computer-culture

The Global RAM Shortage: What New Zealand business leaders need to know before your IT costs spike

Thu, 26 Feb 2026 20:59:52 GMT

Across 2026 and potentially beyond, New Zealand organisations will feel the impact of a global memory chip shortage - and it won't just concern your IT team. It will influence technology budgets, IT procurement in New Zealand , device lifecycle planning, and the availability of critical infrastructure.

WHAT IS DRIVING THE RAM SHORTAGE?

So, why is this happening? Simply put, AI data centres are consuming unprecedented volumes of RAM and NAND, leaving limited supply for the enterprise and SME markets.

This shortage, however, is different from past supply issues. Memory manufacturers are reallocating production away from standard DRAM, used widely across business hardware, toward high-bandwidth memory (HBM) to support AI workloads. Because HBM takes significantly more wafer capacity to produce, this shift reduces supply of DDR4 and DDR5, affecting New Zealand technology providers, MSPs, and procurement planning across the country.

HOW WILL THIS IMPACT NEW ZEALAND BUSINESSES?

One of the key words here, is businesses - not IT teams. This is important as the RAM shortage won't just be an annoyance to IT teams, it will send ripples (or waves) across the entire business.

Memory supports more than just your computer. Other devices, around your office (and home) rely on memory, think:

Smartphones
Servers
POS systems
Vehicles
Networking equipment
Security cameras
IoT devices.

The impact of this shortage will cause headaches for more than just your IT team. In terms of your broader business, leaders will need to consider and plan for:

Extended delays for servers, laptops and storage
Higher IT procurement costs
More competition for stock
Reduced flexibility in project planning that relies on or supports device refreshes or upgrades
Increases in risks for organisations delaying standard device lifecycle refreshes.

OUR ADVICE TO CEOs, CIOs AND IT Managers.

ONE: Make sure you have a plan.

If there was ever a time to be proactive, this is it. Reacting after the fact will be costly, may mean you don't get exactly what you want and could result in long delays. Review your technology roadmap, look at what big projects are on the company horizon and establish what tech requirements they'll have.

Understanding your tech needs for the next 12-18 months now, could save you a lot of time, money and hassle in the long run. Which leads us nicely to point number two...

TWO: Chat to your MSP or tech provider.

This is key. Whether it's us or another provider, we're here to help and want the best outcomes for your business. Your IT partner should be proactively monitoring your devices and flagging to you any that will need upgrading or replacing over the next 12-18 months. They can then work with you to find the best solution to managing your tech needs in line with any budget or business constraints you may have. And those projects we mentioned above, have a chat to your provider about them. Let them know what the tech requirements are looking like and they should be able to work with you on a pathway forward.

THREE: Know when and how you'll get cost certainty.

You might need to make some hard decisions. An option is to bring forward hardware renewals. If you're able to, the earlier you get in the more likely you'll have options and better pricing. But again, chatting to your MSP or tech provider on this front (and sooner rather than later) will help you get the certainty you need to plan and budget well.

FOUR: Adjust your FY27 IT budget.

Talking about budgets... we could say build in some wiggle room for RAM-related cost increases, but wiggle room might not be enough. Over the past quarter, we've seen quotes for clients increase significantly in the space of a week. On average (as of February 2026), increases are sitting in the 25%-35% range, but we have seen some more than double.

FIVE: Implement structured hardware lifecycle management.

If you're still running a break-fix replacement model, think about adopting a proactive, managed device refresh programme. If you're sitting on a device that's now four years old and you're planning on waiting out the shortage you could find your security is highly vulnerable (and your device extremely slow) two years down the track.

THE KEY TAKEAWAY.

In our opinion, it's a strong reminder that proactively planning your tech needs and aligning them to your broader business objectives and strategy is crucial for good business management and internal team happiness.

THE BOTTOM LINE.

The global RAM shortage won't disappear overnight. There's no quick fix to the massive buy-up by AI companies. Plan now to minimise disruption to your business, team, and budget. (And please...talk to your tech provider, they're here to help).

Five IT questions every CEO in New Zealand should be asking their technology provider

Thu, 06 Nov 2025 22:00:00 GMT

IT systems are no longer just a back-office function. They are central to business continuity, customer trust, and competitive advantage. Without them functioning as they should, many businesses would come to a complete stand-still.

For CEOs and board members in Canterbury and across New Zealand, understanding the health of your organisation's digital ecosystem is essential, even if you're not a technical expert.

The challenge? Knowing what to ask.

Here are five essential questions that every CEO or board member should ask their IT manager or technology provider to assess whether their organisation's systems are secure, resilient, and fit for purpose.

1. How do we know that we're doing things right?

This question underpins everything. We've found that if you ask the question 'how do you know that your technology is set up and running as well as it should be' that many people fumble an answer. Or the response is an honest 'I don't know.'

As with other key areas of your business, your digital ecosystem also needs checks, balances and assessments so that you can identify what technology's performing well, what isn't, what is keeping up with industry improvements and what might be holding you back. Importantly, all this needs to be reviewed through the lens of 'what's right for your business' not just what's right for businesses in general.

This is not a quickfire Q&A. You'll need to ponder this, talk to the right people and establish baselines.

Good questions to start the journey are:

Who are we implicitly trusting when it comes to our technology (and are we able to assess their expertise and performance?)
Who do our systems rely on to stay up and running?
What's the weakest or most vulnerable link in the chain?

It's crucial that CEOs and board members equip themselves to ask the right questions. Knowing that your digital ecosystem is secure, modern and designed for your business needs is different to just asking the question and accepting the answer with no interrogation.

2. How quickly could we recover if we were hit by a cyber-disaster?

Cyberattacks, natural disasters and mass outages are some of the most disruptive threats facing New Zealand businesses today. You can be locked out of critical systems (and the data they manage), bad actors may encrypt your data and demand payment for restoration, or key tools your team relies on to get jobs done are no longer accessible. The resulting downtime, reputational damage, and potential data loss you can suffer can have a very real impact on your bottom line.

Ask yourself and your team:

What systems are business critical for us?
How long can the business continue to operate if those systems are down?
How much data can we afford to lose? For how long - an hour? A day? A week?
Do we have a plan on how we' ll operate and communicate with our clients if those systems are down?

Ask your IT Manager:

What is our recovery time objective (RTO) and recovery point objective (RPO)?
How long will it take to get our critical systems back online?
How often do we backup our data?
Do we have tested backups that are isolated from our main network?
Have we run a ransomware recovery simulation in the past 12 months?

A confident, evidence-based answer here is a strong indicator of IT maturity and gets to the heart of your digital resilience and business continuity planning .

3. Who has access to what, and how is this controlled?

Access control is a cornerstone of cybersecurity . Unchecked or outdated permissions can lead to data leaks, insider threats, or compliance breaches.

Ask yourself and your team:

What data is critical for us to protect?
What would happen if someone else were to access it?
Have our needs changed since we set up our systems?

Ask your IT Manager:

Do we use role-based access control (RBAC)?
How often are access rights reviewed and updated?
Are we using multi-factor authentication (MFA) across all critical systems?

As privacy regulations are tightened to reflect not only the increased sophistication of methods to obtain data but also the increased expectations consumers and businesses have about how their data is obtained and managed, ensuring that only the right people have access to sensitive data will not just be best practice, it will support legal compliance.

4. How are we protecting our customer data and IP?

Customer trust hinges on data protection. Whether you're storing personal information, financial records, crucial business information or health data, your organisation must demonstrate robust safeguards.

Ask yourself and your team:

What information are we holding that's regulated?
How are we separating this data from our day-to-day information?

Ask your IT Manager:

Where is our customer data stored? On-premises, in the cloud, or hybrid?
Is the data encrypted both at rest and in transit?
What compliance frameworks do we follow (e.g. NZ Privacy Act 2020, ISO 27001)?
How would we know if something went wrong? Do we have the tools and skills to uncover how it happened?

With increasing scrutiny from regulators, insurers and customers alike, CEOs must ensure that data protection is a board-level priority.

5. When was the last time our cybersecurity was tested and validated?

Cybersecurity isn't a set-and-forget function. Regular testing is essential to identify vulnerabilities before attackers do.

Ask yourself and your team:

Have we conducted a penetration test or vulnerability assessment in the past year?
Who performed it? Internal staff or an external provider?
What were the key findings, and how have we addressed them?
Are we regularly training and testing our staff on cybersecurity?

In New Zealand, where cyber threats are rising and digital competitiveness is under pressure, strong cybersecurity defences can make a real difference to how your business will perform when (not if) an incident occurs.

Final thoughts.

You don't need to be a tech expert to lead on tech risk and best practice. By asking the right questions, CEOs and board members can:

Uncover blind spots
Drive accountability
Strengthen resilience
Protect customer trust

These five questions are a starting point for meaningful conversations with your IT provider. They help bridge the gap between technical operations and strategic oversight and should help ensure your organisation is not only secure but also prepared for whatever's next.

Shadow IT: The hidden risk lurking in your business tech stack

Tue, 02 Sep 2025 21:43:06 GMT

What is shadow IT and why is it risky for businesses?

As the name suggests, Shadow IT is when IT is being "left in the dark". It refers to the use of technology systems, software or applications by employees and teams for business purposes, but without explicit approval or oversight from their IT department.

Shadow IT can look different from user to user, or team to team. Common examples include:

Personal cloud storage and file-sharing tools, like Dropbox and Google Docs or Google Drive.
Communication tools such as messaging apps like Whatsapp and personal email addresses.
Productivity and project management tools such as Trello and Slack.
AI platforms such as ChatGPT and Gemini.

Shadow IT Examples.

Why does Shadow IT happen?

Many instances of shadow IT usage follow similar patterns. An employee or team use the cloud service of SaaS tool in their personal life (or in a previous work life), it's easy to use and even easier to set up. Convenience wins out, and within a week you've gone from one employee using it at home, to a whole team adopting a piece of software, while the IT department has no idea it has been deployed.

And while employees and teams use shadow IT for many different reasons, there are common themes driving shadow IT usage.

Ease and convenience: often shadow IT simply occurs because it's easy. It's what the user is comfortable with, and it solves their problem quickly. For example, a marketing team member might use Dropbox to share a large file with an external agency as they've used the tool in previous roles and know it's quick and easy. It is simply the convenient option.
Internal approval is slow: Going through the approved, standard channels to request, reason, get budget and obtain IT approval for a new tool can be a long, slow process in many companies. The pace of internal approval processes can impact on an employee's project delivery timeframe, and for many taking the faster route of shadow IT is the easy, no-brainer option.
Pressure on productivity: With the rise of remote, global teams, pressure on team productivity and communications has increased. The way teams communicate with each other and manage projects when they may not be in the office every day (let alone every week) has changed. But often, a business' tools have not kept pace with remote or hybrid teams' needs. A hybrid, cross-borders team might adopt a tool such as Monday or Slack as it meets their communication and productivity needs immediately, with low IT expertise required to get it deployed. They're up and running in minutes, after just creating a login and completing credit card details.
External partners: Sometimes overlooked by employees, are requests from external partners. Examples of this include file-sharing and collaboration on software that is not approved or monitored by their own IT. While this might be seen as just doing your job and working with a business partner, just like any other instance of shadow IT, it does come with risks.
Consumerisation of IT: Tech is part of our lives, both work and home. Outside of work we use messaging apps to communicate with friends, productivity apps to manage the household juggle and AI to help us with anything and everything. With IT use being so easy in our homelife, employees expect the same at work. If work-approved tools are clunky and deliver a poor user experience, employees will seek out and use software that provides the experience they expect at the pace they need.

Why Shadow IT is risky for businesses.

Shadow IT can solve issues for employees and teams quickly. It can also invite a range of cybersecurity, compliance and data risks through the doors to unsuspecting businesses.

Cybersecurity threats from shadow IT:

When employees are self-installing and using unapproved apps and software, they go unmonitored and unpatched by IT. The result being an easy backdoor to your data for hackers. It's much harder for IT to prevent or respond quickly to attacks when they're unaware that a tool or software is in use.

Shadow IT and data breaches:

With software or tools going unmonitored by IT, businesses become increasingly vulnerable to data breaches. Either through usage of tools with low-grade security features, or through employees taking a more relaxed approach to security measures due to a lack of IT oversight. Data breaches courtesy of shadow IT can have a deeper impact on a company as the lack of oversight by the IT department results in longer timeframes to:

unravel exactly how the breach happened
understand what data is impacted
work out the process to wind the clock back.

The result of this can be an erosion of client trust and significant reputational damage. Internally, an incident like this often deepens mistrust between your IT team and the employee or team at the centre of the shadow IT usage.

Shadow IT compliance risks:

The nature of shadow IT is that it's kept hidden. Which means that any data flowing through unmonitored software and tools is being stored outside of approved systems. A compliance (and security) nightmare. Depending on the situation and severity of any data breach, you could find your business facing fines of up to $10,000 in New Zealand and potentially more overseas.

Operational inefficiencies driven by shadow IT:

While shadow IT often enters your business because an employee or team are trying to increase their productivity, it can in the long run have the opposite effect. The team responsible for introducing a new (unapproved) piece of software might see productivity gains, but if the wider business is unaware of its usage and cannot access it, this can lead to fragmentation of work, duplicated work and data silos.

Financial implications of shadow IT:

While the company and your IT team are smoothly managing your wider tech stack and associated budget, other employees and teams could be driving up your total tech costs through subscriptions to shadow IT tools, hidden costs within these tools, and licensing issues. An example of this is duplication of costs, with multiple teams unknowingly paying for a subscription to software, when if the IT department had oversight, costs could be reduced through a volume discount or licensing.

