of suppliers stored as metadata to use when adding invoices. When AI reads the invoice, because it matches the supplier name with the one stored as metadata in your vault, a tag is created as a suggestion for you. All you need to do is click on it to add it as metadata, much faster, easier and more accurate than clicking in the field and typing the name to select it.

It doesn’t stop there either; AI based metadata tags can be invoked on existing documents when a property is changed. This is especially useful for business processes where metadata is added or changed along the way in a workflow. Going back to our invoice example, the initial metadata suggested when added didn’t include a description as this is to be populated by the person approving it.

If you want to know more about how to setup M-Files Intelligence Service to make suggestions when adding documents or when a property is changed, please contact us.

Artificial Intelligence for a Repository Neutral ECM

On a recent trip to California I discovered how convenient instant access to information from Google Assistant on my Pixel phone was to help make decisions in a place I was completely unfamiliar with. While navigating to the next stop I could ask for ‘places to eat’, ‘gas stations’ or ‘tourist stops’ and have suggestions, from data scattered all over the web, presented in real-time in Google Maps. Imagine if your ECM could do the same and present information and search results from all the different systems and repositories in your organisation in one simple familiar interface.

For this to work the ECM would need a common interface that connects to your CRM , Accounting System, shared network drives, file syncing services like Dropbox and OneDrive, e-mails and SharePoint as well as some way of reading all the content in those repositories and intelligently storing metadata to allow you to search on it. Combine the ability to add your own metadata to those items while preserving the content from its original repository so it doesn’t stop its use in the original system and you would have a very user friendly, ‘Repository Neutral ECM’ where the context is more important than where something is stored.

The figure on the right provides an overview of the ‘Repository Neutral ECM’ architecture that M-Files will release later this year with a vision that ‘Context is King’

The ‘Unified User Experience Layer’ is the ‘simple user interface’ that provides a single familiar user interface to interact with information regardless of the original repository. Think of it as Google Maps. This includes simple user access from any device including mobile apps for phones and tablets in addition to PCs. Just like Google Assistant’s ability to present outside information in Google Maps by simply asking, having a simple user interface means the user doesn’t need to learn other systems to be able to find relevant content in them and they can add their own metadata without stopping it from continuing to be used in the original system.

The ‘Multi—Repository Backend’ connects with the organisations repositories and systems via ‘connectors’ that include a set of core ‘out of the box’ connectors for repositories like network file shares, Office 365 and SharePoint, but also allow third-parties to develop connectors for other repositories and systems. This allows organisations to preserve legacy systems and avoid expensive integrations or migrations to new systems just to add functionality.

The ‘Intelligent Metadata Layer’ (IML) contains the intelligence components and multi-repository search along with the typical capabilities of an ECM such as search, dynamic views, workflow, security, version control and check-in/check-out. The intelligence components support automatic classification and metadata suggestions using text analytics. Like the Multi-Repository connectors, third-parties can add ‘metadata providers’ for specific industries or use cases. Along with text analytics, this layer includes machine learning to help improve suggestions based on user behaviour.

The power behind IML’s ‘Intelligence Components’ comes from the integration of Artificial Intelligence (AI) from Abbyy into M-Files. Abbyy produces Artificial Intelligence technologies based on textual content capture and OCR. This AI technology allows text to be understood and interpreted based on its content using algorithms that analyse the meaning of the words and the relationships between them. This allows accurate classification of complex and unstructured data in real time.

It’s exciting to see this automatic classification and metadata tagging in action, drag and drop a document into M-Files and you’re presented with ‘tags’ or ‘suggestions’ that you can click on to populate the metadata fields. Similar to how Google Assistant effortlessly presents pins on Google Maps of suggestions from your request on ‘places to eat on my route’.

The ‘tags’ are based on the content of the document being passed through the Intelligence Services in IML and returning matches. If you don’t like the suggestion you can still select metadata as you would in the past and the AI learns from your behaviour. This technology will improve the efficiency and accuracy of data typically entered by humans as the suggestions help you make the right selection.

