IT Business Strategy – What does good look like?

When it comes to business development, it is easy to look for short-term fixes and realize that things aren’t working out the way you want it. What if we told you that your IT can help you change your business’s success?

Information Technology is continuing to challenge the way companies organize their business processes. Establishing new ways to communicate with current and potential customers and deliver their services. Simply put, Information Technology enables business, and business drives IT.

The Alignment of IT & Business Strategy

As businesses rely on a comprehensive technology plan to meet business goals, without aligning the two strategies companies may spend too much on technology without ever solving the business challenges they face.

While there is no standard way to align both strategies successfully, it is best to break them down into sub-processes to review against industry best practices. By doing so, we can effectively identify key factors needed to improve:

  • business functionality,
  • make more profit,
  • and see better ROI,

in order to hit their goals with less effort. Therefore, aligning technology and business strategies can improve agility and operational efficiencies.

Business Strategy meets Best Practice

Best Practice is defined as:

A method that has consistently shown results superior to those achieved with other means. Used as a benchmark, a “best” practice can evolve to become better as improvements are discovered.”

An IT Best Practice Review is able to reduce the cumbersome processes by identifying what is important to your business. Reviews can vary greatly, depending on context. What matters to a company of 500 staff does not necessarily apply to a typical SMB. We understand this from the 500+ businesses we have been fortunate to have done business with.

It will highlight areas your business is doing well, as well as what areas could be improved; such as any risks, or potentially useful technologies or processes. This process will also include recommendations moving forward, so you know the cost implications of identified issues.

In order better understanding of ‘What Good Looks Like’ for your business, don’t hesitate to contact one of our Client Relation Managers on 1300 705 062 for more information.

Security, MFA, and the Impact of the End-User

One of the biggest liabilities to a company’s security starts at the frontline – surprisingly not with your IT, but your employees. It is reported that 99 percent of cloud security failures will be caused by human error or behavior. It is vital to recognize the importance of protecting company data by educating your frontline.

As a Managed Services provider, we are here to help you along your path of learning to be security conscious. It is important for us today to cover key tips for known issues should you run into them.

User Access & Device Security

The ability to work remotely has increased more and more due to COVID-19 and the flexible culture shift, providing even more points of access that need to be protected. Hackers do not solely target desktops, laptops and PCs, they can also access your data via your tablet, smartphones as well as other mobile devices. Companies can no longer rely upon an employee being physically on the same network as a security factor.

  • Secure non-domain joined devices connecting to your company network and data by using MFA Authentication and VPN Settings. As businesses move their data to a cloud environment that can be accessed anytime and from any place, MFA can ensure your personal and financial information has a second layer of defence outside of your company network. Employees also need to be wary of network connections they decide to use working remotely. At public places with WIFI or hotspot access, there is always a risk of tapped networks. Control the data exchange over your network by encouraging employees to use only trusted network connections. If in doubt, have a VPN installed for your remote uses to connect to your network.
  • Never approve a MFA Authorization Request that you did not prompt for. Treat your Microsoft or Google Authentication App as the gateway to all your personal and company data. If a ‘MFA Approval Request’ has been prompted and you did not request it, MFA is doing its job and someone else is trying to access your data. Deny or decline the request!
  • Lock your device before you leave your desk. Sadly, security threats are not confined to just cyber attacks. Stop people accessing your information when you’re away from you desk.
    • Windows: Hold the Windows key and press the ‘L’ key.
    • Mac: Press Control + Shift + Eject (or Power key) at the same time.
  • Never use obvious information to set up passwords, use a ‘passphrase’ instead. Please read our article ‘What are Passphrase Passwords?‘ for more information.

Social Engineering Attacks and Phishing

Social engineering attacks rely on unsuspecting users to bypass security protocols in order to access valuable data and resources. Firewalls, email filters and malware protection software are some of the key tools used to help secure data being transferred over network. These tools however won’t fix user-caused security issues, that’s where user training comes in.