In worst case scenarios, companies can get slapped with large financial penalties due to data breaches or non-compliance with industry regulations courtesy of shadow IT usage.

Shadow IT in your business.

It's not a case of if shadow IT is occurring in your business. Rather, it's a case of the extent to which shadow IT is happening.

Businesses that bury their heads in the sand and just ignore the fact that this will be occurring are increasing their vulnerability to cyber-attacks and financial implications. They're also more likely to be creating an IT culture that is not productive or beneficial for the wider company, teams, and individual employees.

If your tech stack needs reviewing (and you're too scared to look behind the shadows yourself), get in touch and our team can get the ball rolling for you.

AI-enabled hackers: The rising cybersecurity threat businesses can't afford to ignore

Mon, 07 Jul 2025 23:18:00 GMT

Artificial intelligence (AI) is revolutionising industries and our daily lives - from helping us book holidays to improving healthcare access globally. But while AI brings innovation and efficiency, it also opens the door to a new breed of cybercriminals: AI-enabled hackers .

These attackers aren't just using traditional hacking tools, they're leveraging the power of machine learning, automation, and data analysis to launch smarter, faster and more adaptive cyberattacks. So, what does this mean for your business, and how can you protect business data and minimise your risk.

What are AI-enabled hackers?

AI-enabled hackers use artificial intelligence to automate and enhance cyberattacks. Unlike conventional hackers who rely on manual (albeit digital) techniques, these attackers use algorithms and machine learning to:

Automate reconnaissance: AI can scan thousands of websites, networks, and systems in seconds, identifying vulnerabilities and exposed data faster than any human.

Craft sophisticated phishing attacks: AI can mimic writing styles, analyse social media profiles, and generate convincing emails that are difficult to detect.

Evade detection: Using adversarial machine learning, attackers can train malware to bypass traditional security systems and adapt in real time.

Exploit zero-day vulnerabilities: AI can analyse code to uncover unknown software flaws before developers even know they exist.

Scale attacks: AI allows hackers to target thousands of systems simultaneously, often with personalised attacks that increase the chance of success.

Real-world examples of AI-driving cybercrime.

What could an AI-enabled cyberattack look like when it lands in your inbox or system?

Deepfake scams: AI-generated audio or video impersonates executives, tricking employees into transferring funds or sharing sensitive data.

AI-powered botnets: Infected devices use AI to coordinate attacks, adapt to defences, and spread malware more efficiently.

Chatbot impersonation: Malicious AI chatbots pose as customer service agents to steal login credentials or payment information.

Why does this matter?

AI-enabled hacking isn't science fiction - it's happening now. As AI tools become more accessible, the barrier to entry for cybercriminals drops. What once required deep technical expertise can now be done with off-the-shelf AI models and a bit of creativity.

This shift means every business is at risk , and cybersecurity strategies must evolve to meet this new challenge and match the speed and sophistication of AI-driven cyberattacks.

How to protect your business' data and systems from AI-enabled cyberattacks.

If you're unsure whether your business is protected against cyberattacks (AI-driven or not), now is the time to act. From phishing-resistant email systems to AI-powered threat detection, modern cybersecurity requires modern solutions.

Practical steps you can take to minimise your risk include:

One: Invest in AI-driven cybersecurity

Use AI tools for threat detection, anomaly detection, and automated response.
These tools can identify unusual behaviour and respond in real time.

Two: Employee cybersecurity awareness and skills training

Regularly train staff to recognise phishing, social engineering, and suspicious activity.
Simulated phishing campaigns can help build awareness.
Ensure your staff know exactly what steps to take if they believe any of their logins or tools have been compromised.

Three: Zero trust architecture

Assume no user or device is trustworthy by default. AI-enabled hackers love targeting users with only simple passwords in place and no multi-factor authentication (MFA).
Require continuous verification and limit access based on roles.

Four: Regular security audits

Conduct vulnerability assessments and penetration testing.
Patch software and systems promptly.

Five: Data encryption and backup

Encrypt sensitive data at rest and in transit.
Maintain secure, offline backups to recover from ransomware attacks.

Six: Incident response plan

Have a clear, tested plan for responding to breaches.
Include communication protocols, containment strategies, and recovery steps.

AI is a double-edged sword in cybersecurity. While it empowers defenders, it also gives attackers new capabilities. Staying informed, proactive, and adaptive is key to protecting your data and systems.

Concerned your business might be vulnerable to AI-enabled cyberattacks?

Test your cybersecurity systems by completing our free, cybersecurity self-assessment tool here . Or get in touch for a confidential, no-strings chat about how best to approach cybersecurity for your business.

FY2026 - the year IT takes its place at the leadership table

Tue, 01 Apr 2025 21:03:05 GMT

IT, one of those back-room departments that some people love to hate. For years, the butt of 'have you tried turning it off and on again' and 'did you unplug it at the wall' jokes. But, with the new financial year upon us, FY2026 needs to be the year that IT steps up and takes a seat around the leadership table. When I reflected and thought about where IT needs to go over the next twelve months, and what would resonate and be relevant to most (if not all) businesses, this was it. This year, IT needs to be a core consideration, central to your business planning and governance conversations.

How is IT support currently positioned?

I often see IT permanently on the backburner. Everyone knows it's important. Everyone knows that when something bad happens in IT, things are going to get difficult. Yet it's still viewed in a similar regard to a utility bill. We know we have to have it; but done poorly or at a bare minimum it's just seen as a negative cost to the business and it's hard to see the benefits it can deliver. This is particularly true when IT support is in a constant cycle of putting out fires, as opposed to having the time and space to add real value.

Companies that have already elevated IT from the backburner are investing in it, quickly see the advantages. Good IT lets them grow. It lets them be better than their competitors.

A mindset shift from negative cost to empowering growth

Poor IT, done as an afterthought or at a bare minimum can leave your business:

exposed to a heightened level of risk
running slowly and inefficiently
with unhappy and frustrated customers.

I know I'm biased but, IT really is central to running a business. It keeps the systems running, your people working and your clients connected to you. Great IT that has a voice at the leadership table not only delivers this, but also supports:

improved efficiency
increased productivity
first class customer experiences.

In short, IT done well can help your business move forward, faster . Neglected IT on the other hand, can really slow your business growth down and impact negatively on your company reputation.

A strategic approach to IT

When IT has a voice and is a core focus (and not only when there's a problem) it removes technology blockers and relieves staff frustration. In turn, this drives internal efficiency, productivity, and employee happiness.

I think we can recall a time when we've felt let down by our IT systems or have been frustrated at what's felt like a tool or process that's hindering efficiency or collaboration. When we scratch below the surface in situations like this, we often find that the approach to IT and IT support hasn't considered crucial aspects of a business such as:

key business objectives
end-user experience
balancing budget with risk and growth
time to plan.

Often when business planning is done, it is assumed that IT will just play the role it needs to. Problems arise however, if this assumption is made without truly understanding the current IT capabilities of the business, the current availability for IT support and the actual skill level and understanding of end-users in the business. This is where having a regularly reviewed IT roadmap that's built alongside and with consideration of the broader business strategy and objectives really comes into play.

I'm not advocating fo IT to be leading all conversations or to become a gatekeeper of projects. Rather by giving a voice to IT and considering how IT support can help move a project or a business forward faster at the planning stages, a successful outcome is more likely for the business. In situations where this is the case, IT has been given a platform and time to:

align their strategy and planning to overarching business goals and strategy
identify gaps in user knowledge and plan around that
understand exposure to risk and plan to mitigate where necessary.

Good IT support empowers productivity - A real-world example

It's easy to write about best practice but applying this in a business can be hard. An example that's relevant to most of us these days, is AI. As it's entered the mainstream many people are using AI tools such as Chat GPT and Microsoft Copilot for both personal and professional purposes. In a personal capacity, people are free to use these tools as they wish. They are their own personal IT team, there to review risk versus gain and manage their usage to a level that they feel comfortable with.

In a professional setting however, we're meeting many businesses who know AI tools are being used by employees (or they've assumed this) but haven't implemented any actual plan on AI yet. Faced with the new and unknown many either just ignore the issue (increasing their exposure to risk) or take the exact opposite approach and put a blanket ban on AI use in the workplace.

Applying the thinking of good IT empowers growth , then in my books, rolling out AI would look something like this:

Step one

The business agrees that AI needs to be a focus and forms a project team. This team includes not only staff that are empowered and impacted on a daily basis, but also an IT representative who has the capacity to guide from a technical perspective and from a practical perspective about how to get the most out of tools and effectively train people.

Step two

Collaborating as a cross-business group, the project team develops a roadmap for rolling out AI. Together they've been able to plan out:

the best overall AI approach and any policies required
how to get the most from the roll-out of AI
what AI tools will be best and lead to positive ROI
how to mitigate against the risks AI introduces
which staff to train and empower as a pilot group
how to track and review the real impact of AI usage.

And as all of this was worked through as a group, decisions haven't been made in isolation or without necessary technical knowledge. With group consensus and technical checks in place, the project team can quickly move forward with implementation and are less likely to encounter roadblocks during implementation.

And while most things don't roll out bump-free, taking an approach where IT is included in the project from the outset rather than entering as a gatekeeper down the track, a business is far more likely to see faster adoption rates, greater ROI and a better experience for both employees and customers alike as new tools are introduced.

Giving IT a voice at your company

If this has sparked a fire in your mind but you're not 100% sure where to start, I'd love to sit down and have a chat about practical ways to give your IT roadmap and IT support a more integrated role in your overall business strategy.

Get in touch with us here , for a no-strings attached chat or email me directly on kevin@computerculture.co.nz.

Rent Right Property Management: Easy onboarding to a new IT provider

Tue, 18 Mar 2025 23:40:07 GMT

Rent Right Property Management is a Christchurch based property management company. With 15 years of family ownership, they bring a personal touch to their relationships with both landlords and tenants.

BEFORE COMPUTER CULTURE

Rent Right Property Management were looking for a new IT provider. Their current provider had been through some changes and Rent Right Property Management felt it was time to move to a different provider. On their wish list was open communication and the confidence that they were doing all they could to protect their business and data when it came to cyber security.

ONBOARDING WITH COMPUTER CULTURE

Often the status quo wins out. Change is hard. It can disrupt routines, disrupt work output and for many businesses (particularly in a tight market) they are laser-focused on brining in revenue and refreshing business systems and operations can fall to the wayside.

Rent Right Property Management decided that the time was right for change and got in touch with Computer Culture. As with all new clients we worked through an initial assessment with Lorena at Rent Right Property Management so we could understand what was working, what wasn't and what was missing from their IT management.

Armed with that knowledge, our team then worked quickly to onboard Rent Right Property Management as a client. Ensuring we completed the changes in a way that gave the Rent Right team seamless IT support throughout the changeover process.

SO, HOW'S IT GOING NOW?

Computer Culture and Rent Right Property Management are becoming fast friends.

Speaking to Lorena, the biggest change the Rent Right team have felt is that they now feel confident. Confident that their IT is set up so their systems are secure. Confident that if they have a question or an issue, getting hold of support is quick and easy.

AND THE SERVICE, WHAT KIND OF PARTNER IS COMPUTER CULTURE?

Lorena described partnering with Computer Culture as "easy and reliable".

Onboarding with Computer Culture: How we make shifting to a new IT provider easy

lucy.stewart@computerculture.co.nz (Lucy Stewart) — Tue, 18 Mar 2025 20:18:15 GMT

Everything we do is about partnership. We're here to partner with you so you can take our knowledge and use that to guide your IT decisions (plus hand over the hard and boring stuff to us to take care of). Ultimately, we want you to feel confident that your IT is secure, you have a clear roadmap that supports your overarching business goals and that working with us is easy.

Change can be hard. At Computer Culture we like to keep things simple, and this includes onboarding with us. Our promise to you is that we'll do everything we can to make the process of shifting IT providers as hassle-free and smooth as possible.

To give you confidence that switching to Computer Culture will be easy, here are five key things we have in place to ensure that onboarding with Computer Culture doesn't drain your time or energy (in fact with your IT humming, we'll hopefully give you and your team some time back in your days).

ONE: AN IT ASSESSMENT

We do a lot of the groundwork prior to you signing on the dotted line. Having already completed a basic IT assessment (or a more comprehensive one if required), we understand exactly what needs to be done and our engineers can get started immediately.

Thanks to a clear understanding of your systems and your current IT situation, shifting systems over to Computer Culture will all happen in the background. In most cases your team should not be impacted.

TWO: TREAT ONBOARDING AS A PROJECT

Shifting to a new IT provider can be a massive deal. You're putting your trust in another business to manage crucial systems that keep your business' lights on, and you connected to your customers.

That's why we approach onboarding as a complete project. Our team have project management training and apply this to every step of how we onboard new businesses to Computer Culture.

Some of the key ways you'll see this play out are:

We work with you to complete a support matrix

When working with an external provider (or often multiple), things can sometimes get muddy when it comes to who exactly in your organisation or ours is accountable for what.

To ensure we're all 100% clear on who is responsible for what in our new partnership, we run through a support matrix with you. This document is a living document that is owned by your business and lists out exactly who is responsible for each aspect of your IT systems and support (including any other external vendors or suppliers you might work with). You'll have this to refer to if you're ever in doubt about who needs to be making the final decision on certain IT questions, or which vendor or supplier is responsbile for specific aspects of your IT support.

We document your IT systems clearly

From the outset we maintain clear documentation on your IT systems. You can access these whenever you need to. And we have them secure in our systems so no matter who is supporting your team on a day-to-day basis, they know exactly what they need to about your specific set-up, preferences and requirements. It's another way we ensure that your IT systems and support are helping your business be more efficient and grow (and reduce the hassles, frustrations and IT headaches...).