The benefits of IML don’t stop at metadata suggestions, there’s also the External Connectors to other repositories. We’ve all used Windows folder search and most likely found it painful at the best of times, especially if it’s a network share. This is where IML’s External Connectors can help, because the content is indexed by the ‘Connector’ you can use M-Files powerful search feature to quickly locate a file based on its content rather than where you think it might be stored. It’s lightning fast and allows you to add your own metadata to any object from any repository to help you manage your information better. Having a connector for every repository in your organisation is a powerful concept that is difficult to ignore.

The Intelligent Metadata Layer allows organisations to have a true Repository Neutral ECM by providing Intelligent Services and External Connectors that present information from all the different systems and repositories in a single simple to use interface. It allows them to keep their legacy systems and avoid expensive integrations and migrations while providing simple efficient access. If you’d like to find out more on M-Files and how the Intelligent Metadata Layer can help your organisation, please contact us.

 Read my blog on 5 Things to Consider when Preparing for a Respository Neutral ECM.

1. Business Requirements

Establish the business requirements as a clear goal for your project and speak to all the departments across all locations and facilities in the organisation to get an indication on how many employees need access. One of my early projects during business requirements discovery the number of employees needing access increased to 115 from an initial 15 and fortunately the architecture scaled easily for the multi-site distribution of employees.

Be very clear about what you are trying to solve with each requirement and ensure that each stakeholder has had a chance to provide their list of requirements. At a recent project, it became apparent one of the biggest issues a majority of employees were having was needing information locked in a system they had no access to. This led to either using inaccurate or out of date information, or using inefficient methods to access the information through someone with a license. Management hadn’t provided access because the licenses were considered expensive and weren’t aware of the impact the work around methods were having on the organisation.

Prioritise the requirements with your project team and base the order on importance, technical complexity, risk and cost to implement. At a project where we were asked to provide a solution to standardise the handling of proprietary formulas within an organisation, several steps leading up to the conception of these formulas needed to be in place prior to work starting on the actual formulas themselves.

2. Current Information Locations

Identify all existing locations where information is stored including documents in file shares and file syncing services like Dropbox and OneDrive, databases including financial, service & CRM information and portals. A quick way to get a concise list is to ask finance for details on the software subscriptions and maintenance they pay or have paid in the past.

Establish the current and annual volume increase as well as types of information stored e.g Proposals, Invoices, Drawings, Customer Service Tickets etc… Modern ECMs like M-Files utilise compression and binary delta algorithms to efficiently store versions of documents, so your annual volume increase for migrated repositories will be considerably less. The site admin at one of my projects stated that after moving to M-Files where the chance of duplication and multiple versions of files was essentially wiped out, they went from network share storage increasing by 1TB per year to the M-Files vault only increasing by 50GB per year.

Determine which of these repositories need to remain in operation and which could be migrated into your ECM and be retired. We usually migrate things like legacy access databases that perform simple tasks like providing unique identifiers (e.g. batch numbers) to the ECM so it then provides the batch number as part of a workflow. You may have situations where it’s critical to preserve a legacy repository like a customer portal that allows service tickets to be raised. Its content can still be made available in the ECM for search capabilities and other purposes while its original functionality is preserved.

3. Security Requirements

Review the current levels of security within each repository that that will be accessed via the ECM and map them to one of the scenarios in the table below. The credentials used to access the external repository will be determined by the type of access specified for the connection. As an example, providing public access to Supplier and Customer lists may be necessary for all users in the ECM as this information is useful as metadata for other objects, whereas you may want to limit access to project related data to only the people in the project team. We often provide ‘metadata-driven’ permissions on project based data by including ‘project team’ metadata with the project so security access can be easily managed by the client.

