Synapse Blog
- 5 min read
- 5 min read
Many SMB owners think IT downtime only costs them a few productive hours, but there’s a lot more at stake when your systems go down. Customer satisfaction and loss of brand integrity are just two of the key losses apart from the more evident costs such as lost productivity and a temporary dip in sales.
Here’s a few other ways downtime can hurt your business:
1. Customer Loss – Today’s buyer lacks patience !important; They are used to getting everything at the click of a mouse, at the tap of a finger. Suppose they are looking for the kind of products/services that you offer and your site doesn’t load or is unavailable—even if temporarily– you are likely to lose them to a competitor—permanently.
2. Damage to Brand Reputation – Customers are now using Social media platforms like Facebook and Twitter and blogs to vent their bad brand experiences. Imagine an irate customer who doesn’t know if their card was charged on your site, or not, due to a server error. If it’s your bad day, they could probably be using Facebook or Twitter to share their bad experience, and it could be viewed by hundreds of people, causing irreparable harm to your brand image.
3. Loss of Productivity – When your systems don’t work, this can have a direct impact on your employees’ productivity. Consider a research firm of 200 employees where they primarily rely on internet connectivity to access the knowledge base. If the server hosting the knowledge base is down, there’s a total loss of at least 1600 work hours for one day.
4. Overtime, Repair and Recovery, Compensatory costs – In the above case, imagine the overtime wages the business would have to incur if they were to make up for the work loss they faced owing to downtime. In addition, there’s always the cost of repair—the money the business would have to shell out to fix the issue that caused the downtime and get the server up and running again.
In some cases, businesses would have to incur additional costs to make customers happy. These could include giving away the product for free or at a discount, or using priority shipping to make up for a delayed order.
5. Possible Lawsuits – Businesses could also be at the receiving end of lawsuits. For example, a downtime that has an impact on production, delivery or finances of the customer could invite litigation.
6. Marketing Efforts Rendered Useless – Consider a pay-per-click advertisement that shows up for the right keywords on Google, or an extensive e-mail campaign that your business engages in. However, when the prospect clicks on the link, all they see is an error message – Isn’t that a waste of your marketing budget?
The bottom line—one natural disaster, one technical snag or just one power outage has the power to put you out of business – both virtually and in reality. It’s probably time to think about how you can mitigate the threat of a possible downtime and whether your MSP can act as an effective and efficient ally in this battle for you.
- 5 min read
Some people think that search engines allow them to access all the websites on the internet. Do you think the same?
Google and other search engines don’t give access to all the websites on the web. They barely allow you to scratch the web’s surface. Below this outer surface lie the internet’s many hidden layers – those that cannot be found through ordinary search. These hidden layers are called the “dark web”. The name sounds intimidating, right? Let’s take a look at what dark web is and what you can find once you access it!
Dark Web
The web is divided into three parts. The first part is called the surface web which includes normal websites that can be found through search engines. The second is the deep web that includes websites that search engines cannot index or present in search results. Online banking sites are examples of deep web websites. The third part is the dark web. Dark web is completely different from the other two parts as it can only be accessed through specialized browsers.
Dark Web Users
Dark web provides complete anonymity to users, which is why it is popular among certain parties who wish to keep their identity hidden. This tool is used for illegal and shady activities like sale of firearms, drugs and child pornography.
Silk Road was the first black market on the dark web. It led to the creation of other black market websites. The authorities shut down Silk Road in 2013. The founder of the website was also arrested and sentenced to life in prison. Many similar websites are still operating on the dark web and authorities haven’t taken any action against them yet.
Dark web isn’t just used for nefarious purposes. It also supports many conscientious actions. For example, Edward Snowden, the former NSA employee and later whistleblower, exposed United States government’s mass-surveillance program by sending information to media outlets and reports through dark web. Dark web is also used by activists and journalists to avoid getting traced by people who would want to cause them harm. In some countries, users aren’t allowed to access specific social media platforms and websites. Dark web can be used to access those restricted websites.
Entering the Dark Side of the Web
Dark web is mostly accessed through a browser called Tor. Tor allows users to access sites on the dark web which have a .onion domain at the end of their web address. These websites are not accessible through normal web browsers.
In addition to Tor other browers like I2P or Freenet can be used to access websites on the dark web. Tor and other browsers enable users to access deep and dark web sites while keeping their identity anonymous. However, it is important to note that Tor won’t protect users from malicious content on websites. Therefore, you should be careful when accessing dark web sites through Tor.
- 5 min read
Synapse is excited to announce that we are now a Datto Professional Partner. Being part of the Datto Professional Global Partner Program means we can help to protect essential business data for our customers, while delivering uninterrupted access to data on-site, in transit and even in the cloud. This service is an integral part of any Business Continuity plan.
So what is Business Continuity and why is it Important?
Business Continuity is about having a plan to deal with difficult situations that may arise within your business such as flood, fire, theft, cyber attack or hardware failure. It’s important to ensure your organisation can continue to function and is protected with as little disruption as possible when a difficult situation arises. Your plan should help you to:
- Identify and prevent risks where possible
- Prepare for risks that you can’t control
- Respond and recover if an incident or crisis occurs
Make a Plan
A good Business Continuity plan is the first place to start when thinking about BC. You need to ask yourself, how long would your business be down for in case of fire, theft, flood or hardware failure? How much time, data and money would you lose? A plan recognises any potential threats to an organisation and provides an analysis on the impact that threat may have on day-to-day operations of the business. It also provides you with a way to alleviate these possible threats by putting in place a framework to allow key functions of the business to continue operating and re-establish full function as quickly and smoothly as possible.
Key Elements – Resilience, Recovery and Contingency
A Business Continuity plan should have these three key elements:
- An organisation can increase their resilience by designing critical functions and infrastructures with different disaster possibilities in mind. This can include functions such as staffing rotations, data redundancy and maintaining a surplus or stock or capacity.
- After a disaster, rapid recovery to restore business functions is vital. Setting recovery time objectives for different systems, networks or applications can help to prioritise which elements need to be recovered first.
- A good contingency plan should have procedures in place for a variety of external scenarios; these can include a chain of command that distributes responsibilities within the organisation. These particular responsibilities can include hardware replacement, leasing office spaces as well as damage assessment.
For more information on how we can assist you with your Business Continuity plan, please contact Synapse here.
- 5 min read
The ‘chronic failure’ to use secure passwords has grown increasingly concerning for individuals and companies alike. Password hacking software now enables passwords, thought to be safe, to be unscrambled within seconds.
We have compiled the top reasons why implementing a complex password policy is vital for your protection and exactly how to put it in place.
The most common passwords
According to Keeper Security the most common passwords of 2016 included ‘123456’, ‘qwerty’ and ‘password’, while approximately 50 per cent of people use the top 25 most common passwords. Shockingly, data reveals this list has remained relatively unchanged over the years, showing user understanding on the importance of complex password policies remaining limited.
The two main types of hackers
Although hackers differ in the methods they use to access your personal information, you can definitely educate yourself about the two main types of hackers.
Opportunistic
The motivation behind opportunistic hackers often lies behind simple boredom and the quest for notoriety, rather than a fixed goal. Such hackers often target a large group of people, adopt simple and well known hacking methods, yet make little attempt to conceal their actions. Trustware revealed the main warning signs you are being targeted by an opportunistic hacker include ‘missed delivery’ spam and phishing emails.
Planned
Planned security attacks, however are targeted attacks on a specific organisation or person. These attackers use modern and sophisticated hacking methods to cause damage and steal valuable data. Planned hackers go to great lengths and time to conceal their actions and are often experienced individuals who are motivated by high monetary gain. How do you know if you’re being targeted by a planned hacker? These individuals often call up companies imitating a specific person affiliated with the company and requesting information.
The 4 most common hacking methods
Brute-force attack
Brute-force attacks use automatic computer programs to decrypt files by calculating every password combination possible, at an incredibly fast rate, until correct. Used against any type of encryption, as updated and faster computer hardware becomes available, these attacks become more efficient and successful.
Dictionary crack
A dictionary attack occurs when a large list of words are entered into a software program in an attempt to generate a password. These attacks are incredibly popular as individuals and companies leave themselves vulnerable by choosing weak and common words as passwords. These attacks also occur through email spamming techniques whereby large amounts of emails are automatically generated and sent to random addresses in the attempt to spontaneously reach real email addresses.
Phishing
Seemingly obvious to avoid, phishing attacks are incredibly common whereby hackers simply ask users for their passwords. This most commonly occurs through emails claiming to be online banking requiring you to login and provide information. Banks will under no circumstances require you to provide such details over email, yet many unsuspecting individuals often fall trap to this hacking method.
Social engineering
An extension of phishing, social engineering occurs externally to online methods. In these cases, hackers actually call or come face to face with users, while impersonating someone affiliated with the business. The most common impersonation is that of an IT security tech, who calls the business and claims to need passwords to alleviate a security issue.
Most important things to include in your password policy
Due to the enormous security threats associated with a poor password, it is clear a company’s best interest is to implement a complex password policy. Although it would be ideal if website operators enforced basic password complexity policies, research shows the majority fail to do so. Therefore, the ultimate responsibility lies within the user to protect themselves with a secure password.
Create a strong password
The passwords most resistant to hacking are those made up of a mix of numerical, uppercase, lowercase and special characters, opposed to common words and simple number sequences. These passwords are incredibly effective against dictionary attacks as they are not common words and considerably slow down the efficiency of brute-force attacks. For example, create a password out of a complex sentence, which can even be about yourself! “I am 30 and work in IT’ can be translated to ‘Ia30awiIT’. This is considerably safer than your name and your profession.
Two-factor authentication
Ensure login processes include this multi factor authentication, which requires not only a password but another external piece of information that can only be accessed by the correct user, such as a phone number.
Different passwords for logins
Many companies require numerous passwords to access a vast array of different platforms. In this case, it is imperative each password is different to one another and do not vary in levels of complexity. In this case, if one password is compromised the others remain safe and protected.
How to remember your safe password
Now you’ve got your strong and unique password (potentially numerous of them!), you might be worried about how you’re going to keep track of them. Fortunately, there are many password manager platforms available, such as IPassword, which easily store your passwords and provide access with a simple click.
Here at Synapse IT, we can work with your business to create organizational group policies for password management. These policies enforce systems and rules to using strong passwords and will add a significant layer of protection for your company. If you would like further information regarding us, feel free to contact us!
Weak, predictable and common passwords leave your financial and private information vulnerable to hacking. It is essential that businesses and individuals alike enforce mandatory strong password policies, based on the information we’ve provided to significantly reduce the risk password hacking.
- 5 min read
Last week, an unusually sophisticated phishing campaign appeared to target Google’s 1 billion+ Gmail users worldwide, seeking to gain control of their entire email histories.
The worm, which arrived in users’ inboxes posing as an email from a trusted contact, asked users to click on an attached “Google Docs” file. Clicking on the link took users to a real Google security page, where users were asked to give permission for the fake app, posing as Google Docs.
Once the user entered their details, the worm sent itself out to all of the affected users’ contacts, spreading rapidly with every new victim.
Google said it has “disabled” the malicious accounts and that the vulnerability was exposed for only about one hour. During that time, a spokesperson reported that “fewer than 0.1 percent of Gmail users” were affected, a percentage which would still be about 1 million users.
While the scam appeared as an authentic Google Doc email, one of the biggest giveaways was the sender address which appeared as hhhhhhhhhhhhhhhh@mailinator.com.
In order to ensure you don’t fall victim to the next phishing scam, here’s everything you need to know about phishing and how you can avoid it:
What is phishing?
Phishing is a technique used to trick you into giving out personal information such as your bank account details, passwords and credit card information. While phishing can come in the form of phone calls and website downloads, the most common form of phishing attempts occur via email, where scammers pose as trusted companies, so that you’re tricked into disclosing personal information.
Phishing emails can look authentic, featuring corporate logos and fonts similar to legitimate emails. Some common examples of phishing include the scammer saying that your bank is verifying customer records due to a technical error. Or, they may ask you to fill out a customer survey and offer a prize for participating.
Alternatively, the scammer may alert you to ‘unauthorised or suspicious activity on your account’. You might be told that a large purchase has been made overseas and asked if you authorised the payment. If you reply that you didn’t, the scammer will ask you to confirm your credit card or bank details so the ‘bank’ can investigate.
Tips on how you can avoid phishing scams:
Note the language Used in the email
Fraudsters often include threats which will try and get you to react immediately. Emails threatening to close your account or stating that urgent action is required, are often sent by scammers who want you to think your information is at risk.
Does the email have spelling or grammar errors?
Cyber criminals are not known for their grammar and spelling. Most professional companies have editors who will thoroughly check mass emails for any spelling and grammar errors before being sent. If you receive an email with spelling and grammar errors, it’s likely you’ve received a phishing email. In addition to spelling and grammar mistakes, look at the general layout of the email. As you can see from the phishing email from ‘Australian Government Department of Human Services’ below, some phishing scams appear unprofessional in both their layout and wording.
Is the greeting personal or generic?
If you’ve opted in to receive emails from banks, online shopping companies and other businesses, chances are they will have your name in their database and address emails with a personal greeting. Phishing emails are usually sent out on mass and therefore will most likely have a generic greeting such as “Dear member”, “Dear customer” or “Hi There”
Does the sender address match the company?
Sometimes phishing emails will look professional until you look at the sender’s address. If the sender address does not match the corporation that emailed you, it is likely to be a scam.
While spelling errors and the tone of the email are the easiest way to spot a phishing email, some scammers have managed to make messages look authentic by using legitimate-looking logos and font. As with the Google example above, one of best ways to spot a fake is by looking at the sender email address. If the address does not match up with the company that allegedly sent the email, delete it immediately.
Are links legitimate?
Links on a phishing emails can look very similar to those of a company’s legitimate website. If you are unsure of the legitimacy of a link, don’t click on it. Instead, hover your mouse over the URL and see if the URL matches the real web address (which will come up in a yellow box under the link), if they don’t match, its likely to be a malicious email.
Are you affiliated with the company that sent you the email?
While it seems obvious, receiving an email asking for urgent action can cause unnecessary stress and immediate response. If you receive an email from a company or service provider that you are not affiliated with, delete the email immediately.
Over the past week alone, the team at Synapse have received a number of phishing emails. If you receive any of the following emails, do not click on any links and delete them immediately:
A Phishing email posing as The Department of Human Services
A Phishing email posing as Myob
Taking the above tips into account, you should be able to confidently differentiate a legitimate email from one attempting to steal your personal data. If you’re still unsure about a particular email, feel free to give the team at Synapse a call on 1300 903 405.
- 5 min read
Scheduling backups, monitoring systems and undertaking routine maintenance can be hard work for businesses that don’t specialise in IT. After all, it can be easy to forget about IT altogether until something goes wrong!
That’s where outsourcing comes in! While outsourcing often connotes images of scripted telemarketers and terrible hold music, outsourcing your IT to a specialist company can reap numerous benefits, including the obvious advantages of cutting costs.
But is there more to outsourcing than the bottom line?
In this article we will discuss the 3 R’s of subcontracting your IT to an external company: The reasons, risks and rewards.
The Reasons
There are numerous reasons why companies choose to outsource their IT, here are some of the most popular motives:
Reduce and control operating costs
The main driver of IT outsourcing for many companies is reduced spending. Depending on your business size and your agreement, you could save up to 40% on your IT spend.
When you outsource your IT, both capital and operating expenses can be reduced. You don’t need to purchase expensive hardware, or hire employees to perform certain IT functions. What’s more, most IT companies offer fixed cost packages, which means your IT spend is predictable with no nasty surprises or expensive time and materials costs.
Improve company focus
For small businesses especially, trying to juggle IT management, consistent marketing efforts and bookkeeping can be a struggle. Outsourcing enables you to focus on your core competencies, allowing experts to take care of other functions in your business.
Gain access to exceptional capabilities
Your return on investment is so much greater when you outsource your IT to a firm that specialises in the areas you need. Instead of just the knowledge of one person, you benefit from the collective experience of a team of IT professionals. Most IT companies, including Synapse requires their consultants to have proper industry training and certifications, meaning your business is in very safe and capable hands.
Reduce Risk
Keeping up with the technology required to run your business is expensive and time consuming. Because professional outsourced IT providers work with multiple clients and need to keep up on industry best practices, they typically know what is right and what is not. This kind of knowledge and experience not only reduces your risk of implementing a costly wrong decision, but ensures your system is proactively monitored and maintained at all times.
The Risks
As with most things in life, there is risk involved in outsourcing your IT which can cause headaches if inadequate planning and research has been undertaken before selecting an IT company.
Business owners who consider outsourcing IT functions need to be aware of the following risks:
Lack of Confidentiality
When hiring an IT company to oversee your entire IT system, the confidentiality of data and disaster recovery can sometimes come into question, as IT providers require your passwords to access your system. Before you sign on to an agreement, ensure the IT company is professional and reputable. The testimonials section of the company’s website is a good place to start.
Employee morale may be affected
If you will be laying off employees to replace their job functions with an outsourced IT firm, employee morale can be affected. Often employees who survive lay-offs can be left feeling depressed or insecure about their position. Research shows that reduced commitment and diminished productivity can linger for the better part of a year after a layoff takes place.
You may get “locked in” to a contract
More often than not, IT companies require you to sign a 12 or 24 month contract. If you haven’t established clear expectations with your IT service provider, you could be in for a very frustrating and tiresome two years.
Before you agree to anything, ensure you and your IT provider are on the same page with everything from contract inclusions, response rate and excess charges. Still not sure what to ask? view our list of things you should cover in your IT support agreement.
The Rewards
Cost
As we’ve already mentioned, outsourcing your IT to a team of experts can save your business a significant amount of money. Not only will you save money on costly hardware and equipment, but with a team proactively monitoring your system, the risk of downtime and idle staff is reduced enormously. Even in the event of a catastrophe, robust backup and recovery procedures significantly reduce the risk of losing important company data. IT outsourcing providers ensure that data centers have appropriate defences, such as firewalls and security information and event monitoring software.
Access to the latest and greatest in technology
As technology is constantly evolving, software and operating systems can quickly out-date leaving you vulnerable to viruses, hackers and loss of valuable data. Keeping up to date with everything can be time consuming and challenging, especially if you aren’t sure what tools need to be implemented to achieve your IT goals.
Whether you switch the cloud or keep a server on premise, outsourcing your IT means you will get expert advice on the latest technology and solutions to suit your business’ particular needs.
Reduced Risk and Increased Flexibility
Technology is expensive, and making wrong decisions is costly. An IT services provider has a solid base of experience that assists with making the right technical decisions. If you decide to change your technology strategy, your IT provider will have tools and services to help you transition.
Working with an IT services provider also provides flexibility that enables companies to scale their system as their business grows (or downsizes). If your company is growing rapidly and needs additional capacity, an IT services provider can rapidly bring additional servers and storage online.
When managed properly, outsourcing your IT services is a great way to save costs, increase reliability and keep up to date with the latest software. If you are considering outsourcing, why not get in touch with the team at Synapse IT.
Contact Us Today
Reach new heights in your industry through beginning the transition to managed IT solutions.