THREE: A CONSISTENT POINT OF CONTACT

Throughout the discovery phase working toward a partnership that works for both you and Computer Culture, right through to when we've completed any final aspects of onboarding your IT systems to Computer Culture, you'll be dealing with the same two key people. We see this as an important aspect to making shifting your IT to Computer Culture as smooth and hassle free as possible.

Your first key point of contact will be one of Computer Culture's Directors, so you know you're in great hands.

Your second point of contact is a Computer Culture engineer who is assigned to your business. They are there to ensure all things technical are considered, and that your IT set-up is fit for your business (not just a cookie cutter set-up applied across every business we meet).

FOUR: THE COMPUTER CULTURE USER MANUAL

Often only one or two people from your business may be involved in partnering and onboarding with Computer Culture, but once we're working together others from your team might need to know a bit more about us and how to work with us.

To help make things easy for you and ensure your team knows how to get a hold of us whenever they need to, we've created the Computer Culture User Manual.

It's a simple doc. It sets out:

who your Account Manager (and key point of contact) is going forward
how to raise an urgent issue with us
how to get in touch for general support or questions
what to do for new device or software purchases
who to contact for any finance or invoicing enquiries.

FIVE: WE'RE CANTERBURY TRUSTED

Canterbury Trusted is an external accreditation that we're really proud of. We know it can be hard to know who to trust in business. To help make it that little bit easier for you as you decide to onboard with Computer Culture, we went through an external vetting programme run by Business Canterbury. Receiving the Canterbury Trusted accreditation wasn't easy, but it is something that should give you some piece of mind that when you partner with Computer Culture, you're partnering with a trustworthy, values-driven, customer-first business. You can learn more about our Canterbury Trusted accreditation here .

PUTTING THE FEELERS OUT?

If you're sick of feeling frustrated with your current IT provider, get in touch , we'd love to have a no-strings attached chat about getting things back on track for you.

Unsure about how your IT currently stacks up? Take our short, free cyber security assessment to get a better idea of what's going well and what areas of IT security you might need to improve.

Preparing for the Windows 10 end of life: What your business needs to know

Mon, 03 Mar 2025 19:57:19 GMT

In 2024 Microsoft announced they would be retiring their Windows 10 operating system . It will reach its End of Life (EOL) on 14 October 2025 . After this date, Microsoft will cease to provide security updates and support for Windows 10.

What does end of life actually mean for Windows 10?

When Microsoft retires Windows 10 on 14 October 2025 from that point on the operating system will no longer receive:

security updates and patches
feature updates
technical support

Without any ongoing support, Windows 10 will increasingly become a security and compliance risk to your business. Your systems and data will be exposed to a heightened level of cybercrime and will likely reduce business efficiency.

Why is maintaining an up-to-date operating system so important?

Staying updated with operating systems is crucial for business security and efficiency.

Using an up-to-date operating system (in this case Windows 11) plays a key role in raising your level of security, improving performance of your IT systems (and users), and supports business continuity.

Sleep easier with enhanced security:

Protect against cyber-attacks: security patches are deployed through regular updates to secure known vulnerabilities that could be exploited by cybercriminals. Without these, systems are more exposed to malware, ransomware, and other cyberattacks.
Comply with regulatory requirements: Some industry regulations as well as many cyber insurance policies have strict rules regarding data protection. Using outdated or unsupported operating systems can lead to non-compliance.
Keep your data safe: Using an up-to-date, modern, fit-for-purpose operating system means you usually enjoy built-in security benefits such as firewalls, intrusion detection and encryption to help keep sensitive business data safe.

Keep your employees happy (and complaining less):

Less disruptions: a supported operating system often receives free updates which include bug fixes to improve system stability and reduce the likelihood of dreaded crashes and downtime which disrupt business operations.
Reduce frustrations: new features and performance improvements in regularly updated and supported operating systems can lead to a smoother and more productive user experience.

Do business without the system headaches:

Minimise downtime: a secure, regularly updated operating system helps keep things running smoothly and minimises the risk of unpredictable disruptions (and the associated loss in revenue).
Keep up to date with new tools: if your business likes to take advantage of new technology and tools then using an updated, modern operating system ensures your operating system will be compatible with the latest software applications.

Upgrading to Windows 11 is easy

With the support of your IT provider, upgrading to Windows 11 isn't difficult and does come with benefits. For businesses, key to this will be Microsoft's assurance that

When you are ready to upgrade, the Computer Culture team is here to assist. We can provide a breakdown and financial implications regarding your devices that:

can and should be updated
can't or shouldn't be updated.

With the update, it'll be business as usual and tools such as OneDrive are still available on Windows 11, so you'll have access to all your docs and files just as easily as before.

Upgrade sooner, rather than later

Windows 11 levels up the performance of devices to help you and your team get the job done. Staying up to date with the latest operating system:

protects your data
maintains compliance
promotes efficient, uninterrupted operations.

To safeguard your business and position yourself for growth by ensuring your devices are running the latest operating system, act now. We're recommending all Computer Culture clients have a plan to update appropriate devices and have any new devices required ordered by 30 June 2025 .

Don't wait, beat the queue - take advantage of better security and performance. Get in touch now to book a time to review your devices and confirm your Windows 11 update plan.

Celebrating Computer Culture's Canterbury Trusted Certification

lucy.stewart@computerculture.co.nz (Lucy Stewart) — Thu, 12 Dec 2024 21:45:39 GMT

In July this year we were thrilled to announce that Computer Culture was awarded the ' Canterbury Trusted ' certification by Business Canterbury . This accolade is a testament to our commitment to excellence, quality, and trustworthiness. So, what is 'Canterbury Trusted', why is it an important accreditation for us, and what does it mean for our team and clients?

What is 'Canterbury Trusted'?

'Canterbury Trusted' is a certification granted by Business Canterbury, the leading business advocacy organisation in the region. This certification is awarded to businesses that meet stringent quality criteria and demonstrate a high level of reliability and trustworthiness. It serves as a seal of approval, indicating that a business operates with integrity and excellence.

Why is 'Canterbury Trusted' Important?

We're shouting from the rooftops about being 'Canterbury Trusted' as it means you can be assured that when you partner with Computer Culture, you're partnering with a business that is responsible, reliable and delivers a high level of quality and customer service:

Credibility: The certification signals that we have been thoroughly vetted and meet high standards of quality and reliability.
Trustworthy: Have confidence that you 're dealing with a reputable and responsible business.

The Accreditation Process

Achieving the 'Canterbury Trusted' certification is a rigorous process that involves several steps:

Self-assessment: We completed a comprehensive self-assessment, evaluating our business operations across various criteria.
Due diligence: Business Canterbury conducted a thorough due diligence process, including reviewing our professional references and supporting documentation, as well as speaking to members of our team to get their take on us as employers.
Approval: Upon successful completion of the assessment and due diligence, we were awarded the 'Canterbury Trusted' certification. This is valid for one year, with the company required to go through a reaccreditation process annually to ensure we are still living up to the Canterbury Trusted standards.

Our Journey to Accreditation

Our decision to pursue the 'Canterbury Trusted' certification was driven by our commitment to excellence and our desire to provide the best possible service to our clients. It was a rigorous but rewarding experience that allowed us to reflect on the journey Computer Culture has been on over the past seventeen years.

A key aspect of the accreditation process was the interviews Business Canterbury conducted with clients, suppliers and employees of Computer Culture. It was humbling and heartwarming to get feedback from both clients and employees that showed Computer Culture is truly living our mission of being a company that our entire team can be proud of and that clients highly value working with us.

"Being awarded the Canterbury Trusted certification was a highlight for Computer Culture in 2024. Kevin and I set out to do IT differently and build a business with people at the heart of it. Receiving the Canterbury Trusted accreditation was great recognition that our team and our clients really are at the centre of Computer Culture. It gives them that extra level of confidence that we're a business they can trust."

Craig Harrington, Director, Computer Culture

What does the Canterbury Trusted certification mean for our team and clients?

For our team and clients, the 'Canterbury Trusted' certification is a clear indication of our commitment to excellence. It means that you can have complete confidence in our services and trust that we will always act in your best interests.

Quality assurance: You can be assured that our business meets the highest standards of quality and reliability. We strive for excellence, always seeking out the best solutions for our clients.
Peace of mind: Know that we have been thoroughly vetted by Business Canterbury. When you're working with us, you're in safe hands.
Enhanced trust: Our certification reinforces the trust you have placed in us and highlights our dedication to maintaining that trust.

We are proud to have achieved the 'Canterbury Trusted' certification and believe it is a significant milestone for our business. This accreditation not only validates our efforts but also serves as a promise to our team and clients. As we continue with our mission to make Canterbury's IT culture great, you can trust that when you partner with us, you're working with a dedicated team that care about your people and your business.

If you'd like to experience the benefits of working with a 'Canterbury Trusted' business contact us today . We'd love to partner with you to help you achieve a smoother, more enjoyable IT experience.

AI in the workplace

lucy.stewart@computerculture.co.nz (Lucy Stewart) — Tue, 15 Oct 2024 22:23:51 GMT

Are your employees using artificial intelligence (AI) on the job? You might be aware of AI tools being used; you might not be. You might be encouraging the use of AI tools; or you might not. Either way, chances are your employees are using AI in some way to help them be more efficient at work (whether you like it or not). In fact, a recent study found that 68% of people surveyed who used AI at work did not disclose usage to their bosses .

Like most things AI has advantages and risks. For businesses in particular, artificial intelligence and the proliferation of AI tools that have hit the market in recent years throws up risks in addition to all the efficiencies they can drive.

As businesses play catch-up with their employees and the AI market, they can be exposed to various risks and issues. If you haven't already, then a business-led strategy for implementing AI in your workplace should be a priority.

Starting out on your AI journey? Here are our top five steps to help you get AI working for your business (while minimising the risk).

ONE: Decide which AI tool is best for your business

If you wander around your business and ask a few employees about AI tools, what they know and what they use, then you'll no doubt hear Chat GPT mentioned a lot. Chat GPT is a generic AI tool which has both a free and paid version. However, this is just one of many potential AI tools your business could make use of. Starting out on your AI journey, one key decision to make is which AI tool is best for you. To get a handle on this, start by segmenting the AI tools available based on your requirements and their key attributes, such as:

Is this a public tool that will share your data at a cheaper prices OR
A private tool that will safeguard your data at a higher price?
Is this a generic tool that will do a lot of different things cheaply OR
A specific tool that's targeted towards your specific needs with costs to match?

While you might find, for example, that the free version of ChatGPT (a generic, publicly available tool) might get you results, paying for CoPilot for Microsoft 365 (a private, generic tool) might be worth the cost to safeguard your data. Likewise, although you may be able to wrangle a generic tool into solving your problems, the cost of development and staff resources that it will take could readily be avoided by spending a little bit more on an industry specific tool that's already been developed and will continue to be refined.

TWO: Engage your team early

AI can have a transformative impact on businesses. Implementation of AI within a business can bring about a cultural shift. While some of your team may embrace the technology wholeheartedly, there could be others who find AI and its implementation confronting and difficult.

When Computer Culture works with clients on their AI journey, we recommend an inclusive approach that involves employees from the outset. Buy-in for an implementation journey (rather than just a release and run experience) and a good understanding of what you're aiming to achieve from the outset, can ensure a seamless integration of AI into your daily operations and reduce friction with employees who are slower to embrace it.

"Focus on engaging your co-workers, your colleagues, the workforce, and make them part of the AI transformation. The most successful deployments we've seen are where the end users, and IT and tech resources, work hand in hand to get the technology rolled out."

Charles Lamanna, Microsoft Corporate Vice President, Business and Industry CoPilot on the WorkLab podcast.

THREE: Figure out your business's approach to AI

Rolling out AI within an organisation shouldn't be a cookie cutter plan. Each business has a different culture, various levels of sophistication and different levels of risk it's willing to manage.

Once you've made the decision to formally roll out AI into your operations you need to ask yourself some key questions:

How might using AI impact our people?
How might using AI impact our customers?
How will our company culture react to having AI integrated into operations?
As we adopt AI, where do we want to sit on the permissive to restrictive scale?
How transparent do we want to be internally about the use of AI?
Are there compliance or legal requirements for us to be transparent about AI usage externally? What about external transparency when we layer a company values lens on this?

These decisions are crucial to creating a clear framework for AI implementation. Answering them needs to be business-led, supported by technical teams or IT resources, and consider the entire business, its people, customers and operations.

Once these questions are answered and you know the direction your business will take with AI, you can develop an AI policy. Once completed, this will be a critical document for the business to communicate your expectations around AI usage by staff.

FOUR: Plan out an AI implementation roadmap

As with implementing any new, transformative tool, having a clear and structured plan will make rolling out AI into your workplace easier. You'll need to map out who will be involved and when, what are the key milestones to achieve across the project and what's the delivery timeline for tasks to be completed by.

A good roadmap should include key elements such as:

A review of data security and permissions. Using AI increases risks, reviewing data security and permissions before implementing it will help limit the risk of data breaches.
Staff training. This isn't something that you can just implement and then set free. To get AI humming in your business (and your team embracing it) a training programme is crucial to ensure your team are confident happy users and are using it safely.
A pilot programme. Depending on the size of your business, rolling AI out to a pilot use group initially can smooth the way for a full roll-out. The benefits of testing with a pilot group are that any learnings about risks, shortcomings, training and ROI can be reviewed and improvements made ahead of a full roll-out.