7 signs to check if you’re being ‘phished’:
  1. “From” line – Ever seen an email from someone you thought you knew and then was like “Oh, you’re not my friend Mandy…”. Hackers know you’re more likely to trust an email from someone you know. Always pay close attention to the sender email address.
    • Example: peter@abtechnologies.com.au vs peter@abtechnologes.com.au. The second email address is missing the “i” to appear legitimate.
  2. “To” line – Check if the email you’ve received has additional unknown people also attached. Hackers try to target as many people as they can.
  3. Hyperlinks – Check if the embedded link matches what the text relays by hovering over it before you click. Only click links from a trusted sources.
  4. Time – Do you usually receive an invoice from an accounts department around 2am? Always pay attention to what time you have received emails, especially around the holiday season. Hackers are out to get your financial information increasingly during these times.
  5. Attachments – In addition to checking the time of emails, do not open attachments that you’re not expecting. These may contain some sort of virus or malware to compromise your system’s security.
  6. Subject – Have you won a $1 million dollars recently? Or possibly an invoice that needs urgent payment now? Hackers try to real you in with various tactics that alert you to take action immediately. If ever in doubt, validate the source of the email with a phone call before you take any action further.
  7. Content – Again, hackers try to real you in with various tactics that alert you to take action immediately. Never provide personal details without validating the source first.

Don’t click! If you believe that you’re being phished, inform your MSP or IT Team via our support channels!

Microsoft Inspire Banner

Pandemic pushes the importance of cloud technologies

Microsoft Inspire, an annual Microsoft Partner Conference for the first time in history, was showcased virtually this year allowing partners from around the world to join.

Partners heard from various inspirational keynote speakers, along with executives taking point on the subject of the changing business and consumer landscape as an effect of the ongoing COVID-19 pandemic.

Gavriella Schuster – Corporate Vice President of Microsoft, in her opening keynote announced the four key areas which are Microsoft’s key focus for FY21, impacting organizations in a post-COVID world:

  • Enabling remote work
  • Business continuity
  • Security
  • Cloud Migrations

Many of the product announcements and future roadmaps at Microsoft Inspire 2020 centered around the theme of making remote work more accessible, “the full value of Microsoft 365 as a secure, remote work collaboration solution” Gavriella said.

Here are some of the main headlines and and product announcements.

The future of Remote Work for Partners

Part of the new “remote everything” movement, Microsoft announced that it’s focus would be on:

  • Empowering employees,
  • Optimizing operations,
  • Transforming products,
  • and Customer Engagement.

What was first considered to be a temporary solution, has now become a permanent shift in the way businesses will operate post COVID-19. By empowering their end customers with new modes of working and building resiliency and rebuild businesses. Delivering more cloud-based enhancements like Windows Virtual Desktop, Microsoft Teams, and Power Platform solutions.

The new face of Microsoft 365 – Microsoft Teams

Microsoft Teams, this year’s ‘game changer’ mentioned through the event was established as the new ‘remote work ecosystem’. Uniting communication and collaboration between employees through one platform.

As partners began the transition around empowering employees through these solutions, security concerns were addressed as data is transferred between digital locations.

“We are helping customers meet compliance requirements and protect their most sensitive information. The new Endpoint Data Loss Prevention in Microsoft 365 helps organizations identify and protect sensitive information across all their endpoints,”

Satya Nadella, Microsoft CEO

Microsoft Inspire 2020 – Product Announcements

Business Applications Announcement

  • Microsoft released a pre-built Power Platform solution that will help customers prioritize health, security, safety and streamline the process of returning employees to the workplace.

Microsoft 365 and Teams updates

  • Power BI personal app for Microsoft Teams – a centralized hub for data visualization and accessibility.
  • Microsoft Lists – a new Microsoft 365 app that facilitates easy information tracking and organization of works. Available in Microsoft Teams by Mid-August.
  • New capabilities in Microsoft Teams to support the first-line workers.

Azure Updates and announcements

  • New multi-factor authentication and Privileged Identity Management support in Azure Lighthouse.
  • Launch of the latest member of Microsoft’s hybrid portfolio – the next generation of Azure Stack HCI. It is the fastest and easiest way to integrate existing datacentres with cloud.
  • New Azure Migrate enhancements to enable customers to conduct richer datacentre assessments.

Dynamics 365

  • Dynamics 365 Customer Voice capability to offer out-of-the-box integration with everyday applications.
  • Preview of Dynamic 365 Connected Store – the AI tool that uses intelligent edge devices like video data and IoT sensor data to deliver triggered alerts and actionable recommendations.
  • General availability of Dynamics 365 Fraud Protection with new capabilities like Account Protection and Loss Prevention.

