Your Business IT Partner

Category Archives: IT Security

Educating Your Staff on Cybersecurity

A business owner or the IT team can only do so much when it comes to your company’s IT security.

Every member of your team is both a potential security risk and a safeguard against the bad guys on the world wide web.

And it’s actually pretty easy to make sure your team is sitting firmly in the second camp.

It starts with some awareness and a little bit of education about what kind of security risks your business faces online.

Staff are a favourite target of attackers. Many types of cyberattacks, such as phishing campaigns, rely on people clicking links or downloading something that gives the bad guys access into a network or system.

Educating your team on what to look out for will help them spot cyberattacks and report them before it’s too late.

Base2’s user awareness training does exactly this.

A number of companies, including those in the insurance industry, require the completion of user awareness training by all staff members.

Base2’s User Awareness Training

Our user awareness training is done in four or five stages:

  1. User awareness Intro Webinar               
  2. Phishing Attack Simulation                                
  3. Reporting on Users at Risk                                  
  4. Follow up Communication                                 
  5. Targeted Training (Optional)

1. User Awareness Intro Webinar

We kick things off with the education portion:

  • Why cybersecurity is important
  • What you’re doing to keep the business secure online
  • What this means for them, and what you need them to do
  • What the threat landscape is

The webinar is tailored for your business and industry, and there will be a recording available for future reference.

2. Phishing Attack Simulation

Running over ten working days, we create a user “attack” campaign and assess how your team responds.

  • We’ll design the campaign
  • Setup and define user groups
  • Monitor campaign engagement

3. Reporting on Users at Risk

Following the simulation, we’ll review what happened and present to you:

  • A report on campaign results 
  • Break down users at risk

You’ll see how prepared your team is for a cyberattack and whether you have any security risks walking around in your office!

4. Follow up Communication

It’s imperative to then advise your whole organisation of the results – what went well, what didn’t, and what new security measures you’re putting in place going forward.

The results will be anonymous, and we’ll work with you crafting the internal comms and your vision for your company’s cybersecurity going forward.

5. Targeted Training

There is also the option for us to come in and provide targeted training for your team based on the results of the phishing simulation.

Book in Your Team

Cyberattacks against businesses continuing to rise, and your staff are a potential target. There is no time like the present to educate them on your company’s security risks.

To find out more about Base2’s user awareness training or book in a time – get in touch.

Cyberattacks & Microsoft Exchange Vulnerability – What You Need To Know

Every so often, a cyberattack makes its way into the news.

The latest is the Microsoft Exchange Vulnerability – which sounds a little bit like a Jason Bourne movie.

Jokes aside, it is a pretty serious cyberattack, and Microsoft has been releasing patches to fix the four vulnerabilities that the bad guys (the industry term, funnily enough, is “actors”) have discovered and are exploiting.

So what actually is the Microsoft Exchange Vulnerability, why should you care, and how can you protect yourself and your organisation from cyberattacks?

The threat of cyberattacks can seem non-existent for New Zealand businesses, but the reality can be pretty scary.

What is Microsoft Exchange?

Many organisations use Google or Microsoft’s cloud email servers through Google Workspace or Microsoft 365 (that’s you if you’re a Base2 client!).

However, a number of organisations manage their email server on-premise and Microsoft Exchange Server is one of the most popular software platforms to use.

In very simple terms, it’s the backend to Outlook where all the technical email stuff happens.

What actually is vulnerable?

Microsoft Exchange Servers 2010, 2013, 2016 and 2019 are the ones at risk.

Each has four vulnerabilities that hackers can exploit to get access to your organisation’s emails.

These vulnerabilities can also be used to leave behind a web shell – like a hidden gateway – that will allow the hackers access, even if the patch (which contains fixes for the vulnerabilities) is installed.

Is this a big deal?

If you are running one of those Microsoft Exchange Servers – it is a massive deal.

All your organisation’s emails could be accessed, published on the internet, ransomed and deleted. Ouch!

What should I do?

Quickly install the patches that Microsoft have released the fix the issues.

Then you’ll need to try and identify if someone had got in before you installed the patch. This may mean you need to rebuild your Microsoft Exchange Server.

Feel free to reach out to our team if you need some help at this point!

I’m a Base2 customer. Am I running a Microsoft Exchange server?

No, you’re not. If you’re one of our customers, you can relax.

Your emails are hosted through Microsoft 365 and are not affected by the cyberattack.

However, you can’t relax when it comes to cybersecurity

There are way more cyberattacks (including big ones) than what is published in the media.