FIVE: Give it some time (and then review)

No matter how planned out your roll-out is, you'll most likely hit the odd judder bar along the way to embedding AI in your business. Give it some time, support key staff you see as influencers within the business and ensure everyone knows AI is a priority.

After an appropriate level of time (likely different for each business) sit down and review how the roll-out has gone. What's been a success? What isn't working so well? If you have staff who've become super-users, what's working so well for them and what are the benefits they're seeing?

This is a good time to consider key points such as:

Do we need to roll-out access to more staff?
Is our initial AI policy fit for purpose or does it need altering?
Are there other AI tools or applications that we should be assessing and adding into our mix?

Getting started

Ultimately, the question is not going to be whether your business uses AI or not, but rather whether you use it well or not.

Looking to the future, those businesses that adopt AI and really get it working for them will be the ones that excel. If you'd like to be one of those exceling with AI, get in touch to set up a bespoke AI session for your business. We'll help you better understand AI and how it could work for your business, what rolling it out in your business might look like and provide a template for an AI Acceptable Use Policy so you can start moving your journey forward immediately.

How to create a cyber security incident response plan

lucy.stewart@computerculture.co.nz (Lucy Stewart) — Fri, 27 Sep 2024 00:28:03 GMT

An incident response plan is not a nice to have. From major weather events to cyber security hacks, occurrences of major, adverse events impacting I.T. systems are increasingly common. Businesses who have taken the time to plan the steps they'll take to respond to such an event will always come out the other side faster and in a better position, than those who must react on the fly.

What is an Incident Response Plan?

An I.T. or cyber-security incident response plan is a crucial document that sets out exactly how a business will deal with a major, adverse I.T. or cyber-security event. A good incident response plan will establish a clear protocol on questions such as:

Who is responsible for leading the response?
How do we define an incident?
How will we communicate to staff and customers during the response?

An incident response plan won't solve your problem, but it will put you in the best possible position to be able to respond to a major situation calmly, clearly and quickly. It is a crucial part of business continuity planning and governance. The development of it must be led internally by business leaders, who can then consult with external I.T. providers for technical support and knowledge when needed.

Developing your own Incident Response Plan

If you've been thinking about developing or updating your incident response plan, here are some key questions your business should be asking to help define what your plan will look like, and who needs to be involved.

ONE: How does our company become aware of an adverse cyber incident?

While this might seem a bit of a no-brainer, there are good ways to be alerted to an adverse I.T. event and there are bad ways...

Good questions for leadership teams to discuss here are:

Does our team know who to report a major I.T. incident or cyber-attack to?
What if it's out of standard operating hours?
Is there a simple phone number for team members to call to report an incident or attack?
Do they understand the urgency of an I.T. incident or cyber-attack and know to report it immediately?
Is this process documented and explained to all new starters?
If someone is unsure of the process, can they quickly find out what to do?

TWO: How severe is the situation?

Is it an 'event' or is it an 'incident'? Is it major or minor? Having a clear definition of what constitutes an event versus an incident and whether it is major, or minor is key to determining how your business will respond and the escalation chain.

Thinking on this, your business should ask:

How do we assess the risk an incident might have to our business?
Is the incident impacting customer data?
Are critical assets such as financial records, personal data, intellectual property, and/or sensitive information now vulnerable?
What is the threshold we are comfortable with for assigning something as an event, and when does this escalate to an incident? For example, an event might be one staff member's mailbox being threatened compared to a whole of company cyber-attack escalating to an incident.

THREE: Who will lead the company's response?

Having one person lead the overarching response is key to an effective and efficient response. This person should be a leader in the business who is comfortable collaborating with a wide range of stakeholders and who understands the impact of decisions being made and can make critical decisions as required.

This person should not be an I.T. leader by default - remember if a major incident occurs, it'll likely be all hands on deck for the I.T. team.

If your business is large enough then you'll want to consider building out an incident response team to support the incident response manager. Expertise this team should provide include:

Technical - someone who can inform on and make decisions on technical matters related to the incident
Legal/Compliance - someone who can provide any legal guidance that might be required
Communications - someone who can ensure that your wider team and your customers are kept up to date during the incident response and can manage any external enquiries that might arise.

FOUR: Who needs to know about the incident?

Once an incident has been reported internally, it's likely you'll need to report it externally to certain stakeholders:

Who is responsible for alerting your external I.T. provider if you have one?
Who will act as the liaison between you and your external I.T. provider during the response?
Who is your key contact at your external I.T. provider that you should report an incident to?
Does your insurance company need to know about the incident and if so, who do you report it to and how?

FIVE: How will we communicate during the response?

Resolving the incident is of course your number one priority, but while the response is underway it's crucial to keep staff and customers up to date with your response.

Think about the demands of responding to a major I.T. incident and consider the different types of communications you might need:

Who is your inhouse expert for comms in a crisis? Or do you have an external PR or comms provider to support you during incidents like this?
If systems, such as your email, are down what channels of communications do you have to keep staff and customers informed? SMS, in-app notifications, your website, an automated phone message?
Do you know what you'll say? Each incident is different, however having basic, customisable templates for alerting staff and customers and updating them during a response can make getting critical comms out easier and faster during a stressful time.

Key Takeaways

If you don't already have an incident response plan, then creating one can be a daunting exercise to embark on. Three key things to keep in mind are:

It's never too early to start developing your incident response plan.
Your incident response plan should be a living document. It needs to be reviewed and updated on a regular basis.
Don't rely on your I.T. provider to develop your incident response plan. An incident response plan is part of your broader business continuity planning process so must be lead internally. Consult with your I.T. provider for technical expertise as it is developed and reviewed.

Did your blood pressure rise a little reading this? Can't remember the last time your business reviewed your incident response plan? If you'd like some guidance on best practice when it comes to an I.T. or cyber-security incident response plan, get in touch with our team - they'll have you sorted in no time.

The Importance of AI for Canterbury Businesses

salessupport@computerculture.co.nz (Computer Culture) — Tue, 18 Jun 2024 02:11:15 GMT

Note: 0% of this blog has been created by AI – we’ve relied entirely on our AI expert, Stephen Shaw .

We recently partnered in a panel discussion on AI for business in Canterbury, with One NZ , BNZ and BDO . It was aimed at being a practical look at how Canterbury businesses could apply AI in their operations and raised some interesting discussion points. We thought it would be useful to summarise some of the key points for the wider Canterbury business community.

1. AI isn’t coming – it’s here

AI has started to have a very real impact on businesses around New Zealand. Larger organisations have had the resources to enable them to get well underway on their AI journey. It was surprising to hear just how extensive the applications were inside organisations such as One NZ and the wider usage AI was being put to in gaining efficiencies.

Generative AI is literally enabling hundreds of man hours to be taken off low-value tasks and be applied to high value, human-centric work that adds exponentially more to the business. The key message: mid-size businesses need to get onboard with using AI across their business so they don’t lag behind larger competitors.

2. AI is different to previous technology change

Utilising AI in an organisation shouldn’t be left to chance. It needs to be proactively led by its business leaders who in turn need to understand the problems they are actually trying to solve in applying AI. It is important you have IT resource to support you to resolve any tech related questions and also ensure that security is in place so using AI doesn’t cause unseen issues in your systems.

There is an important distinction between generic or public AI instances (such as ChatGPT) versus AI instances that are specific to your business, your data, and interact with your primary business goals - AI can do so much more than draft an email.

While there are many legacy technologies that can potentially deliver similar outcomes they can be very costly and time consuming to develop and build. Used well, AI tools can be trained in a fraction of the time to help resolve some core business problems – but it is this ease of use and accessibility that is also raising concerns.

As there are already a very wide range of applications AI can be put to across the business, it is very likely some of your employees are already using generative AI in your workplace. There is a big difference between them using open platforms to conduct individual experiments versus targeted usage of AI approved and supported by your business.

That is why it is important to ensure this engagement is driven by team leaders and the appropriate policies, training, security, support is in place to manage this. At the end of the day, you need to establish how a tool as powerful as Gen-AI fits into your business and your culture, so that it can serve your people and your goals.

3. Where to start your business’s AI journey

One of the hardest things to understand is just where to start. Thinking about what AI can do is so broad, the art is actually figuring out how AI can specifically work for your business to improve engagement across people, data and systems. In some ways, starting with AI and what it might do can actually hold you back from realizing its full potential.

Instead, consider what it might look like to ask questions about what your business needs, and then put those needs through an AI lens to see what solutions might be found: “If we were to solve this problem using AI – what would it look like?”

Some examples would be, “what would it look like if:

…I had an unlimited resource available to respond to customer enquiries?”
…I had a data analyst with unlimited capacity to make sense of all the buckets of data we have?”
…If I had an EA available to me who could draft documents and prepare me for meetings 24/7?"

The applications and possibilities are going to differ vastly between business types, stages, and industries. Reaching out to your vendors and industry partners to understand how they might be using AI is a good place to start. Once the business problems you are trying to address (and believe you can solve) have been identified it is then a case of looking at which AI options are going to help you solve them.

It might also surprise you as to the AI capability built into solutions your business is already using. At Computer Culture, for example, we are working with Copilot for Microsoft 365 with the view of being able to help manage a wide range of everyday tasks. It has some pretty cool functionality that isn’t generally visible to a user on the standard Microsoft 365 licensing packages.

Finally: Canterbury can lead in AI

But the biggest out take from the discussion was that there is absolutely no reason why Canterbury businesses of all sizes and shapes can’t embrace AI to help improve their business productivity in a positive and proactive way. It isn’t a case of “AI is coming” it is a case of “AI is here” and we all need to understand how to use it to our collective advantage.

If you would like to access our AI Policy template and/or further explore how to start your AI journey, please get in touch .

Global IT Conference Empowers Computer Culture

salessupport@computerculture.co.nz (Computer Culture) — Tue, 28 May 2024 00:30:00 GMT

As an N-able partner, Computer Culture’s Technology Manager, Hugh Burns, attended the recent Empower conference in Frisco, Texas.

Held over three days, the conference attracts several thousand of the industries ‘biggest and brightest’ to challenge and drive transformation for MSPs (Managed Service Providers) – like Computer Culture – around the world.

While Computer Culture is clearly proud of being Canterbury first – we are equally proud to be able to bring global best practice back to the region. In attending Empower we sat alongside other MSP industry experts who also use N-able’s scalable software solutions to monitor, manage, and secure their customers’ systems, data, and networks.

As Hugh describes it:

“Probably the best part was talking to other IT companies that have very similar business to ours from all over the United States, Europe and Australia. In sharing how we are doing things I came away feeling very happy Computer Culture has the right tools and right approach to our global counterparts. In saying that – we all learnt some new things at the conference that we will integrate into our offerings.”

Three key themes from N-able's Empower Conference

In reflecting on the themes across the keynotes and other presentations he attended, Hugh identified three key themes.

1. Artificial Intelligence (AI) with a focus on Robotic Process Automation

This isn’t about using generative AI to create content but how to integrate AI into our client’s businesses to streamline processes and create a better customer experience. Robotic Process Automation uses AI (or software ‘robots’) to automate those repetitive and often boring, rule-based tasks. It can effectively mimic human action such as extracting data, form filling, file moving etc – while called ‘robotic’ it is all in the software with no mechanical robot involved.

2. IT is more complex than it has ever been before

We have gone from one box in the corner to disparate systems with data everywhere and more APIs than anyone ever conceived. There was a lot of discussion around how we can really build the understanding to simplify and distill this down for our clients. While we are continually making sure we are always on the cutting edge of tools and processes - especially security – keeping things simple is a lot harder than making them more complex. It is something we are continuously working on at Computer Culture.

3. The biggest point of difference is still your people

It was really refreshing to sit in a technology conference and have it acknowledged that having the right tech is just part of the puzzle. Having a team with the right knowledge and right attitude to help client businesses navigate technology at all levels of the business -from board to front line - was seen as the key to actually being successful.

As Hugh puts it:

“It was really humbling to sit there with all these amazing big brands and understand that in many cases we can deliver what they can – and in some cases, better than what they can – due to the team we have on the ground in Christchurch. While I came away with a whole lot of new thinking it was equally important to realize that we can build a truly excellent IT culture for our clients – right here – right now - from Canterbury.”

If you would like to know more about what we are seeing trending – please reach out .

Learning to "Switch Off" on Holiday

Fri, 24 Dec 2021 02:11:51 GMT

It is hard to switch off when you run a business because ultimately business never sleeps. So how do you take holiday and switch off in today’s modern world when we are constantly reminded of work with messages, alert notifications, mobile phones & emails all at our finger tips and our phone constantly screaming at us for attention?

The French have taken switching off from business to a whole new level with the introduction of a new law in 2017 which barred work email after hours. The law established workers “right to disconnect’ with the goal of preventing burnout by protecting private time.

While we may be a long way off following the French there are a number of things that we can do to switch off and learning how to quieten your devices is a perfect start.

Turn off all notifications, except for the ones you actually want to receive while you’re on vacation. (We particularly recommend disabling the news.) Think carefully, what notifications are actually important to you and need to be actioned straight away?

Create a temptation-free home screen. Rearrange your apps so that your home screen contains only practical apps that won’t suck you in (for example, the camera, maps, or fishing app). Those are your holiday essentials and you can use them freely. Move business apps to latter screens.

Reduce FOMO (the fear of missing out) by setting up vacation auto-responses for your email, voice mail and text messages. (To set up an automatic text message response on iPhones, use the customized option for “Do Not Disturb”)

Consider not checking your email at all while you’re away. If you’ve set up a good auto-response and have left instructions for your co-workers, what’s the worst that could happen?