Extended Meeting Capabilities with Teams Apps

Microsoft is excited to announce new meetings extensibility points that will enable project services like us to expand the Teams meeting experience. With this new capability, developers will be able to build apps or integrate their existing ones within the meeting surface and provide a richer collaboration experiences for users across the entire meeting lifecycle – covering events and actions from before, during, and after a meeting. These new extensibility points will be available soon for preview over coming weeks.

Empowering solution services with new meetings surfaces
Until recently, developers could integrate Teams apps within the constructs of channels, 1:1 chats, and group chats – but not meetings. Now, these new meetings extensibility points provide an opportunity to enable their apps within the scope of a meeting as tabs, in new surface areas like the app panel, through in-meeting app signals for notifications, and access to critical APIs to enable powerful app experiences. Developers will be able to enable these capabilities by configuring Teams app to be available in meeting scope within their app manifest.

Enabling richer collaboration experiences across the meetings lifecycle
Microsoft Teams is the hub for teamwork and with these new meetings extensibility points, developers will be able to enable richer collaboration experiences across the meetings lifecycle. End users will enjoy an enhanced end-to-end meetings experience as they go from scheduling the meeting to attending the meeting to collaborate with meeting attendees after. Below are a few examples of the possibilities with these extensibilities.

Before meeting experiences
Users will be able to add Teams apps during meeting set up. Through the “roles” API, technicians will be able to configure the apps to tailor the experience based on the user’s role/persona (e.g., presenter, attendee, guest, anonymous).

before meeting experiences.png

During meeting experiences
Developers will be able to design how the Teams app uses the app panel (right pane) within a meeting. They can build experiences integrating tools such as adaptive cards, HTML, and other platform capabilities to create an engaging surface for users to interact with. Again, technicians can configure how the apps will behave based on the specific roles/personas in the meeting. The apps themselves will be visible from the meeting tool bar to host tabs.

during meeting experiences.png

Another capability that clients will be able to take advantage of are through in-meeting notifications (content bubbles), where the app will be able to surface important content to the users based on their role/persona.

during meeting experiences2.png

After meeting experience
The benefit of these new meetings extensibility points is that, like today, end users will have benefit of having their apps persist within this meetings surface to continue to use and draw back upon for further collaboration.

after meeting experiences.png

Consistent level of administrative controls and management
While these new extensibility points provide new sets of capabilities, developers can remain confident and leverage their existing toolset to manage Teams apps that integrate in meetings. We’ll be able to continue to have the same controls, tools, and policies to ensure enterprise grade security, manageability, and trust.

Unlocking meetings scenarios together with Microsoft Partners
Meetings extensibility has been a highly requested from both MSP Clients and Managed Service Partners for good reason. There are numerous scenarios across lines of business, industries, and competencies where these extensibility points will unlock opportunities to enhance collaboration and productivity. We’re excited to announce that several of Microsoft’s key partners, including Polly, Open Agora, Miro, iCIMS, and HireVue are integrating these new capabilities in their Teams apps at the time of our anticipated general availability launch later this year – unlocking new scenarios and experiences for Teams users to interact with their apps across the meeting lifecycle.

polly and open agora.png

Polly and Open Agora are apps that allow users to create and distribute polls and surveys to gather data easily for real-time insight and analysis. With the new meetings extensibility points, these partners will be able to build more integrated polling/surveying experiences directly within the scope of meetings.

mirro.png

Miro provides users a virtual whiteboard for visual brainstorming and organization. With the new meetings extensibility points, users will be able to enable these apps across the entire meetings lifecycle for whiteboarding before, during, and after meetings.

icims and hirevue.png

iCIMS and HireVue are talent acquisition and interviewing platforms that provide organizations end-to-end recruiting, interviewing, and hiring solutions. With the new meetings extensibility points, users using these Teams apps will be able streamline and enrich the candidate hiring experience, such as entering interview feedback directly while facilitating virtual interviews.

Design, build, and expand new meeting experiences
Microsoft are excited to provide partners these new meeting extensibility points. As Microsoft roll out the developer preview over the coming weeks, Microsoft invite us to begin integrating your apps with these new extensibility capabilities and look forward to collecting your feedback to help us improve. General availability is expected later this year.