Organisations are constantly having to defend themselves from bad guys all over the world trying to get into their IT systems.

And, there is no such thing as being too small or flying under the radar. When it comes to cyberattacks, everyone is fair game.

So, how can you protect yourself from cyberattacks?

Cyberattacks can, in some cases, be so devastating that companies go out of business.

While this is at the extreme end, even smaller successful attacks, which take your systems offline for a period of time or steal confidential or private data, can have a significant impact.

This is why prevention is way more effective than cure.

If you have the right security measure in place and up to date, your organisation is in pretty good shape to fight off the multitude of attacks out there.

We recommend starting with these three steps:

  1. Use two-factor authentication on everything.
  2. Run a security score check to help identify improvements to your security settings. You can do this with us!
  3. Speak to your IT provider (or us!) about potential security threats and events. The earlier these are identified, the less they tend to be an issue.

We can help

The threat of cyberattacks can seem non-existent for New Zealand businesses, but the reality can be pretty scary. That’s why we’re here to help – whether you’re affected by the Microsoft Exchange Vulnerability or want to make sure your cybersecurity is up to scratch – get in touch with our team.

Base 2 Software: Our New Offering with New Capabilities

The world of IT software can be a bit of a minefield, and figuring out who offers what, where and how isn’t always the easiest of tasks.

That’s why we’ve created Base 2 Software. Because for us, IT is more than just systems and processes, it’s about helping your business be the best it can be. 

What Base2 Software Services can do for you: 

Software Solutions and API development: We are fast to market, follow agile methodologies and offer tailor made software solutions, with early feedback and iterative development.

Solutions Architecture: We know the latest in technology inside out, so you can trust us to provide technical leadership with software that scales, and is future proof. 

Mobile App Development: We work across android, iOS and hybrid.

Business Analytics: We help you make the most of your company’s data.

Rapid Prototyping: We take your ideas and find a software solution to support them (fast!) 

Agile Project Management: We manage projects using an iterative approach, with clear and concise user stories, and customer feedback as soon as possible.

Software support and hosting: We provide continued support and maintenance of your existing systems, as well as offering customised hosting. 

Azure Best Practices: We implement solutions for Azure resources to ensure a scalable and cost-effective hosting environment. With the security to match.

The integrations and tools we use to do this:

  • Xero: Online accounting software
  • MYOB: Business management software
  • PowerBI: A data visualisation tool
  • Autotask: IT business management software provider
  • Viator: Tour and travel management online software
  • Zapier: Connects your apps and automate workflows
  • TradeMe: NZ’s most popular auction site
  • Microsoft Teams: The hub for team collaboration in Office 365

Book your free no-obligation consultation today to get started.

The Benefits of Leasing: Jump-start Your Business, Conserve Capital

Delaying equipment upgrades and acquisition due to capital constraints slows growth potential. Instead of waiting, many forward-thinking businesses are turning to the power of leasing. 

What is leasing?

Leasing is a pre-approved line of credit that your business can draw down as needed for ongoing equipment and technology requirements. 

There are a variation of lease types – they all allow you to get the equipment you need immediately, generate income and put your capital to better use elsewhere in your business strategy.  

Why lease? 

It’s the fastest, most convenient way to acquire new technology. Plus, it’s a super-flexible and cost-effective way to achieving sustainable growth. Other benefits include:

  • Improved cashflow management – with no large capital outlay
  • Easy-to-manage monthly payments instead of one large upfront payment
  • Regular upgrades and replacement cycles so your business is always up-to-date
  • A redeploy of capital for more efficient use and improved ROI
  • An avoidance of the costs that come with outdated equipment
  • Tax advantages
  • Paying for equipment as you use it to generate profits
  • A responsible disposal of your tech assets at the end of their life 

Which lease?

Every business is different and will call for a different kind of lease. Match your lease to your equipment and choose one that suits you budget and business requirements. 

For example, fast depreciating items suit an operating lease with end of term upgrade options, whilst items with a long useful life might be better obtained on leases with an ownership outcome.

A smart way of acquiring new equipment, leasing is a new and viable avenue for many organisations. Find one that includes all setup costs, licensing and caters to your business needs today.

How Do I Recycle My Computer? The Deal with e-Waste in New Zealand

Every dog has its day. Every electronic device has its final system crash. 

Time to get rid of your beloved Mac? First, the facts:

  1. The components and materials used to create computers and other electronics can be toxic when leaked into soil, atmosphere and water systems via improper disposal. 
  2. Chucking computers and other e-Waste into the trash causes landfills to overflow.
  3. Disposing of your e-Waste properly protects the environment and you and your business against leaks of secure information.