The scenarios to consider when providing access to a repository via an ECM can be split into several categories:

Public

A common authentication is used to connect to the external repository, the ECM then controls access to the content via its internal security e.g Public Network Share

Public with Varying Permissions

Users and groups in the ECM are mapped to users and groups in the external repository to control access to specific content e.g Network Share with ACL restrictions to certain groups

User-Specific

The external repository dictates access rights requiring the ECM users to log into the repository with their own credentials e.g. SharePoint

4. Hosting Requirements

Determine if the system will be hosted on-premise, in the cloud or a hybrid to enable planning for hardware, review of service agreements with cloud providers or both. We’ve found to avoid delay in starting projects, development can be done on cloud servers during the process of hardware procurement and deployment, and then transferred once the on-premise environment is ready. It’s also quick and very easy to change cloud server specs to increase performance if needed.

Use the current volume plus expected annual volume increase values (from step 2) to determine what sort of backend the ECM requires as well as to establish storage and backup requirements. M-Files recommend using the embedded database option (Firebird) up to 50,000 objects and Microsoft SQL Server once that has been exceeded. If using Microsoft SQL Server, you also have the option of storing the file data within the database or as separate files. There are pros and cons that I’ll go through in another blog.

Size the hardware based on the number of employees and volume of data to be stored (from step 2), use the business requirements (from step 1) to help. Identify how connection will be made to each external repository (local or cloud) so connectivity can be determined either directly or whether a VPN is required. Where connectivity is difficult, it may be feasible to maintain a local copy that’s refreshed periodically or use technology that provides these capabilities.

5. Access Requirements

Establish the landscape for how employees will access the ECM keeping in mind it will become the central point to reference the connected external repositories. Most ECMs support access through Windows Desktop clients, Web Access and Mobile clients. If the ECM will be available externally, securing access via SSL or VPN is critical. On most of our M-Files deployments, our clients not only want access to M-Files via their mobile phone, but also on their laptops from anywhere! We use their SSL certificate (required for mobile access) and setup what’s called ‘HTTP over RPC’ so their M-Files Desktop Client connects securely whenever an internet connection is present. If you want to know more about setting up HTTP over RPC for M-Files, contact us.

Some ECMs support replication strategies where servers can be hosted in multiple locations and cache or replicate from a central location to provide efficient access to information. We’ve delivered successful projects where M-Files outperformed SharePoint when deployed to a customer’s remote locations as ‘cache’ servers that connect back to the main M-Files server via hardware based VPNs over 3G links. Consideration needs to be given to the technologies available to help meet access requirements.

For more information on M-Files contact us

As organisations grow over the years, so does the assortment of tools that are employed for various projects and departments. This often causes a headache for employees and business owners while information can become scattered amongst several disparate systems and locations.

Generally there are different products on different platforms with different security and data requirements. Together they assist a user do their job, but they are on different servers and possibly even different locations with different access and user rights.

This is a problem that affects many organisations today, and the problem will only get worse as more data is made available to employees.

By using an Enterprise Portal organisations can optimise their information management and empower their staff with personalised information in one place, sometimes with just one click.

An Enterprise Portal can be designed to merge this disparate information into one place, ready for the user to click on a button to access as well as interact with the program. An example might be where information is gathered from the:

• ERP system

• Production planning and control system

• Employee timekeeping system

• Inventory management

to be made available to the user with a simple mouse click. An extra benefit here is that users don’t need to log into each individual system separately which saves time.

The security level is placed on the user’s login to the Enterprise Portal as to how much they see and what rights they then have within each produce. Effectively you now have one secure system that accesses all of the information relevant to that particular employee’s function.

Further, if an employee enters the number of a certain product component, all information on this component is displayed immediately on the portal page, including:

• How this product is selling

• What revenue the company achieves with this component

• Whether there have been any complaints

• An image of the component

• How much time has been estimated for producing this product

• How much time is actually needed to manufacture this product

The data for this comprehensive information page is compiled from different systems, and provides the validated employee with the right information just when and where they need it.

It’s a holistic view which allows employees to serve their customers and managers quickly with relevant information. When a customer calls to enquire about an orders ETA, customer service staff can access relevant information, quickly and with accuracy as it is linked to inventory and manufacturing systems.

Contact us to learn more about how the Advance team can assist with your technology needs.