The ‘Flexible’ Culture Shift

In recent years, flexible working conditions are becoming increasingly popular, and with COVID-19 causing businesses to assess new strategies and processes to maintain the frontline, the emphasis to move to a modern workplace has only been accelerated.

Understandably, some business owners may fear that this shift in culture may lead to less collaborative work, or hinder business processes with the struggle to manage staff remotely. However, what many business owners fail to realize is that creating a tailored approach to providing a flexible work environment has many benefits moving forward.

Learn from the experts

In 2016, Vodafone conducted one of the largest global surveys of its kind, which drew on responses from small and medium-sized businesses, public sector organizations and multinational corporations within three continents. From the 8,000 employers and employees surveyed, 83% of respondents reported an improvement in productivity, with 61% stating their company’s profits had increased, and 58% believing that the flexible working policies had an enhanced positive impact on their organizations reputation.

“Vodafone’s research reveals a profound and rapid shift in the modern workplace. Employers are telling us that flexible working boosts profits while their employees tell us they’re more productive. Central to all of this are the new technologies that are reshaping every sector, from high-speed mobile data networks and fixed-line broadband to the latest collaborative cloud services. We truly are in an era when work is what you do, not where you go.”

Nick Jeffery, Vodafone Group Enterprise Chief Executive: <https://www.vodafone.com/business/news-and-insights/press-release/vodafone-survey-reveals-rapid-adoption-of-flexible-working>

Benefits to a flexible work environment

With greater flexibility for employees, there is a positive flow-on affect for both the employee and the employer.

  • Greater flexibility equals happier employees, enabling a greater work-life balance, and ability to engage in activities that contribute to their personal growth and professional development. 
  • Greater employee engagement at the workplace, thereby increasing productivity and decreasing absenteeism.
  • Boost the business’s bottom-line by increasing staff retention. Studies show that replacing an employee earning a median salary of $45,000 a year could cost up to $15,000.
  • A business completive advantage, with an increasing number of workers prioritizing flexibility over higher invoice, with the ability to hire highly-talented staff that may not normally be accessible.

Adopting a business intelligent strategy

Moving to incorporate a flexible work policy may seem overwhelming, however with the right tools and technology in place will ensure that business continues to run smoothly.

  • Adopt Modern Technologies: Leverage technologies that encourage teamwork and streamline business processes; such as project management systems, Microsoft PowerBi, and Microsoft Teams. Cloud-based systems and collaborative software provide new platforms for analytical insights, drive competitiveness, and business growth.
  • Modern Workplace Training: Employees aren’t necessarily familiar with how to work in a remote environment efficiently. Through adequate training, communication and teamwork will be done with ease using through virtual cloud-based platforms.
  • Communicate, Communicate, Communicate! It is important to schedule weekly or daily team meetings virtually to ensure staff feel connected and reduce email dialogue. Make it an essential part of your daily culture.
  • Consistency is key. Create a culture and work environment based off of trust and respect. Ensure that the flexible work policies have been made clear, and available to all employees to benefit from.

Looking to join the movement? Book some time with one of our consultants and see how we can help your employees and your business adapt to the change.

Citation: Karum, Louise. Why SMEs Should Embrace The Flexi-Time Movement. Entrepreneur, 2018.

Outlook VS CodeTwo Signatures

Signature Roaming for Office 365

Microsoft have announced changes to the way Outlook stores email signatures expected in Q4 of this year.  As there is a lot of inaccurate information out there, we’ll explain the update and how it compares to third-party email signatures like CodeTwo.

What are the current changes to Outlook stored email signatures?

Email signatures in Outlook for Windows now roam across devices. Traditionally, signatures were stored locally on your Windows device, and users had to recreate the signature on each device used.

The roaming signatures feature will be available to users with mailboxes on Microsoft 365 or Outlook.com. Accounts hosted on on-premises exchange servers, or utilizing POP/IMAP will not be able to roam their signatures at this time. 

What are CodeTwo Email Signatures for Office 365?

This service allows admins to centrally create, deploy and manage email signatures and disclaimers for all users in an organization. In the video below, you can see how difficult this task can be if it is handled by users themselves.