If total abstinence sounds too extreme, commit to checking your email only once or twice a day, ideally from an actual computer. To keep yourself on track, put your phone on airplane mode while you’re out

If there are people whose emails you feel you simply cannot miss — for example, your family or your boss — create V.I.P. lists. Then adjust your notification setting to receive notifications only for messages sent by your these important people.

Most importantly … relax, recharge, re-energise and enjoy your holiday.

THE TWO MOST VALUABLE ASSETS FOR A BUSINESS & HOW TO PROTECT THEM

Wed, 17 Nov 2021 21:25:39 GMT

The two most valuable assets in your business are your people and your Intellectual Property or your data. Both can cost you significant expense, time and headache if they are to walk out the door. We value and spend time protecting our hard assets like buildings, plant, machinery and vehicles so it stands to reason that we protect our two most valuable assets – our people and our data.

Do you recognise the value of each of them? What are you doing to protect them?

No one likes to focus on the negative and think about the worse case scenario but if there is anything that Christchurch has taught us over the last 10 years is to expect the unexpected! How well is your business prepared?

As a business leader, you will know first hand the stress of the unexpected: earthquakes or pandemic – the unexpected can have significant impact not only the business but also you as a person. Your employees are also experiencing their own stresses. Mental health was already on the rise and the pandemic has done little to reduce this. Supporting employees with flexible working can go a long way to alleviating stress of the unexpected.

While the pandemic has forced many businesses to address remote working, it continues to astonish us at how many businesses still do not have appropriate security measures and back ups in place. Although of course, as a Computer Culture customer there should be no excuse!

Cybersecurity has been front of mind across many industries over the past few years, but has become especially relevant in the past year with the challenges of the pandemic and the rise of remote work. In fact, data shows that cyberattacks have risen 600% (Source: Forbes: Cyber Security Stats, 2021) as a result of the pandemic!

These figures are certainly striking, but there is a temptation to think that it’s just big corporations that need to worry about their cybersecurity. Think again.

We are all vulnerable to cyberattacks. After all, our bank accounts may not resemble corporate holdings or a philanthropy’s endowment, but our financial information and data can still be very valuable. Even the most basic data such as birth dates, phone numbers, addresses and email addresses can be used to steal your identity.

Proper storage and regular backups will help protect your important information from system failures or improper use. But an increasingly complex online world means you need to also protect your data from unauthorised access, whether it’s an accidental breach by someone in your business or by a hacker.

Ignoring cyber security threats and data breaches puts your reputation — and bottom line — at risk.

Recovering from a cyber attack or data breach could be an expensive undertaking. Take precautions so you don’t fall victim.

Consider doing a cyber security risk assessment about your business. It will help you identify what you value, what your risks are and how to mitigate them.

Should the worst happen what is your backup?

1. Literally, do you have a back up?

2. How quickly can you get up and running?

3. Do you have a business continuity plan?

4. Do you have the appropriate security measures in place?

5. Do you have Cyber security insurance?

6. How are you protecting your employees?

Phone Security

Wed, 17 Nov 2021 20:55:57 GMT

Did you know that there are over 6.49million mobile phone connections in New Zealand. To put that in context, that’s over 135% of the population having at least one smartphone.

With more and more of us using mobile phones in our everyday life for both personal and business needs it is no surprise that hackers are now targeting smart phones. Phone hacking will become more and more prevalent so it’s a good idea to review your phone security periodically. Below are some recent examples of how phones are being targeted.

If you are concerned about the security of the mobile phones in your company, especially as they are often accessing sensitive company data, please talk to us about your options for helping to manage the risk.

Apple iMessage vulnerability being exploited .

Attackers are exploiting a vulnerability referred to as “Forced Entry” which affects iOS, macOS, and watch OS which allows a remote attacker to gain access to a device without any user interaction.

Apple products that are running the following Operating systems are vulnerable:

All iphones with iOS versions prior to 14.8

All Mac computers with operating system versions prior to OSX Big Sur 11.6

All Apple Watches prior to watchOS7.6.2

Apple has released an updated to resolve this vulnerability and Computer Culture recommends all users of these operating systems update their devices as soon as possible.

FluBot Malware infecting Android phones

FluBot malware is being spread through text messages on Android phones and is currently affecting New Zealanders. There are a number of different message varieties:

You have a parcel delivery that is pending
Someone is attempting to share an album of photos with you
You have received a voicemail.

If you have received the texts this does not mean your device has installed the malware. Do Not click on the link, as it will direct you to a page that looks like a security warning that you have FluBot installed.

Visiting these pages does not mean you have been infected by FluBot, but do not follow any instructions on these pages, as that will infect your phone.It is likely that the wording of these text will change. Be wary of any suspicious text messages you receive, asking you to click on a link. If you are in doubt or unsure then don’t hesitate to contact the team at Computer Culture.

Source: www.cert.govt.nz

Windows 11 has arrived, should I upgrade?

Wed, 17 Nov 2021 20:45:36 GMT

The current advice for our business clients, is “no, not yet”.

As you may be aware, Windows 11 was released last month. To get an idea of the new features that Microsoft are touting, you may want to watch this introduction video .

Some of the headline features are:

An overhauled user interface
Better “virtual desktop” support
Teams integration (personal accounts only)
Widgets
Xbox gaming features
Android App support

Here at Computer Culture we are assessing the new version of Windows to look for ways our clients can make use of the new features, and to make sure it is compatible with the multitude of third party apps and services that many business rely on.

When new operating systems like this get released, third party vendors can often take a long time to support them, and with Windows 11, this is no exception. Software that handles things like security, backups and line-of-business applications, should all be in a supported state by the vendor before you make the jump, so that you do not hit compatibility issues that may cause disruptions to your business. Currently, there needs to be more testing and verification before Computer Culture can recommend or “support” business computers running Windows 11.

By “support”, we mean we know all the core products and services that you rely on are compatible with Windows 11, for example the antivirus and patching components that are so critical to keep your business safe. It is for this reason, that we are advising our clients not to upgrade to Windows 11 at this stage, as doing so may cause disruption to your services. These disruptions may not be covered by support agreements you have in place with us until such time as we verify Windows 11 as a supported operating system for our managed services.

Furthermore, you may notice many of the new features being advertised by Microsoft for Windows 11 are very much consumer focussed. Things like Xbox gaming features and Widgets are unlikely to provide gains for business, and an important thing to note is that the Teams integration is for personal accounts only, i.e. for communicating with friends and family. It is not designed for business use, for which you will continue to use the same dedicated Teams app that you do now.

Windows 11 does offer a nice new user interface, and reportedly has performance gains over Windows 10, but the case for upgrading is not compelling at this stage. After it has undergone more testing and verification, we will update our position to support it, and advise when that is the case. Microsoft will also be supporting Windows 10 until late 2025 so we recommend that’s where business computers are kept for now.

Starlink Satellite Internet Constellation

Tue, 01 Jun 2021 04:47:25 GMT

All over the news recently has been the progress of the Starlink satellite internet constellation being constructed by Elon Musk’s company – SpaceX – which when finished will provide satellite Internet access.

Thousands of mass-produced small satellites in low Earth orbit will make up the constellation and will communicate with designated ground receivers to provide coverage.

While the network is a long way off being finished and economically viable for the average home user, we’re looking forward to the official launch of the Starlink service.

For rural or ISP low coverage areas there are limited options currently for improving internet speeds, so this will offer a high speed alternative where physical Internet lines may not yet be available.

TURN YOUR BIGGEST CYBER-SECURITY THREAT INTO YOUR BEST LINE OF DEFENCE

Tue, 01 Jun 2021 04:39:48 GMT

TURN YOUR BIGGEST CYBER-SECURITY THREAT INTO YOUR BEST LINE OF DEFENCE

Your employees are your number one cyber-security threat. A sad fact, but true.

They’re often the main gateway through which hackers try to worm their way into your business. After all, it only takes one click on one wrong link in an email, for cyber-criminals to get in.

But your staff can also be your best protection against threats.

Turning your team from a security risk into your most important line of defence isn’t as difficult as you may think.

The most important step is to train them all properly. Cyber-security training, whether it’s delivered through an e-learning module or face-to-face session, should be a compulsory part of their onboarding process – with ongoing training and refreshers.

Building a culture of awareness and vigilance is one of the best things you can do to protect your business.

For example, educating staff on the risks of opening suspicious email attachments will make them pause and think twice before opening emails they’re not 100% sure about. It can also be useful to share details about attempted attacks so they can see the risks are real, ongoing, and what they look like.

It’s also a good idea to write a formal information security policy that all employees need to read and sign. This should set out, in clear and direct terms:

Best practice

What needs to be avoided

And the procedures employees need to follow to reduce data security risks.

Your policy should also explain what actions people need to take if they suspect there’s been a cyber-security incident.

It’s key to act fast and make the right people aware the moment anything suspicious happens. Steps can then be taken to reduce the risk of a serious incident developing by fixing gaps in your systems, or making other employees aware of an emerging threat.

This can be especially important if criminals are targeting individuals by impersonating somebody known to the business, like a senior manager or a major supplier. Attacks like this have a nasty habit of hitting several people at the same time with similar techniques.

Computer culture can help with this through our Cyber Security Awareness Training. It’s a structured 12 month program designed to train, phish then analyse the results for your team. Please contact your account manager if you’d like to turn your biggest cyber-security threat in your best line of defence.

PLEASE DON’T GIVE EVERYONE ACCESS TO EVERYTHING

Tue, 01 Jun 2021 04:33:02 GMT

PLEASE DON’T GIVE EVERYONE ACCESS TO EVERYTHING

With so many potential vulnerabilities in every business IT system, there is no “silver bullet” - no single safety measure that will let you sit back and relax, knowing your IT is safe and data is secure.

Most of the risks are ongoing and constantly changing. They need an active approach to stop your business falling victim to a data breach or malicious cyber-attack.

It would take a lot more space than is available in this newsletter to talk about all the risks you face.

So instead, we can talk about one of the most important things you can do to stay safe.

MAKE SURE YOUR TEAM ONLY HAS ACCESS TO THE DATA IT NEEDS

Keep an eye on who has access to what, and whether they need it.

The more people have access to sensitive data, the more potential routes there are for the wrong people to get access to it.

If you give everybody access to everything, all it will take is for one account to become compromised. And before you know it criminals armed with malware will have access to your systems.

Just as important as this is how you manage the IT accounts of people who leave the business or change jobs internally. For example, if an employee switches from accounting to a management job in a completely different part of the business, they probably won’t need to keep access to all the data they needed for their last role.

Failing to adjust permissions only adds to your level of risk. When people leave your business, you must immediately restrict their access to your systems and data. Implement appropriate policies and processes to reduce the risk of something slipping through the net.

Microsoft 365 Staff Productivity

Tue, 27 Apr 2021 22:11:45 GMT

Microsoft 365 is the best thing for staff productivity.

One thing that has become apparent with the pandemic and working from home is that we are relying on technology more than ever before.

The tools available in Microsoft 365 help us stay productive wherever we’re working, be it in the office or remotely.

If you’ve been using Microsoft’s software for years, now’s a good time to discover new features.

If you haven’t started exploring yet, you’re missing out on loads of ways to boost productivity and make your life easier. Following, are some of the main items that could enhance your Microsoft experience.

Microsoft Teams

Teams has changed how we communicate and collaborate. Even when we can’t work in the traditional face-to-face ways Teams offer us solutions.

Long gone are the days when different versions of the same documents were flying around on email. Set up Teams correctly and your colleagues can work together in real-time - with only one master copy of a document that’s shared and discussed.

You can even turn the clock back to previous versions if somebody makes an error or heads in the wrong direction.

Setting up dedicated channels within Teams lets defined groups of people focus on specific projects and topics. This makes sure people only get notified about the work they’re involved in. Which stops Teams being overwhelming or confusing.

It’s a space to help your teamwork with a focused level of productivity.

Office Applications - Microsoft Search feature

Don’t know how to do something in one of the Microsoft Office Apps? Are you struggling to know how to add a table to a Word Document or Format Cells in Excel? Try using the search box at the top of Microsoft's apps.

The search box is very smart and can often be the quickest way to do what you need to do.

Instead of Googling your question, this handy box will often take you straight to the button you need to press.

This can help save you a lot of time as it avoids the need to research online. It’ll also make sure you get an answer specific to your version of Word, Excel, or whichever Microsoft 365 app you’re using.

For example, if you were using Microsoft Outlook and needed to start a new email, you could type “start new email” and the icon appears in the dropdown list ready for you to click.

If your business isn’t already using M365 and you’d like to investigate the feasibility of implementing it, please give one of our friendly sales team a call to discuss further. .

Make Remembering Passwords a Thing of the Past

Tue, 27 Apr 2021 21:55:50 GMT

Using weak passwords is risky. So is using the same password across different services.

If you do this, it means that once somebody has your email address and password, they’ll find it incredibly easy to access your other accounts.

This can wreak havoc on your digital life and within your business. And the damage can spill over into serious real-world inconvenience too. This is especially true if identity theft is involved, or if they’ve managed to break into your social media or bank accounts.

Data breaches happen every day. And once your passwords and email addresses are out there, you never know whose hands they’ll end up in (many get sold on something called the Dark Web, a kind of hidden internet for criminals).

But what can you do to keep your passwords safe and your digital accounts secure?

Use a Password Manager:

Instead of scratching your head to come up with a new password for each account, use a password manager to automatically generate long, random, strong passwords.

It’ll also remember them for you. You only need to remember one password… the master password to access the password manager – just ensure you never forget this, or you’ll be locked out of all your passwords!

The best password managers let you customise how long your passwords are, and what kind of characters they should include. And will keep them 100% safe while still giving you easy access across all your devices.

If you’d like some advice around password managers get in touch with our sales team.

Turn on Multi Factor Authentication (MFA):

As well as setting up a password manager, make sure you have multi factor authentication enabled.

Microsoft 365 has MFA and Computer Culture recommends all our customers use this feature. It works by requiring the user to enter an additional security code when logging into their accounts.

The codes can be sent to you by text message. Better still, you can set up an authentication app on your phone that refreshes with unique codes every few seconds.

Multi factor authentication on M365 is considered a highly effective tool against hackers. Even if they’ve got your login details, without your phone they can’t get in.

We recommend implementing this for all apps your staff use. After an initial bit of discomfort, they’ll soon get used to it. We can guide you and your team through the whole process - just give us a call!

The Importance of Patching

Tue, 27 Apr 2021 21:30:15 GMT

There’s been plenty of security events since the start of this year, far too many for us to feature all of them separately.

This month we’re highlighting a few of these that have had big impacts, and outline some of the measures you can put in place to combat cyber risks.

Acer Ransomware Attack:

You may or may not be familiar with Acer, the hardware vendor provides laptop and desktop PC’s as well as other technology devices. It’s alleged they have recently been hit with a ransomware attack by a group known as REvil, with the hackers demanding a US$50 million ransom to decrypt the locked data. Acer apparently has until 28 March to pay the ransom, after which the price will double to $100 million.

This goes to show that no business is safe if even the largest tech companies in the world can be hit by ransomware.

Macs infected with Silver Sparrow:

A new malware operation targeting Apple Mac devices has been spotted by security researchers and has silently infected almost 30,000 systems.

Named Silver Sparrow by analysers from Red Canary, Malwarebytes and VMWare Carbon Black who also analysed the new malware. Silver Sparrow has infected 29,139 macOS systems across 153 countries as of February 17 according to the researchers. Despite the high number of infections, it’s unknown how the malware was distributed, which could have included malicious ads, pirated apps, or fake Flash updaters. The malware’s final goal is also unclear, indicating that the malware could be avoiding delivering its second-stage payload to these systems.

Combined with the large number of infected systems, this clearly suggests that the malware is a very serious threat and not just a one-off test.

Microsoft Exchange Server Exploits:

Security updates have been released by Microsoft for Exchange Server to protect their users against vulnerabilities in the on-premises versions of the software. Chinse based state-sponsored hackers ‘Hafnium’ has been flagged as the primary group behind the exploits. Exchange Online is not affected so customers using Microsoft 365 are not at risk.

The vulnerabilities affect on-premises Microsoft Exchange Server 2013, 2016 and 2019 and are aimed at making an untrusted connection onto the server for the hackers to gain access.

It starts with the hacker gaining access to a server either with stolen passwords or via the vulnerabilities. This makes the hacker appear as someone with appropriate access, which they then use to control the compromised server remotely and using the access to steal data.

The Importance of Patching:

These are just some of the attacks that have been reported on so far this year. There is a constant threat of attack on your business from cyber-criminals, and cyber-security is something that all businesses should take very seriously.

Application vulnerabilities will continue to be one of the most common external attack methods. Vendors constantly release new patches to cover up any security loopholes discovered in their systems by attackers. A lot of cyber-security breaches could be avoided by having an automated patch management solution like the one Computer Culture offers.

Customers who utilise our managed services model to look after their systems and devices, benefit from a more secure environment as we manage and reduce the risk to your business from external threats.

If you’re not currently using one of our Managed Services solutions and would like to find some further information on how it can benefit your business, get in touch with one of our friendly sales team.

Microsoft Edge Legacy Support Ending

Tue, 27 Apr 2021 21:19:26 GMT

While it may have gone unnoticed for you, Microsoft has made some big changes with their Edge Web Browser over the last year. In fact, they rebuilt it from the ground up using the same engine as Google Chrome (the open-source Chromium Project) including a shiny new icon. This rebuild has come with some major advantages, including better website compatibility between the various browsers, seamless automatic sign-in to many of Microsoft’s great online services, and syncing of favourites and bookmarks.

Microsoft has gradually been rolling the new version of the browser to pretty much every Windows 10 computer via its Windows Update process (and allowing it to be installed on demand to everything from Macs to Android devices). However, it’s now taking the final step of removing the old version of Edge from Windows 10 computers and ending legacy support. That means that it’ll no longer be a supported browser for accessing Microsoft 365 based services or receive security updates.

If you’re currently dependent on the legacy version of Microsoft Edge, then talk to us about how we can find an alternative way to keep you working. Otherwise, we recommend that you look at the new version of Edge as it’s provided an easy way to keep your work working as you move from computer to computer.

AI in Business

Wed, 17 Feb 2021 01:24:51 GMT

AI WILL AFFECT EVERY BUSINESS IN THE YEARS AHEAD, EVEN YOURS

Artificial intelligence (AI) makes it possible for machines to learn and adapt their behaviour as they gain experience.

The code that powers AI gets smarter and smarter as it’s exposed to more data and scenarios.

As computers have developed more processing power, AI has become useful in lots of different ways. We believe every business will be using some form of AI in the years ahead.

AI is reshaping what's possible in business. AI is already being applied in many different industries to carry out a range of specific tasks; with more and more use cases expected to emerge over the coming years as the technology gets more sophisticated.

AI is embraced by businesses because it can make their products and processes much smarter.

It can also save lots of time and remove the need for employees to do repetitive, manual tasks. Using AI can optimize existing business processes and result in a significant boost in how your business performs.

A key feature of many AI applications is the ability to process huge amounts of data very quickly. This can give you real-time insights into opportunities and challenges as they occur.

Plus, the information can help you plan with more clarity.

How is AI being used today?

While many types of businesses are using AI to improve a wide range of processes in a variety of different settings, banking, retail, and healthcare offer good examples of how AI can be used.

Many online retailers use AI to offer personalized shopping recommendations. These recommendation algorithms analyse data on previous clicks and purchases.

The more recommendations are tailored to your personal tastes… the more you end up buying.

With a huge number of transactions flowing through the global financial system each day, banks are increasingly relying on machine learning and AI to automatically detect fraud.

Working in real-time, AI helps banks to block dodgy transactions before they happen. This is key as stolen money can be difficult to track down and get back once it’s left the victim’s account.

Artificial intelligence is also transforming healthcare.

By giving medical professionals accurate data and insights, they can work faster while providing high-quality care to more patients. It also helps doctors make better treatment decisions and diagnose patients with increased speed and accuracy.

AI can help to encourage healthy living by coaching people on actions they can take to improve their health. For example, a smartwatch may learn an individual’s behaviour patterns. And send well-timed notifications to start exercising if it notices they’ve been sitting still for too long.

So, this is all well and good for big businesses… but how will you use AI in YOUR business?

The chances are that you’re already using some form of AI in your business. It’s increasingly built into the software that we all rely on every day.

But are you taking full advantage of what’s available? As a business, we track the latest applications that use AI to help protect us from cybercrime. And help staff collaborate and communicate better; to get their jobs done faster.

Let’s talk about the latest smart applications that can help you.

So, what can you do?

An important first step is to have an IT strategy in place that acts as a foundation for your business.

Instead of reacting to problems as they come up, an IT strategy will help you plan for future scenarios. As well as acting as a solid foundation to help your business make the best possible decisions about the future.

A good IT strategy creates a technology roadmap for getting your business up to speed and keeping it there.

So, what exactly is a cyber threat or attack?

Wed, 17 Feb 2021 01:17:17 GMT

We hear a lot of talk about cyber threats and attacks. This month we take a look at what these terms mean. A cyber attack is an assault launched by cybercriminals using one or more computers against a single, or multiple computers, or networks.

Cyber attacks come in a variety of different forms. We take a brief look at these below.

Phishing messages

Emails or text messages attempting to trick you into clicking on a malicious link or providing personal or financial information to an unauthorised source.

Malware

Malicious software that infects your computer or device. Malware types include viruses, worms, trojans, spyware, and adware. Malware is typically delivered via attachments in emails.

Ransomware

Locking or encrypting files on your device so they’re unusable and demanding a ransom payment to return them. Ransomware is typically delivered via attachments in emails.

Denial of service

Using a network of devices to send large volumes of traffic to your network with the aim of overloading it, so it gets knocked offline and becomes unavailable.

Data loss

Where information is stolen from a system or an accidental privacy breach from emailing information without due care.

In the same way as there are a variety of different cyber threats and attacks there is also several different ways of protecting your system from these attacks. Speak to a member of our sales teams about a security review and training to help identify any potential holes in your systems security. We can then work with you to create the best solution for your needs.

iOS Vulnerability

Wed, 17 Feb 2021 01:02:49 GMT

Barely a week goes by without yet another vulnerability being found in one type of device or another. This week’s ‘winner’ is Apple’s iOS family which powers iPhones, iPads, Apple TVs, and Apple Watches, with three separate vulnerabilities being found. While only limited technical details of the three are available, they are all being actively used to break into systems showing yet again the need to keep systems protected and secure against threats.

As updates have been released to ‘patch’ the issue, it’s important to review your devices to make sure they’re up to date with the latest versions (see here for more details: https://www.cert.govt.nz/it-specialists/advisories/vulnerability-in-apple-ios-reportedly-being-actively-exploited/ ).

But how should an organisation respond in general to these types of threats? The first step is acknowledging that you can’t be 100% protected, and instead that you need to have systems in place that can tolerate a certain amount of risk or failure. For instance, if a device is attacked, or a user account is breached, have you put yourself in a place where you can limit the impact and recover from an incident?

Alongside this first strategy, you also need to consider how you can limit breaches in the first place. Due to the complex nature of IT and the consistent development and release cycles that are in place it’s almost like living in a house under an acid rain cloud – while you’re always going to get holes in the roof, you still want there to be as few holes as possible. For that reason we strongly recommend a managed device approach which will allow you to keep your devices up to date, or at least know when they’re out of date.

If you’d like to know more about how you can better manage all of the devices across your organisation then get in touch as we’re always here to help.

How do you know when your IT systems are due an upgrade?

Wed, 17 Feb 2021 00:54:53 GMT

In today’s fast paced world, the technology landscape can change quicker than your IT business systems can keep up with. How do you make sure that your IT systems aren’t left behind?

In this article we cover some common issues that can crop up in a business network and some steps you can take to negate the risks.

With the managed services platform provided by Computer Culture, we ensure that your IT network is kept up to date and can provide guidance and plans on keeping your systems current. The issues outlined in this article are easily avoided by letting Computer Culture manage your systems.

Some problems are difficult to spot. They bubble under the surface without getting noticed until it is too late. Other problems hit you straight in the face, normally at the worst possible time.

When it comes to your business’s IT, you need to keep an eye out, as things can get nasty if you do not stay on top them.

Keeping your IT updated is a good start, but it isn’t enough on its own. How do you know what to look out for? Let’s look at some of the main culprits:

The slow device fleet

Slow computers are a big one, and they are quite tricky to spot because they gradually slow down over time. This means that people using them gradually adjust to degrading levels of performance without necessarily being aware that it’s happening.

The same is true for software. As staff get used to using slow and buggy tools, it gets normalised and the IT gremlins become accepted as part of their daily life.

It’s always worth fixing slow devices and processes. Speeding them up will let your staff be more productive and gives a positive boost to morale too.

Our managed services platform allows us to monitor your network for aging devices and slow processes so we can sit down with you and come up with an appropriate device replacement plan.

Out-of-warranty systems

Another thing that can be difficult to spot is when warranties run out.

On top of official warranties, IT systems also have a separate lifespan for how long vendors will continue to offer updates. Pushing this to the edge can significantly impact features, compatibility, as well as security.

Using our monitoring and reporting systems, we can provide you asset reports to advise on expiring warranty dates for devices. Coupled with the point above regarding aging devices, it can be an effective planning tool for device replacements.

Older IT that can’t be scaled so easily

If your IT systems are not scalable, there is a real risk that your business will need to start turning down work because you’re not able to handle swings in demand.

It is worth bearing in mind that there’s a far greater chance of experiencing big changes in consumer behaviour in 2021, both during and in the aftermath of this pandemic.

Also, if you are running out-of-date IT systems, you’re living with the risk that you won’t be able to quickly adopt new ways of working, as technology changes your industry.

This can be an issue with both hardware and software systems. You need to ensure you are running modern solutions to keep up with the demands of running a business in today’s fast paced environment. Are you still running a server when the cloud may provide a more flexible and scalable solution?

As part of our regular review program we can sit down with you and make sure that you’re current solution is the best option for your business.

If you are interested in learning more about our managed services offering contact one of our friendly sales team. .

2 million Phishing sites

Thu, 17 Dec 2020 01:01:14 GMT

Google has flagged 2.02 million phishing sites since the beginning of the year, averaging forty-six thousand sites per week, according to researchers at Atlas VPN. The researchers note that the number of phishing sites peaked at the start of the year, which correlates with the start of the pandemic.

“Data also reveals that in the first half of 2020, there were two huge spikes in malicious websites, reaching over 58 thousand detections per week at the peaks,” the researchers write. “The second half of the year seems more stable, which is not a positive thing, as there are around 45 thousand new copy-cat websites registered every seven days.”

Atlas VPN says the number of new phishing sites has been steadily increasing each year since 2015, but it’s now higher than it’s ever been. Google and other companies do a good job of tracking down malicious sites, but attackers can easily scale their operations and set up new sites to stay ahead of efforts to shut them down. New-school security awareness training enables your employees to spot these sites on their own.

HP Promo's. 1st November 2020 to 31st January 2021

Thu, 17 Dec 2020 00:56:36 GMT

Been holding out on buying a new device? Transform your workspace with HP's latest promo and choose a free gift to go with it - courtesy of HP!

Buy any eligible HP EliteBook, EliteDesk, EliteOne, Z2 or ZBook PC and choose a bonus gift.

You can choose one from one of the following:

• HP EliteDisplay E243 23.8” FHD Display, valued at $415.

• OMEN by HP Mindframe Prime Headset , valued at $399.

• HP E14 G4 Portable Monitor, valued at $569.

Visit hp.co.nz/promo for details.

Set Sail with HP

Win the ultimate Emirates Team New Zealand experience this summer.

Purchase any HP product across the entire range and go in the draw to win a money-can’t-buy Emirates Team New Zealand experience for you and a friend during the Prada Cup or America’s Cup. Every $100 you spend on HP products gives you one entry into the draw.*

Visit hp.co.nz/promo for details.

Avoid the overload

Thu, 17 Dec 2020 00:40:12 GMT

As we approach the holiday season, and hopefully find some time to slow down and relax, you might want to consider how you can keep your mobile devices from intruding on your sleep or other quiet times. While the easiest way is to turn them off, or leave them in another room, that’s not always possible when we need to stay in touch or be available for particular people or other notifications. But thankfully there’s been a lot of development done in recent times to help with what’s known as ‘digital wellbeing’.

To set up your phone to stay quiet while you sleep you can use the following guides:

For Android Phones:

https://blog.google/outreach-initiatives/digital-wellbeing/improve-your-sleep/

For iPhones:

https://support.apple.com/en-nz/guide/iphone/iph2d7daf6fc/ios

You can also take control of notifications for particular apps on a one-by-one basis:

Here’s how for Android Phones:

https://support.google.com/android/answer/9079661?hl=en

Here’s how for iPhones:

https://support.apple.com/en-us/HT201925

Cert NZ report shows Cyber attacks reach record high

Thu, 17 Dec 2020 00:22:52 GMT

Cert NZ is a government agency who helps New Zealand better understand and stay resilient to cyber security threats.

Their latest quarterly report shows cybersecurity incidents have reached record levels. The report covering 1st July to 30th September shows Cert NZ received more than 2600 incident reports. This was a 33 percent increase on the second quarter. Direct financial loss was reported at $6.4m

13 of the reported incidents which provided financial loss details were over $100,000. These included: unauthorised transfer of money after email accounts being compromised, new business opportunities, investment, fake lottery, romance scams and cryptocurrency.

There had been a 34% increase in malware reports over the previous quarter. A variant of malware called Emotet was responsible for much of this increase.

The director of Cert NZ also said there have been a recent spate of distributed denial of service (DDoS) attacks, ransomware and online scams. Most of the DDoS attacks overloaded websites with more traffic than they can handle. We looked at one of the high profile incidents in a previous article when the NZX was affected for six days.

All these show there is not just one cyber attack to protect your system from. Equally there is more than one solution to protect your network from attack. These solutions include but are not limited to MFA, antivirus, firewalls, keeping software updates current and staff security training. Contact our sales team if you would like someone to check that your organisation is implementing current best practices.

Source

macOS Big Sur - An Upgrade Warning

Thu, 17 Dec 2020 00:14:24 GMT

Apple has recently released the latest update to their macOS operating system called Big Sur (named after the coastal region of Big Sur in the central coast of California). It has a number of new features, mainly focused on user interface improvements, but one major change is the support for the new ARM based Apple M1 Processors. Because of this change, for the first time since the year 2000, Apple are moving away from using version 10 (OSX) and are now using version 11.

Upgrade Warning:

While Big Sur is an interesting upgrade, due to some under the hood security enhancements, many third party software vendors such as those that make anti-malware products, or CAD / authoring software have not yet caught up and their applications are either completely incompatible, or may have issues running if they still work. Due to this, if you use your Mac for work, Computer Culture recommends holding off on upgrading to Big Sur (but please don’t hold off on security updates for your current OSX) until these issues have been ironed out to avoid potential interruption to your work. One of the known issues is EDR endpoint protection software, so if you have that in place, please do not upgrade yet.

We will continue to keep you updated as the situation changes.

Predictions for the next decade of IT

Mon, 23 Nov 2020 21:15:22 GMT

We’ve seen many changes in IT over the past 10 years. There has been the move to cloud computing, hard drives with magnets and spinning disks have been replaced by SSD’s and it wasn’t long ago that the idea of all your staff attending a video call from their own homes would have felt like science fiction.

Global research firm Gartner have released their top predictions for IT organisation and users in 2021 and beyond.

Traditional computing will fail to deliver

New technologies like artificial intelligence and computer vision are going to require more processing power than current general-purpose processors can provide.

Traditional Silicon processors will become a bottleneck for these technologies and thus business growth.

New technologies like neuromorphic computing will see computers that think and act more like the human brain. These will take the place of traditional computing as the technology matures and become more affordable for businesses.

DNA data storage will be used by 30% of digital businesses

As well as processor technology changing there will be big advances in data storage. DNA storage trials are expected to increase over the coming years.

We are storing more information than ever before. The current technology has limitations on how long data can be stored and remain uncorrupted. 30 years is the limit with existing technology.

DNA will become an ideal data storage and computing platform as it is very resilient, capable of error checking and self-repair. A single gram of synthetic DNA would be able to store a years’ worth of human knowledge for thousands of years.

It is predicted that 30% of digital business will mandate DNA storage trials by 2024.

Digital twins will make AR/AV experiences ubiquitous

Covid-19 has transformed attitudes about physical versus virtual. With events being cancelled people round the world have been paying to take part in virtual bike and running races. Conferences are looking to deliver hybrid AR-integrated events in the near future.

Gartner predicts by 2025, 40% of physical experience-based businesses will improve financial results by extending into paid virtual experiences. Being able to do virtual rock climbing or rafting experience when weather conditions make the real thing unsafe will provide an additional income stream.

Farms and factories will leverage hyper-automation

In five years time the first human to touch more than 20% of products produced in the world will be the end customer.

Technology is being used to automate an increased number of human tasks. This automation will increase in both manufactured and agricultural produce.

This hyper-automation should be viewed as a way to change how a business operates rather than just improving standalone tasks.

Recording work conversations to drive change

Smart speakers, virtual meetings and messaging platforms are just a few of the technologies capable of actively recording conversations. As this technology becomes more mainstream organisations will have to think about how they collect and analyse the data. They will have to find ways of using the data to improve both the employee and customer experience.

One important thing to consider with this type of technology is how to respect people's privacy by complying with privacy act.

Source

Multi-Factor Authentication

Mon, 23 Nov 2020 20:43:21 GMT

If you’ve already taken the great step of setting up Multi-Factor Authentication (MFA) for your Microsoft 365 account you may be able to make the authorisation process easier for yourself.

While the traditional setup worked by having a code sent to your phone which you then typed in, there are now options for “push” notifications where you can simply choose “approve” on your phone which then confirms the login for you.

You can read more about how to get this set up here: Set up MFA

There’s also a video available here if that’s more your style: MFA video

Or just give us a call – we’re always here to help.

If you haven’t yet had MFA set up to protect your account, then please let us know as we strongly recommend it to safeguard your account against malicious accounts.

What is the cloud and how do we protect it?

Mon, 23 Nov 2020 20:21:05 GMT

Security note about protecting your cloud data – not just a backup solution

You may have come across people talking about ‘cloud’ storage and software that runs in ‘the cloud’.

But what exactly is ‘the cloud’, and why should you care about it?

A place for networking

The cloud is a bunch of servers that are connected to each other over the internet.

Tech firms like Google, Microsoft, Apple, Facebook, and Amazon run huge networks of servers that let their customers (us) log in using different devices.

Can you imagine a situation where all your photos from the last 10 years were only held on your phone, and not stored safely elsewhere? How many memories would you lose if your phone went missing?

The high freedom, convenience, and security offered by the cloud has seen a huge shift to cloud computing over the last few years.

It’s powerful stuff

Cloud infrastructure allows you to run apps and access data across multiple devices without needing to have everything installed on your devices.

This opens opportunities for businesses to offload computing and storage resources to cloud service providers, gaining the flexibility to easily boost or reduce resources as their needs change.

A real perk of running software in the cloud is that it means highly sophisticated applications can run from your computer or phone, with the cloud doing all the heavy lifting.

The cloud is also a collaborative place to be. Tools like Microsoft 365 Teams and SharePoint make it super easy to share documents and work as a team. You can even work together in real-time and give each other instant feedback as you go.

Not a backup solution

One important note to remember about any mainstream cloud application such as OneDrive, Google Drive or Dropbox, is that they are actually syncing applications – not a backup solution. In other words, they are designed to sync your files between multiple locations such as your phone or desktop computer and the online version of your files.

While this enables easy access to your data from multiple locations, it also means that your data is still susceptible to being infected or crypto locked like any other data. For example, if your computer gets infected by ransomware and encrypted while you have the OneDrive app installed this will give the ransomware access to sync up to the cloud and encrypt your online files there too.

The golden rule for backups still applies to any data you have in a cloud storage application - at least three copies. That means your data should be backed up and saved in three different places and not just stored only in the cloud.

When embracing the cloud, it’s best to have an experienced hand guide you to the right solutions. Computer Culture can help you to make sense of it all.

Working with the right IT support partner early will help make sure that you head in the right direction. And make the most of the opportunities that cloud computing offers.

Give our friendly sales team a call if you would like some further information.

Wearable accessible technology helps blind runner compete in marathons

Wed, 28 Oct 2020 02:15:13 GMT

One of our Staff members is getting very excited about the technology being developed in this article. When he’s not at work Noel is running hundreds of kilometers a year as a guide for a blind athlete from the local Achilles running club.

New technology being developed and tested by a blind runner in the UK has allowed Simon Wheatcroft to start running by himself. He wears a Wayband on his wrist which uses super-precise GPS and directs the wearer using small vibrations. It is so accurate that it allowed Simon to line up with 50,000 other runners at the New York marathon, without a guide.

The Wayband has set routes programmed and creates a virtual corridor. If the user steps outside of this space, the Wayband vibrates to let them know they’re off-track. It will also use vibrations to let the user know if there is turn coming up.

At present it does not detect any obstacles on the course but Wayband are working on this technology now which will offer even more freedom to blind and visually impaired athletes.

Source

Ransomware

Wed, 28 Oct 2020 01:59:38 GMT

We often talk about ransomware, but what is it? How does it spread?

In this article we cover off some basic facts about Ransomware and go over some recent well-known widespread attacks.

What is Ransomware?

Ransomware is a malicious piece of software that infects your computer, encrypts all your data, and then displays messages demanding a fee to be paid in order for you to access it again.

This type of malware is a moneymaking scheme used by cyber-criminals that can be installed through deceptive links in an email message, instant messaging, URL’s, or clickable links on websites.

Ransomware is just one of the malware types attributed to the multi-billion-dollar cybercrime industry that now dwarfs the profits from the illegal drug trade.

How does ransomware spread?

There are several ways that ransomware can get into computers.

Email is one of the most common ways in. Hackers will send bad files that can trigger a ransomware infection when opened and quickly spread across your network.

Another favorite way to spread ransomware is to send bad URL links that download ransomware when they are clicked. This ‘drive-by downloading’ can happen without anybody noticing that anything has happened until it is too late.

These bad files and links are not always easy to spot. Cybercriminals are getting increasingly sophisticated in the ways they try to persuade people to do what they want them to do.

A growing trend is for cybercriminals to pose as trusted people, like a client, a colleague, or a friend, and ask you to do something urgently before you have the time to think things through.

This is not a modern crime. Ransomware’s been around for years.

Ransomware dates to the late 1980s when payment was often sent by cheque through the mail!

Now, modern hackers normally demand payment in cryptocurrencies that make them much more difficult to track.

Two infamous ransomware attacks

WannaCry

The WannaCry ransomware attack took over the news when it spread widely in 2017.

More than 200,000 computers in over 100 countries were left useless. The ransomware exposed weaknesses in critical IT systems, like those in hospitals and factories.

One of the worst-hit victims was the National Health Service (NHS) in the UK. Operating theatre equipment, MRI scanners, and other computers essential for hospitals were left useless and patients suffered.

NotPetya

NotPetya is less well-known than WannaCry but the financial costs are estimated to have been far higher.

Mainly spread among businesses due to the early infection of a major financial software vendor, the cost of this ransomware is estimated to have been around $10 billion.

This attack impacted computers around the world. But around 80% of the cases are estimated to have been in Ukraine.

Microsoft 365 Outage

Wed, 28 Oct 2020 01:54:07 GMT

If you are a Microsoft 365 user, you may have experienced issues during September which prevented you from logging on. We’ll have a look at what went wrong and most importantly what Microsoft have implemented to stop these issues in the future.

On 28th September customers started reporting that they couldn’t sign into their Microsoft applications.

Microsoft had an update to deploy but a latent code defect resulted in an update by passing Microsoft’s normal validation process. Normally Microsoft applies these changes across a validation ring which doesn’t include any customer data. The code defect meant the validation ring did not get tested before deployment to the rings with customer data. This resulted in users not being able to sign into applications which used Azure Active Directory (including office 365 and Microsoft cloud services).

This was then compounded as Microsoft’s automated rollback failed due to corruption of SDP metadata. They had to manually update the service configuration.