Many companies in New Zealand have tried to recycle the complex mix of e-Waste by several different approaches, but are always hindered by the lack of volume needed to cover the large setup and processing costs. 

In short, we just don’t have the volumes to make recycling e-Waste material viable. 

So, how do you dispose of your computer? Luckily, there is a way. 

With our partners, Computer Recycling Ltd, you can rest assured that your recycling is going to its final resting place without harming the planet.

They use a technical approach to divide out e-Waste:

  • For Reuse 
    • These items are tested and refurbished then marketed to their parent company. 
  • For Recycling
    • These items are prepared, dismantled and packaged.

The team also use data destruction software for your business’ protection and even offer a free pick up service for 10 items or more within a 25km radius of Auckland City.

It really is that simple. 
Do your bit. Get in touch with Computer Recycling today.

Ransomware Protection: Important message on the latest attacks

Following up on our message over the weekend, we would like to provide you with further important information about the dangers of CryptoLocker, the virus which got spread around the world over the weekend.

Strange and Unwanted emails – If in doubt, don’t open and delete!
The biggest way that computers get infected, is by Email Phishing.
Phishing is a method that Virus makers use to trick you in to opening emails, visiting a website and clicking links for something that you may think is genuine.

What do these include?  Emails posing to be from PayPal, eBay, NZ or AUS Post, the Major Banks (ANZ, Westpac, ASB) etc.
Recently there has been a Cryptolocker outbreak where a lot of emails are coming through with resume as an attachment as well.

Do they have attachments?
Most of the time, they do have attachments which are mostly ZIP; DOCX; PDF or EXE files but there could be others as well.

If you receive an email and you’re unsure of its origin – DELETE IT!
It is better to be safe than sorry!
Other ways the virus can be contracted is from Illegal software download sites such as using BitTorrent.
Whilst “free” music and movies are readily available – they are prone to be infected.

What does CryptoLocker do?
The CryptoLocker virus encrypts your entire hard drive content and your computer becomes completely unusable.
Once your data is encrypted, there is virtually no way to get it back, unless you have a backup.

Regarding the latest Microsoft Updates, how can I apply?
All our managed computers are patched/updated every day at 3:00PM if the computer is online and you have not requested to be out of this schedule.
A number of these updates only finish the installation after the computer is restarted, so we are advising everyone to restart your computer at the end of today and every day.
If you missed the updates today, don’t worry our system will try to apply them again on the next day until your computer is online.

I suspect or I’ve been hit with CryptoLocker, what can I do?
The first thing to do is isolate the spread of the Virus.
Disconnect your computer from the internet by removing the Ethernet cable and/or disconnecting from Wifi.

Contact Base 2 Support straight away at 0800 14 2273 or email at [email protected]

Under no circumstances should you pay the ransom money.

Regards,
The Base 2 Team

NZ News: Popular LED name-badges open computers to hackers

A popular Christmas gift from Typo may expose computers to hackers. Hidden software installed on the device means inserting the USB accessory into your computer could leave you vulnerable to attacks, particularly from overseas hackers installing Ransomware.

Ransomware is a type of virus that essentially locks down your files until you pay the hackers a “ransom” to release them.

(original article on Newshub.)

READ MORE

“You Hacked!” – San Francisco Transit Hit with Ransomware

San Fransisco’s light rail system was compromised over the weekend and passengers were greeted with the message, “You Hacked!” at ticket kiosks. While kind of funny, this could have ended very differently.

Turns out the attackers weren’t initially after attention, however they did demand a ransom in Bitcoin, and threatened to release data if it wasn’t paid.

It doesn’t look like it’s gone any further at this stage but what ended up being an inconvenience could  have been a very expensive and embarrassing occurance.

This serves as a reminder to be vigilant for vulnerabilities in your network. As the attacker said themselves in an email, the “SFMTA network was Very Open and 2000 Server/PC infected by software!”

Source: Techcrunch – read more here

Cybercrime costs $600 billion a year

Awareness is high when it comes to Cybercrime: around 90% of Kiwis admit that they stop to think before clicking on links and attachments in emails.

Training on cyber security at work is scarily low, however, with only 17% of Kiwis saying they’ve received advice on security. The impact of this lack of training could be putting thousands of NZ businesses at risk.

Communications minister Amy Adams explains that cybercrime is now “bigger than the global drugs trade” with a cost of around $600 billion a year”.

Read More Here: IT Brief – Cybercrime Now bigger Than Global Drugs Trade

Our Partners: