new report (published by Microsoft themselves!) has shown the company’s cloud cyber security attacks have increased by an astonishing 300% from 2016. Microsoft alarmingly announced hackers have found a new ‘favourite target’, highlighting the undeniable fact you must keep your cloud based activities incredibly secure.

No idea where to start? Read below to find out the top 4 methods cyber hackers love to use, how to reduce your risk and what to do if you encounter one.

  1. RANSOMWARE

A ransomware attack occurs when malicious malware, which is activated by hackers, completely disables your computer. In these cases, hackers demand a monetary ransom to restore the computer back to its original state. In some cases, after an attack you may simply lose all your data, however there are still things you can do to reduce future risk.

What to do to

  • To reduce the impact of a ransomware attack always ensure your important files are backed up at all times
  • Contact legitimate authoritiesto report the crime
  • Never pay the ransoms! There is never a guarantee the hackers will rid your computer of the virus, while profiting malicious attackers actually helps to grow their ‘industry’
  1. EXPLOIT KITS

An exploit kit is a bundle of malicious software that can quickly locate a computer’s vulnerabilities and take advantage of them. Once installed on a compromised web server, it has the potential to reach any computer lacking security updates which visits the site. Trojans were the most commonly encountered software causing serious problems for Microsoft users.

How to avoid exploit kits

  • Install an antivirus and anti-malware softwarefor an added layer of security
  • Ensure your computer is regularly updated so the latest security patches are constantly installed
  • Educate yourself! A 2016 survey showed 68% of all business reported their employees were unable to identify the key warning signs of a cyber attack.
  1. ACCOUNT SIGN-INS

Microsoft’s report showed account sign-in attempts from malicious IP addresses rose by a whopping 44%. Shockingly, hackers can simply use stolen sign-in credentials of a user giving them easy access to your private information.

How to keep your login details safe

  • Have a strong password policy! The number one reason behind Microsoft’s increased attacks was from weak, guessable passwords. Read our blogon how to create a complex password policy today!
  • Avoid working in public Wi-Fi hotspots to reduce the risk of attackers overhearing your login details
  • Don’t be fooled by impersonators! Many hackers disguise themselves as IT consultants and will ring to ask for your login details, make sure you always know if you’re speaking to someone legitimate.

HIGH RISK ZONES

Two thirds of Microsoft attacks occurred within the US (32.5%) and China (35.1%). Even if you don’t live in these high risk zones, the remaining attacks were spread amongst a whopping 116 other countries, including Australia and the UK.

Do not put yourself at risk of cloud-based hackers! Have peace of mind that your important data is kept safe and secure, just as it should be. Contact Synapse IT Consultants today to see how we can help with your cloud security today.

We understand what it’s like to feel inundated with notifications requesting software updates on your devices. Many simply choose to ignore or put off these updates, seeing them as unnecessary and a waste of time. Many ask, if my phone is working fine as it is, why is an update necessary?

Read below to find out the 4 most important reasons why you simply cannot avoid updating your phone and some simple tricks to make updating your mobile a breeze!

Top 4 Reasons why you Can’t Ignore Phone Updates
  1. Security

All software systems are exposed to  flaws and people generally find out what they are. Google is no stranger to the dangers of flaws within their devices. In fact, they have a group of security researchers whose sole job is to attempt to hack into their own product before hackers do. Even with these systems in place, many hackers figure out security loopholes first, gaining access to personal and sensitive user data. For this reason, apps will create updates with new security improvements and bug fixes.

  1. Stability

Software updates will not only lessen your security vulnerabilities, but will create a much more stable user experience. For example, if your computer frequently crashes, updating the new version of a software can solve this issue and why the feature has not been working properly.

  1. Features

Interesting, fun and easier to navigate new features are constantly being created by developers. Simply updating when requested to do so will ensure you can take full advantage of them, such as those listed below.

  • Facebook’s new update introduced ‘Live Stream’
  • YouTube’s new update introduced split screen mode on Ipads
  • iOS 9.3’s newest update introduce ‘Night Shift’ mode, displaying a sleep-friendly hue!
  1. Performance

By keeping your software regularly up to date, your device will likely run much faster and smoother than before. The current mobile user has an array of applications on their phone, many of which are used numerous times a day. Therefore, it is important you have a device which is not slowed down by outdated software.

Top Things to Remember When Updating
  • Make sure your phone is connected to Wi-fi and the ‘Use Cellular Data’ is switched off at the time of download. If you’re phone is not connected to wifi you’re at risk of losing massive amounts of data usage and ending up with one hefty phone bill!
  • Turn on automatic downloads on your device! Many people think they need to constantly be bothered by those pesky update reminders, otherwise they will miss out.. However, all you need t to change the automatic download setting on your mobile to make updating a breeze.
  • If you find everyone raving about that latest update, make sure you check the software developer’s website for update announcements so you don’t miss out.

It may be tempting to ignore those pesky update reminders when you’re coming home from a long day at work.However, next time you see that update it is wise to remember the numerous benefits for your device and overall personal security!

Every time you install an application onto your phone, you are asked to allow that app certain permissions in order for it to function properly. However, by allowing these permissions you in turn leave your personal information vulnerable to exploitation.

Research shows nearly 30% of free mobile apps access and subsequently misuse a user’s personal data. After the app is downloaded, user data is then often used for targeted marketing purposes, while some companies actually sell it. Unfortunately, many people are unaware that the information they provide is not necessary for the app to function and actually puts their security at risk.

Below we’ve outlined some of the most high-risk apps, which may find you re-evaluating that seemingly casual download in Apple App Store and Google Play!

Top 4 High-risk Applications

1.Snapchat
Research shows Snapchat has 166 million daily active users, increasing 36% since 2016, yet requires permission to an unbelievable amount of personal information. Users may not realise they are providing access to their contact list, name, photos, location, web browsing history, email address and much more. Interestingly, a 2015 Transparency Report published by Snapchat, showed the company willingly shared user data with law enforcement.


2.Words With Friends

The app ‘Words with Friends’ shot to stardom as the guilty pleasure for friends all over the globe to come together and show off their vocabulary skills. However, this app has a big security issue by asking permission for the users ‘precise location’. While your location is an important aspect of the app, this information is inadvertently used for market analysis and targeted advertising. Users have found themselves inundated with targeted advertisements whilst playing, which often caused their devices to freeze and crash.

3.Angry Birds
Introduced in 2009, the hugely successful mobile game, ‘Angry Birds’ has amassed more than 2 billion downloads to date. Despite its popularity, this app includes targeted ad libraries which access the user’s identity information such as phone call logs, signal, carrier, device ID and number. In fact, in 2014 Angry Birds poor security was successfully targeted by the National Security Agency (NSA) to obtain user information. Documents revealed the NSA collected user data and analysed it in comparison to their list of intelligence targets!

4.My Talking Tom
Parents, how many times have you downloaded a seemingly innocent app for your children? Many may have done so with ‘My Talking Tom’, the app described as a ‘security nightmare’ where children can adopt and care for a kitten. Shockingly, this app has 8 targeted ad librariesand requires your phone identity information. Most worrisome however, is the way in which it sends advertiser’s audio, likely of your children, from the microphone on the mobile device.

Top 3 Ways to Reduce Your Risk
  1. Always Read the Fine Print
    Before you press accept you must understand you will be providing your personal information to an unknown, third party. It is important to ask yourself if the information is logical and smart to provide for the app to function. For example, Snapchat’s newest update requires you to allow permission to your phones location services in order to use new filters. You need to ask yourself, is it really worth the risk just for a better photo?

    Outlined below are the main permissions to be wary of when downloading an app, as they are very easily abused!

    • GPS Location
    • Network-based Location
    • Wi-Fi State
    • Full Internet Access
    • Read Phone State and Identity
    • Automatically start at boot

    2.Regularly Check Your Settings
    It is important to regularly check your phone’s permission settings by simply going to the settings section on your device. Here, you can manually change the settings of each permission you do not want to provide. If you decide you no longer want the app, be aware that simply uninstalling it from your device is not enough. After uninstalling the app, ensure it is not still connected to other services such as Facebook.

    3.Use a Risk Identifying App
    Sounds pretty contradictory right? However, if you ensure to read the terms and conditions closely, many apps such as PrivacyHawk, can significantly reduce your risk of app hacking. PrivacyHawk can detect malware and viruses while conveniently ranking the most suspicious apps on your mobile device.

With 7 out of 10 apps sharing your personal data with third-party services it is clear to see why you should conduct a full evaluation of your current apps, their permissions and be wary in the future.

In 1996, Adobe introduced the ‘Flash Player plugin’, which ultimately shaped the very nature of the Internet as we know it today. Flash is a software that requires a plugin in order to be installed, which then allows animations, games and more to be displayed on the device. Introduced when the internet was in its infancy, the idea of website interactivity revolutionised the way people saw the Internet.

Shockingly, Adobe has revealed that, in collaboration with tech partners such as Microsoft, the Flash Player plugin is going to be completely phased out by 2020. Ceasing all updates and plugin distribution, Flash’s end, according to Adobe, is down to the fact that it is no longer necessary.

Top 4 Defining Moments of Flash

During its ‘golden era’ Flash was praised as an interesting and exciting way to experience advanced graphics, typography, animations and interactivity on the World Wide Web.

  1. Public backlash

In the early 2000s Flash started to face extreme public backlash and controversy, with critics mainly bashing the software’s usability, privacy and security. One of the biggest public critics of Flash was by Apple co-founder, Steve Jobs. Although Apple owned approximately 20% of Adobe over many years, Jobs blasted the software in a 2010 open letter citing Flash as having “one of the worst security records in 2009” and that Apple did not want to “reduce the reliability and security of our iPhones, iPods and iPads by adding Flash”.

  1. Usability

Flash has been heavily criticised for causing poor battery life in many devices. To achieve long battery life when playing video, mobile devices must decode the video in hardware, however Flash decodes data in software, which uses too much power. The modern user requires a mobile phone battery which is long-lasting, yet still able to keep up with their web demands. Flash simply drains mobile batteries leaving users frustrated and left without a phone prematurely.

  1. Security issues

Many users claim Flash has left their profiles vulnerable to security and privacy issues. In 2015, research found Adobe Flash to be the most frequently exploited product, with the plugin exposed to six of the top 10 security vulnerabilities. In a desperate attempt to manage the vast security issues associated with Flash, Adobe released an updated version in 2017, warning all users to update ‘immediately’.

  1. The Final Announcement

Flash has experienced a gradual demise, now seen as a replaceable, rather than ‘must-have’ technology. In 2010 Adobe experienced a 20% drop in shares, then announcing the following year that they would no longer develop the Flash plugin on mobile devices. Although Adobe has now announced Flash will no longer exist, they will continue to support websites using the plugin until 2010.

Open vs. Closed Formats

The Flash Player Plugin operated within a ‘proprietary’ or ‘closed’ format, maintained by Adobe itself. In comparison, an ‘open’ format occurs when content is stored, manipulated and maintained by a standards organization.

OASIS

Adobe has announced the recommendation to migrate all existing Flash content to new open formats. Unlike closed formats, open formats are not restricted by any copyrights, patents or trademarks. The Organisation for the Advancement of Structured Information Standards (OASIS) is the global non-profit organisation which oversees security standards, content technologies and emergency management, to name a few, within open formats. The majority of new software, such as HTML 5 discussed below, operates within open formats and are therefore strictly monitored by OASIS.

HTML 5

HTML 5 is the fifth and most current version of Hyper Text Markup Language, the code which structures and presents web pages. HTML 5 is made up of three main components, HTML itself, Cascading Style Sheets (CSS) and JavaScript. CSS is responsible for the presentation of the web page, while JavaScript enables interactive web effects come to life. HTML 5 offers an array of benefits over Adobe’s Flash including far greater efficiency and speed, particularly on mobile devices.

Used on 110 million websites and by 2.9 million customers worldwide,the ‘death’ of Flash is no reason for concern. New more secure, user friendly and safe open standards will bring an easier way to interact on the Internet, and we’re excited!

The National Broadband Network (NBN) is being systematically implemented throughout Australia over the next two years. This network will be rolled out alongside the existing ADSL broadband network in order to provide a faster and more efficient broadband service, with data showing the NBN is up to four times faster than the current broadband system.

Once available in your area, the NBN allows you to switch your internet from the current ADSL network to the NBN. The old network will then be scheduled for decommissioning, which takes approximately two years to be completely phased out. The installation of the NBN within Australia has propelled many businesses to reevaluate their current phone systems, after they discover their existing phone systems will not work. The NBN enables a more effective use of Voice over IP systems (VoIP), which send and receive calls via the internet rather than phone lines.

Businesses now require VoIP ready phone systems to ensure they will operate once the old network is decommissioned. We will outline exactly how phone systems work within the NBN, if your current phone system is compatible and if not, how to easily make the switch to a VoIP ready phone system.

The 2 types of phone systems

Traditional phone system 

Traditional phone systems (PABX) do not work through a wireless network, instead plugging into standard copper phone lines. Ultimately, when these copper lines are removed and replaced with NBN, these old  phone systems will cease to work.

Hosted phone system 

Hosted phone systems are often referred to as a ‘cloud based’ or ‘virtual’ phone system, in which a phone’s data, programming and features are stored in the cloud. These systems eliminate the need for a large PABX box, merely requiring quality internet to function efficiently, which the NBN provides. This system boasts easier installation, management, upgrading and maintenance.

Is my current phone system NBN compatible?

Digital vs analouge phones

Phone systems operating within the NBN use digital data only to send and receive multimedia messages, whereas the PABX phone system uses analogue data. As the NBN system is not compatible with analogue devices, many businesses encounter this as a significant issue.

Can my PABX phone system use the NBN?

There are ways in which a PABX phone can operate within the NBN. An IP card can be added to the phone system, which will then allow the phone to accept digital information. However, these cards can be incredibly expensive, costing up to $3000.

Benefits for your specific business 

Small & medium sized businesses 

Small to medium sized businesses are seen as a growing influence on the Australian economy. These businesses are essential, therefore should not underestimate the importance of a reliable and efficient phone system. The VoIP phone system offers customised and automated features to these businesses such as cafes and mid-sized offices. For example, if a call is unanswered, the caller is more likely to call back if they have received a customised message, such as providing business opening hours. These are some of the features a modern phone system can offer

Rapidly changing businesses

Businesses in rapidly changing and tangible environments would benefit from the highly efficient updates and management a modern phone system provides. For example, if your business requires a temporary office in a new location, calls can easily be made and automatically transferred between sites.

Multi-site locations 

Companies no longer place great emphasis on having one location to operate their business. However, multi-site locations mean employees and clients are geographically scattered, while still needing to be easily connected. A modern phone system easily connects staff within different locations to the one phone system, rather than purchasing a new one at each location change.

Top 4 features of an NBN ready phone system

Voicemail to email 

Voicemail messages can easily be transferred from the handset to an email account, increasing productivity and streamlining the call management process.

Call transfers

All staff connected to the NBN ready phone system can be easily transferred amongst each other, along with external phone and mobile numbers.

Auto attendant 

Any client or customer whose call is unanswered can instead be welcomed by an automated message directing them to the appropriate information based on their enquiry type.

Lower maintenance costs 

The management and maintenance of the NBN ready phone system is no longer the businesses responsibility. Instead, the service provider is responsible for technical support, freeing up time for your business to focus on more productive tasks.

How can I set up my modern phone system?

Updating to a modern phone system is essential to ensure your business is equipped with a reliable, easily accessed and efficient phone system. However, moving to a modern phone system is not an automatic process.

Here at Synapse IT Consultants, we offer tailored phone systems based on your business’ specific needs and are 3CX certified. If you would like to get your business setup with the NBN ready phone system, feel free to get in contact with us.

For decades, companies operated through ‘local’ storage and computing, whereby data and programs were stored on the computer’s hard drive.

More recently, technological developments and an overall increased trust in technology has seen the majority of businesses become ‘virtual companies’. Known as, ‘cloud computing’ this system works through the storage of computing resources over the internet, rather than a computer’s hard drive.

Initially introduced in the 1960’s, cloud computing has been hailed as the one stop service for companies to store their data. Although, cloud computing has long faced severe backlash regarding its level of security, expense and reliability. Despite this, we outline exactly what ‘cloud computing’ means, the different ways in which these systems work and the significant evidence they are on the rise.

The 3 different types of cloud systems  

Public cloud

A private cloud computing system is one owned and operated by a third-party service provider and services offered are generally ‘pay by the hour’. Importantly, a business’ hardware, software and supporting infrastructure is not fully overseen by the cloud provider. Instead, a level of self-management is required by your company. An incredibly popular public cloud system for business solutions is Microsoft Azure, an integrated collection of cloud services.

The first major cloud provider to adhere to the International Cloud Privacy Standard, Microsoft Azure offers predictive analytics and hybrid applications, which allow on premise applications to use the cloud services. Azure also decreases administration and data associated costs as you are merely paying for computer processing time, while hardware is overseen by the provider, freeing up time.

Private cloud

A private cloud provider is a ‘single-tenant environment’ in which computing resources of a single company or client are stored. A private system offers a customized and high level of security for the company, leading it to be the most popular cloud computing system.

The private cloud system has the highest popularity, mostly within mid to larger scale enterprises who must meet large-scale security and compliance requirements. For this reason, many businesses choose to employ a third-party service provider to host their private cloud. A significant downfall of private cloud systems however, is the need for infrastructure maintenance and initial set-up costs which become quite expensive.

Hybrid cloud

A hybrid cloud system combines the data within both public and private clouds, allowing information to be easily shared between the two. The main benefit of this system is the level of flexibility and customizable features available for a business. Interestingly, research shows around 80% of companies are considering transitioning to a hybrid cloud option.

Cloud spending is on the rise

According to the 2017 survey conducted by Clutch, a main benefit of cloud computing, as reported by users, was increased efficiency and profitability. Although initial costs of cloud computing can seem unnecessary, companies can in fact experience long-term cost reductions.

Once set up, vast amounts of money is no longer required to spend on non-core processes such as hardware and software, which quickly become outdated. This eliminates the fear of unexpected capital expenditure costs and allows a business to invest in more important processes.

In recent times, businesses have starkly shifted their perception of cloud computing, becoming far less sceptical and more inclined to invest money. Once considered a risky and illogical computing resource management option, businesses now see this system a necessary part of their processes. Evident in the statistics collected by Clutch, over two-thirds of businesses plan to increase their cloud computing spending in 2017, with 1 in 5 planning to increase their budget by more than 30%.

Increased trust in cloud security

Initially, many companies could not comprehend how an online system could safely store and monitor their valuable computing resources. The overall fear residing in the fact company administrators no longer had control over their data systems. Instead people were wary of the provider, who now took over such control, would be negligent and compromise their level of protection.Concerns were raised data would be left vulnerable and easily accessible to anyone in the world, mainly hackers. These concerns did have some merit, however, with early cloud providers failing to establish strict data access controls.

Nowadays, many companies identify security as a major benefit of cloud computing, showing an exponential decrease in scepticism and distrust. In 2017 the need for efficient security measures requires the utmost importance, therefore cloud providers heavily invest in ensuring customer data is safe, secure and protected by their measures. Outlined below the 3 biggest practices cloud providers have implemented to ensure the highest level of security.

Artificial intelligence

Artificial intelligence is used to scan and analyse cloud servers for potential threats. Machine learning algorithms are used to decipher between unusual activities and those which although appear unusual, actually pose no threat. Research shows approximately 1 in every 5 businesses currently operate within a cloud computing system which uses artificial intelligence.

Advanced data encryption

Advanced data encryption is the process in which data is automatically encoded before it is moved to the cloud storage system. This data requires an encryption key to decrypt the data in order to be accessed, in turn preventing unauthorized access.

Penetration testing

Cloud providers often conduct penetration testing to ensure security industry regulations and standards are upheld and a consistent visibility of data infrastructure is maintained. This testing involves cloud systems subject to tests looking for vulnerabilities that could leave a company’s information vulnerable to hackers.

Implementing your cloud system

Decide which system is best for your company

When deciding which cloud system is best for you, it is essential to decipher what the actual needs of your company are. For example, the needs of a small-mid sized business differ to that of a large scale enterprise. A great idea is to make use of the free trials many cloud providers offer before committing to making the switch.

Once your business needs are clear, an option is to hire an external consulting firm to implement your cloud strategy. This is extremely beneficial for companies who are not educated in navigating cloud computing. Although smaller companies may not see the benefit to this expense, an unforeseen issue can end up costing the business much more.

Understand shared responsibility

Many cloud services only control some components of a business’s computing system. Whilst arguably offering a superior data management service, it is important to understand cloud computing systems are a shared responsibility between provider and the company.

When putting your cloud computing system into place, ensure you properly understand the user agreement. This agreement will outline the roles and responsibilities of the service provider and allow you to see what you will need to monitor and manage within the cloud.

Cloud computing systems have come a long since their initial introduction to the world. Now considered a revolutionary and innovative way to store data, companies are making the virtual switch as a way to improve security and increase overall productivity.

Hailed the ‘Global Internet Forum to Counter Terrorism’, Facebook, YouTube, Microsoft and Twitter have joined forces to create a global forum fighting against the spread of online terrorist propaganda.

Shockingly, extremists have increasingly started to use internet platforms to spread their messages, attempt to radicalize users and inspire heinous acts. In a united attempt to stop this, each tech giant has pledged to make their platforms ‘hostile to terrorists and violent extremists’.

Fighting terrorism within online social media platforms is not an easy task. Previously left to government and supranational officials, tech firms now share the responsibility of determining what constitutes terrorist propaganda, while upholding the freedom of expression and respecting users’ privacy.

With Twitter suspending over 350,000 accounts associated with terrorism propaganda between 2015-16, it is obvious the world’s leading tech giants have considerable power and arguably a duty, to fight new-age terrorism and they certainly plan to do so.

A collaborative effort

The leading tech companies joining forces have not only partnered with each other but also with civil society groups, academics, governments and supranational bodies such as the United Nations. Arguably one of the most important collaborations, however, is that with smaller tech companies who can influence considerable change through the development of new technology and processes.

Collaborations are not, however, limited to high ranking professionals and bodies. Google, for example, has introduced the ‘YouTube Heroes’ scheme in which everyday users are encouraged to report inappropriate content, who in turn, receive a reward. This is an important element to counter-terrorism as although technology contributes enormously, human eye is still incredibly necessary.

The importance of knowledge sharing

Rather than combating online terrorism autonomously, these tech giants have created a shared industry knowledge database. This database is made up of ‘hashes’, posts which have a unique digital fingerprint and can be shared within the database after it has been removed from a site. Having shared access to valuable information enables the other tech giants to more readily identify similar extremist content and quickly remove it for their sites also.

Major Technological Solutions

Algorithms

Facebook and Google now monitor extremist content through the use of algorithms. These are essentially a mathematical equation to monitor and predict if terrorist attacks are likely based on specific content. Terrorism is a major source of news for media outlets around the world. Therefore, it is important these platforms have processes in which real news stories can be distinguished between propaganda.

Another pressing issue is the prevalence of previously shut-down users creating numerous new accounts. This technology can also autonomously block repeat offenders who attempt to do so, and between harmful content and genuine news articles.

Artificial intelligence

The use of artificial intelligence (AI) has been incredibly successful in the automatic detection of extremist propaganda including language, images and phrases. Whether identifying lone individuals or groups, AI can identify specific language, images, audio and video previously used by propagandists and feed these into a ‘machine learning system’.

This machine can, over time, learn to detect the same or similar harmful content and remove it swiftly. This technology has been incredibly effective, so far responsible for sourcing approximately 50% of removed content.

Ad-redirection

YouTube recently partnered with ‘Jigsaw’, the company who introduced the ‘Redirect Method’.  In this scheme,  the most vulnerable and at risk of radicalization users are redirected to anti extremist advertisements. The point of difference of the ‘Redirect Method’ lays in the specific target of users who are actively seeking to view terrorism-related content.

In the first eight weeks of this initiative, over 320,000 individuals were reached and to date over 500,000 minutes worth of video has been viewed.

Research conducted in 2016, has revealed social media essentially acts as a terrorist recruitment platform aimed towards vulnerable supporters and sympathizers. Exposure to online content such as propagandist images and videos to simple online conversations can evolve into serious acts of terrorism.

In the past, tech moguls largely relied on users to identify offensive content, including extremist activity.  Now, however, the increased use of modernised technology proves a hopeful answer to decrease the ways terrorists can spread their dangerous propaganda.

The ‘chronic failure’ to use secure passwords has grown increasingly concerning for individuals and companies alike. Password hacking software now enables passwords, thought to be safe, to be unscrambled within seconds.

We have compiled the top reasons why implementing a complex password policy is vital for your protection and exactly how to put it in place.

The most common passwords

According to Keeper Security the most common passwords of 2016 included ‘123456’, ‘qwerty’ and ‘password’, while approximately 50 per cent of people use the top 25 most common passwords. Shockingly, data reveals this list has remained relatively unchanged over the years, showing user understanding on the importance of complex password policies remaining limited.

The two main types of hackers

Although hackers differ in the methods they use to access your personal information, you can definitely educate yourself about the two main types of hackers.

Opportunistic

The motivation behind opportunistic hackers often lies behind simple boredom and the quest for notoriety, rather than a fixed goal. Such hackers often target a large group of people, adopt simple and well known hacking methods, yet make little attempt to conceal their actions. Trustware revealed the main warning signs you are being targeted by an opportunistic hacker include ‘missed delivery’ spam and phishing emails.

Planned

Planned security attacks, however are targeted attacks on a specific organisation or person. These attackers use modern and sophisticated hacking methods to cause damage and steal valuable data. Planned hackers go to great lengths and time to conceal their actions and are often experienced individuals who are motivated by high monetary gain. How do you know if you’re being targeted by a planned hacker? These individuals often call up companies imitating a specific person affiliated with the company and requesting information.

The 4 most common hacking methods

Brute-force attack

Brute-force attacks use automatic computer programs to decrypt files by calculating every password combination possible, at an incredibly fast rate, until correct. Used against any type of encryption, as updated and faster computer hardware becomes available, these attacks become more efficient and successful.

Dictionary crack

A dictionary attack occurs when a large list of words are entered into a software program in an attempt to generate a password. These attacks are incredibly popular as individuals and companies leave themselves vulnerable by choosing weak and common words as passwords. These attacks also occur through email spamming techniques whereby large amounts of emails are automatically generated and sent to random addresses in the attempt to spontaneously reach real email addresses.

Phishing

Seemingly obvious to avoid, phishing attacks are incredibly common whereby hackers simply ask users for their passwords. This most commonly occurs through emails claiming to be online banking requiring you to login and provide information. Banks will under no circumstances require you to provide such details over email, yet many unsuspecting individuals often fall trap to this hacking method.

Social engineering

An extension of phishing, social engineering occurs externally to online methods. In these cases, hackers actually call or come face to face with users, while impersonating someone affiliated with the business. The most common impersonation is that of an IT security tech, who calls the business and claims to need passwords to alleviate a security issue.

Most important things to include in your password policy

Due to the enormous security threats associated with a poor password, it is clear a company’s best interest is to implement a complex password policy. Although it would be ideal if website operators enforced basic password complexity policies, research shows the majority fail to do so. Therefore, the ultimate responsibility lies within the user to protect themselves with a secure password.

Create a strong password

The passwords most resistant to hacking are those made up of a mix of numerical, uppercase, lowercase and special characters, opposed to common words and simple number sequences. These passwords are incredibly effective against dictionary attacks as they are not common words and considerably slow down the efficiency of brute-force attacks. For example, create a password out of a complex sentence, which can even be about yourself! “I am 30 and work in IT’ can be translated to ‘Ia30awiIT’. This is considerably safer than your name and your profession.

Two-factor authentication

Ensure login processes include this multi factor authentication, which requires not only a password but another external piece of information that can only be accessed by the correct user, such as a phone number.

Different passwords for logins

Many companies require numerous passwords to access a vast array of different platforms. In this case, it is imperative each password is different to one another and do not vary in levels of complexity. In this case, if one password is compromised the others remain safe and protected.

How to remember your safe password

Now you’ve got your strong and unique password (potentially numerous of them!), you might be worried about how you’re going to keep track of them. Fortunately, there are many password manager platforms available, such as IPassword, which easily store your passwords and provide access with a simple click.

Here at Synapse IT, we can work with your business to create organizational group policies for password management. These policies enforce systems and rules to using strong passwords and will add a significant layer of protection for your company. If you would like further information regarding us, feel free to contact us!

Weak, predictable and common passwords leave your financial and private information vulnerable to hacking. It is essential that businesses and individuals alike enforce mandatory strong password policies, based on the information we’ve provided to significantly reduce the risk password hacking.

Many small to medium sized Australian businesses have, or are looking at introducing, a set of Bring Your Own Device (BYOD) policies for employees.

With the widespread popularity of smartphones, tablets and iPads, it seems to make good sense to allow employees to use these personal devices for work purposes. In fact, over 74% of organisations either already have a BYOD policy in place, or plan to have one in the future.

Before simply allowing employees to start using their own devices to complete work, businesses need to consider a number of different variables, including their own IT networking capabilities and security solutions.

If your business is thinking about implementing a BYOD policy, it’s worth weighing up both the benefits and costs, and determining what you should include in your policy.

Benefits:

Productivity

One of the major benefits of BYOD is that employees get to use hardware that they are familiar with and comfortable using. Rather than forcing them to use a new device, for which they may need training, employees can hit the ground running with their own mobile devices. Studies have also shown that by giving employees the freedom to use their own devices, employees generally see a rise in satisfaction, which in turn boosts productivity.

Reduced Costs

BYOD is gaining popularity with IT firms because it shifts hardware budgets away from the business and onto the employee. Rather than having to purchase new workplace phones and laptops for all employees, employees supply their own devices and usually pay all, or at least some of the associated services.

Up-to-Date Devices

When compared to traditional business technology cycles, BYOD devices are often upgraded more regularly, due to employee interest in having the most cutting-edge hardware available. Of course, this means that companies also benefit from the latest features, and the capability of working with modern software packages.

BYOD is Seen as a Job Benefit

BYOD programs are a great recruitment and retention tool, as potential candidates will be keen to work for a company that allows them to use devices they are already familiar with. Many professionals view BYOD as a perk,  where it shows that your business is progressive and technically enabled.

The Security Risk:

While a BYOD policy can save your business money and boost productivity, the primary concern for all IT decision makers is whether BYOD introduces more vulnerabilities into the business.

If you allow employees to utilise BYOD in the workplace, you may experience security risks associated with:

Lack of Firewall or Anti-virus Software

People are often careless or uninformed about the apps they download and install. With a personally owned device, businesses have less control on the kind of software being accessed and security protocols being employed. This leaves devices more vulnerable to malware and other malicious activity which could cause havoc to your business system.

Lost or Stolen Devices

If devices with company data are misplaced or stolen, third-party individuals may be able to gain access to confidential business information – especially if the device isn’t secured with passwords or encryption.

Accessing Unsecured Wi-Fi

Since employees will mostly be using their devices outside of the workplace, there is a chance they will access unsecured Wi-Fi networks. Whether an employee uses unsecured Wi-Fi connections at airports, coffee shops, stores, or even their own home, hackers can connect to the same networks and eavesdrop on emails or copy passwords as they pass over the network.

People Leaving the Company

If employees leave the company abruptly, you may not have time to wipe devices clean of company information and passwords.

This can cause real issues if an employee leaves the company but still has corporate data contained on their personal device. Information left on an ex-employee’s device could easily be accidentally or deliberately leaked, which could lead to serious business ramifications.

Reducing Risks and Maximising Benefits:

BYOD policies are best developed after a software solution has been determined, as the software solution will greatly impact how you manage BYOD in your company. Formal BYOD policies coupled with the functionality of cloud-based services allow for a low-cost and balanced solution so that small and medium-sized businesses can maximise the benefits of employees using their own devices while still safeguarding  company data.

Here are some elements which should be included in your company BYOD policy:

Educate Employees About Safe Usage

Human error is the cause of most security breaches, so educating employees about the mistakes to avoid, is one of the best ways to make the network safer.

Employees need to be across ‘best practice’ when it comes to data security. Train your staff on how to use their devices safely, how to avoid traps set by scammers, and what they should do if their device is lost or stolen.

Require Use of the Company VPN

The best way to protect company data from interception by other network users is to encrypt it, using a company VPN.

A virtual private network (VPN) ensures end-to-end security, even over unsecured networks, where all data is encrypted and protected from other users.

Put Reasonable Restrictions on Devices and Operating Systems

BYOD is cost efficient for businesses as it eliminates the need to purchase any new hardware for employees. While this may be the case, employers should put restrictions in place regarding the age of devices and operating systems

Not only are old operating systems extremely slow, but they are most likely to be incompatible with new software, and more vulnerable to security risks.

Enact a Strong Password Policy

Passwords are the first line of defence when your device falls into the wrong hands. Despite years of being told we should have strong and unique passwords, people are still using predictable patterns to secure access to confidential personal and business information.

Easily guessed passwords are a major source of breaches, so enacting a strong password policy is vital in ensuring data stays protected.

Demand Device Encryption

Proactive encryption measures are required in organisations that enable employees to use the same device for non-work and work-related purposes to remove business risk.

Encryption provides one of the most robust defences against security breaches between different networks and should be implemented across all BYOD devices.

Prepare for Departing Employees

Traditionally, when an employee leaves the company, the data and information remains with the company, where the employee will no longer have access once they have left.

Unfortunately in a BYOD environment, employees do not hand over their devices when they leave.  Instead businesses need to prepare and run through a series of procedures for cutting off employees’ access to the company network, business email accounts and other company programs and files which they can access from their personal device.

Set Parameters for Data Access

BYOD is definitely one area where information should be treated on a ‘need to know’ basis. Before rolling out your BYOD policy, decide who in your business needs to access company files and applications, what information they should be allowed to access and from what devices.

The more information an employee has access to, the more data a thief or finder of a lost device can wreak havoc with. So segregating data where necessary, making use of encryption technology and implementing procedures that enable data to be wiped out remotely are all crucial in safeguarding company data.

While there are security risks associated with BYOD practices, most employees are going to use their own devices for business purposes whether you like it or not. The key to an effective BYOD strategy is to educate employees and enforce policies and procedures to safeguard company data. When implemented correctly, BYOD can increase productivity, boost employee morale and cut costs.

In late May, Microsoft launched its latest Surface Pro, its first upgrade to the company’s popular line of hybrid PCs since October 2015.

While the Surface Pro’s specs have been upgraded across the board, including the newest 7th-generation Intel processors, many of the changes to the Surface Pro are minor, with the most notable upgrade being improved battery life.

Here’s a look at all of the changes to the Surface Pro:

Improved battery life:

Microsoft claim that the new Surface Pro can get up to 13.5 hours of battery, 4.5 hours more than they had promised for the Surface Pro 4.

New Surface Pen:   

Perhaps one of the most dramatic changes to the new Surface Pro is the new Surface Pen. According to Microsoft, the new accessory is four times as pressure-sensitive as the old model, and lets you put it flat on its side to shade like a pencil.

While the new pen is likely to benefit artists more than the typical PC buyer, unlike previous models where the Surface Pen was included, the new Surface pen will set you back approx. $130.

New Type Cover:

Along with a new Surface Pen, Microsoft has released a new Type Cover keyboard. While it looks almost identical to those made for the Surface Pro 4, Microsoft says the new keyboard is better and more responsive than ever. The new type covers can work with older models, and also come in a range of colours including red, blue and silver.

As with previous models, the keyboard is sold separately and will cost upwards of $180. The good news is that if you’re an existing Surface Pro 4 owner, your existing Type Cover and Surface Pen will work with the new Surface Pro without any issues.

Design:

While the corners are slightly more curved, the Surface Pro looks and feels very similar to its predecessor.  The new Surface Pro is a little thinner and lighter, at 8.5 millimetres of thickness and weight starting at 766 grams with a 12.3-inch screen.

The main difference is that you can push the kickstand on the back of the new Surface Pro much further. Microsoft says this model can now lean back as far as 165 degrees.

The two-entry level models are fanless:

Compared to previous models, the new Surface Pro should be much quieter than before. Surface Pro m3 and i5 models feature a new fanless cooling system, plus improved hybrid cooling on the i7 model, so you can work or stream your favourite shows in peace.

The chipset has gotten the expected upgrade:

As experts predicted, the Surface Pro has jumped from the 6thgeneration Intel Core chips (Skylake) on the Surface Pro 4, to the 7thgeneration Intel Core chips (Kaby Lake). The new Kaby Lake CPUs have enabled a true instant-on experience for the Surface Pro, meaning the device should turn on as soon as you touch the power button with minimal delay, much like a mobile device would be expected to.

The Verdict

The New Surface Pro may not be worthy of the name ‘Surface Pro 5’, but it is a practical and worthwhile update for Surface Pro 3 owners or Windows users looking for a flexible hybrid device.  If you use your Surface Pro for creating art, the Surface Pro’s upgraded stylus and more flexible hinge will be beneficial. However, If you have a Surface Pro 4 that’s still operating as it should be, there’s little that immediately screams “drop everything and buy me.”

The Surface Pro starts at AU$1,199.00 incl. GST and can be pre-ordered now.