Microsoft 365 admins with provided permissions can use the Manage Signatures App to set up unified signature templates without engaging staff. The app helps create signature templates and rules that specify who and when these templates should be added to emails.

Comparison of Outlook roaming signatures and CodeTwo Email Signatures for Office 365

The new feature changes nothing for companies that use third-party email signature tools because these tools address completely different problems. Take a look at the table below to compare native signature cloud settings in Outlook with CodeTwo’s email signature solution.

 CodeTwo Email Signatures for Office 365Native signature cloud settings in Microsoft Outlook
Will save Outlook signatures in the cloud, like Outlook on the web (OWA), and accessible on all Windows-based PCs
Works with mobile devices and other email clients
Central email signature management for the entire company or selected groups of users
Support for all email clients and devices (including mobiles)
Setting up different signatures for internal and external emails
Signatures inserted automatically based on rules
Email signatures in encrypted messages
Azure Active Directory synchronization (user info automatically added to signatures)
Scheduling email signature campaigns
Delegation of email signature design and management to specific people or teams
Unified visual identity across the entire company
Automatic conversion of plain text emails to the HTML format (signatures in emails sent by mobile devices look the same as those sent from PCs)
Signature editing blocked for all/selected users
One-click customer satisfaction surveys in email signatures
Signatures added/removed by specific keywords in the email body

We hope this article has helped to answer some of your questions regarding your businesses’ email signatures. If you would like to express interest in moving to an Email Signature Management tool like CodeTwo, or request more information on the article, please don’t hesitate to contact us.

Password Lock

What are Passphrase Passwords?

Whether you are accessing emails on your smartphone or documents on your work PC, you will typically be asked to prove who you are by providing credentials. Passwords can be hard to remember but then again, a password that lacks complexity can quickly become a weak gateway allowing an unauthorized person to read your emails and compromise your identity. To improve your security and reduce risk we recommend using a phrase or sentence, not one word, as your password​.

What is brute force cracking?

The challenge we face in an evolving digital world is that there are developers out there creating sophisticated and effective methods to brute force passwords. This cyberattack method is basically the activity of systematically submitting millions of character combinations in an attempt to work out the key (or encryption algorithm) to decrypt and gain access into your system. There are, however, things you can do to strengthen the complexity of your password.

What makes ‘passphrases’ stronger than normal passwords is not only are they unique and easier to remember, but the longer and more complex the passphrase the better.

Let’s do a quick ‘What? Why? And Where?’:

What is a Passphrase? – Using a phrase or sentence, not one word, as your password.

A passphrase is similar to a password. It is used to verify access to a computer system, program or service. Instead of using one word, you use a sentence to authenticate.

Passphrases are most effective when they are:

  • Unique – not a famous phrase or lyric, and not re-used
  • Longer – phrases are generally longer than words
  • Complex – naturally occurring in a sentence with uppercase, symbols and punctuation
  • Easy to remember – saves you being locked out
  • Used with multi-factor authentication.

Why use a Passphrase? – Greater security & more convenience.

  • Harder to crack against common password attacks
  • Easier to remember than random characters
  • Meets password requirements easily – upper and lower-case lettering, symbols and punctuation

Where do I use Passphrases? – For all fixed and mobile devices.

Passphrases will significantly increase security across all of your business’ devices.

The below comparison chart is a security breakdown of Passwords vs Passphrases, and how much it costs on the dark web to break through its security.

PASSWORD/ PASSPHRASE TIME TO CRACK EASY TO REMEMBER COMMENTS
Brute Force Attack Dictionary Attack
password123 Instantly Less than AU$0.01 Instantly Less than AU$0.01 Very Easy (too easy) One of the most commonly used passwords on the planet.
Spaghetti95! 48 hours AU$587.50 Less than half an hour AU$6.10 Easy Some complexity in the most common areas, and very short length. Easy to remember, but easy to crack
5paghetti!95 24 hours AU$293.70 Less than 1 hour AU$12.20 Somewhat Easy Not much more complexity than above with character substitution, and still short length. Easy to remember, but easy to crack.
A&d8J+1! 2.5 hours AU$30.60 2.5 hours AU$30.60 Very Difficult Mildly complex, but shorter than the above passwords. Hard to remember, easy to crack (against BFA).
I don’t like pineapple on my pizza! More than 1 Year More than AU$107,222.40 More than 40 days More than AU$11,750.40 Easy Excellent character length (35 characters). Complexity is naturally high given the apostrophe, exclamation mark and use of spaces. Very easy to remember, and very difficult to crack.

Tips for using PassPhrases more securely

  • Use a different passphrase for different accounts.
  • Never share the method on how you create your passphrases with anyone.
  • Only log into workstations and devices that you can trust. Avoid using public computers to log into your accounts.
  • Multi-factor authentication is much more secure that passphrases, and adds a second layer of security.
  • Just remember mobile device PINs are no different to a password. The longer the password the better, and if possible, change to using passphrases or biometrics instead.

Who’s in charge? The need for third party (and internal) admins

We frequently receive requests from clients to grant administrative access to third parties or internal staff. Third parties often need some form of access to manage the application they are responsible for, and internal admins sometimes assist with running IT. ABT will generally be hesitant to provide these administrative credentials. Here is why.

Ultimately, we sign a contract with you where we take on responsibility for your network. We take this very seriously and run your IT like it is our own. We employ skilled staff, vetted for their abilities, security posture and personalities, and train them to develop their competencies and keep their knowledge up to speed. Surely there is the occasional mistake, and when that happens, we have a team of 40 staff and the backing of an industry channel to resolve the issue. And, very importantly, we have our staff sign NDA’s, so your data is protected.

Once we give “others” access to your network all of that is in vain. We do not know the people behind the often un-personal accounts we are to create. We do not know their skills, their level of risk-aversion or willingness to admit they did something wrong. Our systems and processes are kept protected with industry grade security standards. We are not saying we cannot be breached, but the chance is slim. Can your third party say the same? Remember they are only responsible for their application but can break your whole network, whilst they may not know the first thing about networks or servers.

And then the internal admins. We understand it is important for owners to have some level of access beyond that of the MSP. That completely makes sense. But to have an internal staff member have a fully operational domain administrative account or Office 365 global admin account often provides a risk. It is like going to the dentist and bringing your own drill. Of course, we get you to sign a document that waives all our responsibility in case something goes wrong, but we would rather not have to use that excuse. And don’t forget internal admins typically have access to all data, all email in your organization, including financial, salary and executive information.

In general, we will only provide the minimum level of administrative access required to get the job done for your third party or internal admin, and have these account have limited expiry dates. Ideally:

  • We don’t give our any administrative credentials other than an emergency admin account (the “break the glass” account), provided to the business owner “just in case”. Use of this account will be monitored.
  • Third parties can do their work while we log them in and look over their shoulder.
  • Your internal admin will have to trust us to do our job, and if access is required, only a limited level of access is granted.

Please understand we are not here to make your work harder, these measures are to protect you (and ourselves….)

The latest modern threat – The “Illicit Consent Grant Attack”

The latest cyberattack example to hit Australian shores is what has been called the “illicit consent grant attack”. Rather than simply trying to catch your password or duping you into clicking on a link that installs a virus, the criminals behind this attack are more sophisticated.

We all use “apps” in our daily life. Think of Dropbox or SalesForce as examples of an app. If you want to use these, you will need to give the app access to your data. Criminals can write their own Azure -registered apps and make them available to you. The app requests access to data such as contact information, email or documents. The attacker tricks a user to grant the application access through a phishing attempt (sending you an email with a link) or by injecting malicious code into a website. When you then grant access to the app, it has account-level access to all your data without the need to have an account. What is worse, if we find out you’ve been breached standard remediation actions such as resetting passwords, MFA and even restoring data from backup may not work. All because an “app” asked for access and a user clicked yes.

For now, ABT’s security team have disabled the ability for users under our management to grant access for applications in your tenant. If users are required to grant access, they will need to let us know and we can help them out. Similarly, we are analyzing the extensive list of applications that have been granted consent in our client’s tenants and reviewing these for known threats.

Users are to be advised:

  • Never click on a link in an email of which the source is not 100% trustworthy (better is to never click on a link)
  • Do not visit websites where applications can be downloaded and installed
  • Never grant an application unvetted access to company data