Microsoft have reported that they’ve fixed the latent code defect, fixed the rollback system and expanded both the scope and frequency of rollback operation drills. They are also working to apply more protections to the Azure Active Directory system.

Source

Security Watch / Ask Yourself

Wed, 23 Sep 2020 21:40:12 GMT

Data is the lifeblood of any organisation. If you are serious about security, you can't afford to protect your business files and emails with just a password.

Passwords are the most common method of authenticating a sign-in to a computer or online service, but they are also the most vulnerable. People can choose easy passwords and / or use the same passwords for multiple sign-ins to different computers and services.

Multi-Factor Authentication (MFA) can be used to provide an additional level of security for sign-ins. It works by requiring two or more of the following authentication methods:

Something you know (typically a password)
Something you have (a trusted device that is not easily duplicated, such as a smart phone)
Something you are (unique to you, such as such as fingerprints, face, or another biometric attribute)

With Multi-Factor Authentication, even if a strong user password is compromised, it is useless if the attacker does not have the secondary authentication method to complete the sign-in.

MFA helps safeguard access to data and applications while maintaining simplicity for users.

Typically, this is set up for each user via the Microsoft Authenticator smart phone app, or a text message sent to a phone that requires the user to type a verification code.

Since most users are accustomed to only using passwords to authenticate, it is important that your business communicates to all users regarding this process. Awareness can reduce the likelihood that users call us for minor issues related to MFA.

Computer Culture can assist with this process. Contact one of our friendly sales team for more info.

Privacy Act 2020

Wed, 23 Sep 2020 21:23:08 GMT

Privacy Act 2020

On 1st December 2020 a new Privacy Act will take effect. The current act is from 1993 and was written back when the World Wide Web was still in its infancy. As our businesses and data have become digital the new act looks to reflect this.

One of the changes to the law is mandatory breach reporting. Both the privacy commissioner and the impacted individuals must be notified in the event of serious privacy breach where there is a risk of harm. Leaked personal information published online or identity theft would class as a risk of harm. The penalties in the new act can be $10,000 and individuals affected may appeal to the Human Rights Review Tribunal. The tribunal can award up to $350,000 to each affected person.

To help your business to start planning for the changes there are five questions you should be asking.

Are you aware of the information you store on customers?

This is a good place to start when trying to figure out what information your business collects. Remember, it’s not just customer data, you must protect employee data also.

If you have information which isn’t relevant (maybe date of birth or phone number) then don’t ask for it. If you don’t have this information, it can’t be used in the event of a breach or leak.

Where is your information stored?

Do your different teams store information in different applications and locations? If you know where the data is stored it is easier to protect it using passwords and multi-factor authentication. It is also useful to delete any personal data if it’s no longer needed.

If your data is stored with a third party, it is important to ask for evidence of regular penetration testing or a security audit report. If these can’t be provided an independent security check would be helpful.

Who has access to the data?

A quick google will find multiple articles related to internal data breaches. Only give data permissions to relevant people within your organisation. The information the payroll team requires access to may be different to what an engineer requires.

Who in your organisation is responsible for privacy and are they equipped to manage the new act?

It is important to have a central person who is trained on the new laws. This person can develop policies and processes which are relevant to your organisation.

Source

The biggest crime risk to your business

Wed, 19 Aug 2020 02:32:02 GMT

If someone asked you to take a wild guess at the world’s biggest crime, what do you think? Burglary maybe? Common assault? Or perhaps you might take a more humorous approach and suggest man buns or KFC smelling crocs (yes that is a real thing, Google it)?

Well, you might be surprised (and a little concerned) to find out that the most commonly reported crime right now is actually online fraud, AKA cybercrime.

With one in ten people now falling prey to internet fraudsters and over 5 million cases (in the US) reported every year, cyber criminals are very real predators that can have a devastating effect on lives and businesses. And these figures are just the tip of the iceberg. Many more cybercrimes are believed to go unreported because victims feel too embarrassed to let on that they have been duped by a stranger sitting behind a keyboard.

The digital age comes with lots of well documented pros and cons. We can now work from anywhere in the world and stay constantly connected, but that has a knock-on effect on our personal lives, and stress levels.

Cybercrime costs billions of dollars every year. That is an obscene amount of money by anyone’s standards. And the really scary thing is that the ever- increasing industry called data theft is now relatively easy for anyone to get involved in.

Gone are the days of 1980s sci fi movies, where computer hackers were dark, mysterious, and possessed savant-like levels of intelligence. Today anyone with the inclination and $50 to spend can pick up a powerful piece of software that will enable them to hack into your computer systems and wreak havoc.

Funnily enough - the best way to be 100% sure a hacker cannot break into your business is to not use computers, and we all know that is not possible. The second-best way is to make sure you have Next-Generation Cybersecurity Protection & Tools in place. Call us today on 03 377 4662 or send us an email on sales@computerculture.co.nz if you want a no judgement chat about your Cybersecurity coverage.

Microsoft Edge

Wed, 19 Aug 2020 02:21:36 GMT

You may or may not be aware that Microsoft has made some big changes with their Edge Web Browser. In fact, they rebuilt it from the ground up, so it is now built on the same engine as Google’s Chrome (the open source Chromium Project).

What does this mean for you? Well the first major advantage is that Edge now has the same compatibility as Google Chrome, so websites should look identical between the two browsers, and all the things you like about Chrome (for example extensions), are now also available in Edge.

As many of you have Microsoft work accounts, for example because you have Office 365, you can now get seamless automatic sign-in to many of Microsoft’s great online services, plus you can also sync all your favourites, settings and extensions across all devices with the one account (no need to manage both Microsoft and Google accounts).

Behind the scenes, Microsoft and Google engineers are now working together to make all Chromium based browsers better, and Microsoft is contributing their Windows expertise to provide the best experience on Windows for these browsers, such as smoother scrolling, better battery life and security etc.

Unlike the classic version of Edge, the new Chromium based version is not just available on Windows 10, it is also available on MacOS, iOS, Android and older versions of Windows too. By signing in with your work account, you can get a very similar browsing experience across all your devices.

So, when will the new browser arrive?

It is currently being deployed via Windows update so you may have already received it, but if you want to get it now, or you are on a non-Windows device, you can simply go to https://microsoft.com/edge to download it. It will also come bundled with the next major update to Windows 10 expected in the second half of 2020.

Twitter Hack exposes the biggest cybersecurity weakness

Wed, 19 Aug 2020 02:01:23 GMT

Just last month the twitter accounts of some of the world’s most famous individuals and organisations started sending out tweets asking people to send bitcoin to an account. In what looked like an act of extreme generosity the accounts said they would then send back double what had been given. They were only going to do this for 30 minutes.

Any unsolicited request to transfer Bitcoin should always raise warning flags, but this was coming from the likes of philanthropists Mike Bloomberg and Bill Gates, who are well known for their generosity. Barak Obama, Kayne West, Uber, and Apple were also included in the compromised accounts.

Twitter have not yet released full details of how the accounts were hacked but it was not some of the sources we normally would assume. It was not weak passwords or lax security from the people who saw their accounts hijacked.

Twitter explained “We detected what we believe to be a coordinated social-engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” and they confirmed that 130 accounts had been exploited.

Twitter added “The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.”

It is still unclear if this means a phishing attack was used to trick a Twitter employee into giving out the account information or if it was an inside job with bribes being made to Twitter employees.

Either way the path was by exploiting human weakness. It shows that companies need to have both security measures in place, along with regular IT security training for staff. This will help staff members to know what to look out for if they receive a potentially compromised email or phone call.

And finally, no matter what platform it comes from, Twitter, Facebook, LinkedIn, or Email, if you see someone asking you to send Bitcoin, block them and report it. It is not worth the risk and is probably a scam.

Source

Have You Heard?

Wed, 22 Jul 2020 23:47:12 GMT

‘Shark’ Gets Hooked for USD$380,000 in Email Phishing Scam

“Shark Tank” star Barbara Corcoran is out of pocket for a sum of nearly USD$400,000 after she was successfully attacked by email scammers back in February.

For those not familiar, “Shark Tank” is the American version of the popular British show “Dragons’ Den”. The premise of the show offers entrepreneurs the chance to present their business ideas to a panel of five wealthy investors - “Dragons” or “Sharks” - for financial investment in return for a share of their business.

The scam started when an email chain was forwarded on to Barbara’s bookkeeper that appeared to be sent from Barbara’s executive assistant. The email informed Christine that she had the approval to pay a German company USD$388,700.11.

Problem was - the email was not from Barbara’s assistant.

The scammers had modified the assistant’s email address slightly by removing one letter, so they were actually the one’s communicating with Christine the bookkeeper. To her credit, Christine asked the right questions – such as what the money was for – and got a response saying the German company was designing apartment units that Barbara had invested in.

This is a great example of the cover story’s scammers come up with. They had clearly done their homework and found out that Barbara does invest in real estate, and the company they were impersonating does exist in Germany. Plus, it looks more legitimate with the email apparently coming from Barbara’s assistant.

Long story short the bookkeeper sends the payment to the account listed in the original message and then emails Barbara’s assistant – at her real email address – to advise it was completed. At which point the assistant has discovered the scam by realising her email address was altered on the previous email chain.

Unfortunately, the money was well and truly gone with the original scam emails being traced back to a Chinese IP address.

This story just goes to illustrate that even ‘Sharks’ can easily fall victim to scammers, and your business is just as easily at risk.

Computer Culture can help with mitigating the risks and fallout from such an event happening. Contact our friendly sales team today to find out more.

IKEA’s AR experiments

Wed, 22 Jul 2020 23:23:29 GMT

Augmented Reality (AR) is one of the technologies we are going to see a lot of in the not too distant future. Some of the worlds biggest companies are investing lots of research time and dollars into AR.

AR works by creating computer generated perceptual information that interacts with real world environments.

IKEA, the world’s biggest furniture company is experimenting with the technology through it’s research company, Space 10. They are creating a series of AR experiments to see how it could help people see the space in their homes in a new way. It is being combined with other new technologies like virtual reality and artificial intelligence to create clever, sustainable ways to live in the future.

One of the applications they are working on lets you see what a worn or damaged piece of furniture would look like if upcycled. It could point the end users to tutorials on how to repair the item and send you to a page to order any parts required.

Their experimenting with technology which lets users see what rooms would be like at different times of day with a new lamp. You could experiment with a range of lamps to see which one gives you the desired lighting effect.

They are also looking at more out of the box uses for the technology. One of the prototypes measure spaces in homes using inflatable elephants. This forces you to think about the space available in your home.

As they are still in the prototype phase, we may end up seeing some changes in these ideas before they come to market. As Ikea can see companies like Apple working on AR Smart glasses, they believe AR is going to play an increasing role in our future.

Source

FindTime

Wed, 22 Jul 2020 23:13:04 GMT

This month we are going to look at an underutilised add in called FindTime which was created for Outlook. FindTime was designed to help with arranging meetings and finding a time that works for all parties.

If we are arranging a meeting within our own organisation, we can see other people’s calendars which helps to find a time when everyone is free. But if we are wanting to invite people from outside our company, we need phone calls and emails to try to find a suitable time in peoples busy schedules.

With FindTime, the meeting organiser can suggest several times. FindTime then sends an email to all attendees and lets them vote on their preferred time. The attendees will see the voting results so far which helps them make the best choice.

Once there is a consensus, FindTime will send out the meeting invite on your behalf.

The short video below shows how FindTime works.

FindTime

Windows 10 Dynamic Lock – Security AND Convenience

Wed, 22 Jul 2020 22:03:21 GMT

Windows 10 Dynamic Lock – Security AND Convenience

Physical device security can be just as important as other security measures we often think about such as Antivirus, firewalls and multi-factor authentication. Leaving a computer unlocked can open you up a multitude of issues, such as a stolen device exposing company IP, a rogue employee accessing information they shouldn’t, or even colleagues playing pranks on you!

We brought you a tip in one of our recent newsletters about how to conveniently use Windows + L keys to lock your computer when you need to walk away from it, but Windows 10 has a feature called Dynamic Lock which makes it even more convenient. Simply walk away from your computer and it will automatically lock!

For Dynamic Lock to work, you pair your computer with a Bluetooth device such as your phone, and if the computer detects that the signal to the phone gets weaker, i.e. you’re walking away from your desk, it will automatically lock the device if it has been idle for 30 seconds. Great if you take device security seriously but sometimes forget to lock it when it's not in use.

Check here for the simple setup instructions on how to get it work for you.

Automatic Login

Check here for the simple setup instructions on how to get it work for you.

Automatic Login

For the ultimate in device security AND convenience, combine Dynamic Lock with Windows Hello for fast sign-in once you’re back at your desk. If you have a Windows Hello camera in your device (most new high-end laptops have them built in), once you sit down at your desk, your computer will automatically log you back in. Or if you don’t have a camera, make sure you set up fingerprint as another convenient method to log back in.

Click here to learn how to set up Windows Hello.

Why didn’t Covid-19 break the internet?

Wed, 17 Jun 2020 20:56:28 GMT

Over the past few months, the internet has seen a huge surge in traffic during the global coronavirus pandemic. People working from home with video conferencing tools like MS Teams, and a large increase in streaming provider subscriptions to companies like Netflix increased internet load. In this article we look at the reasons why the internet has continued to work so well during this time.

The short answer is that internet backbone infrastructure was designed to survive such an emergency. Providers began developing pandemic plans more than a decade ago as they knew part of the response would rely on their infrastructure. This planning has led to more fibre being laid than is normally needed and fast routers capable of delivering 100Gbps trunk speeds.

ISPs have been creating an internet backbone which is designed to withstand loads more than the norm. The principle of overbuilding capacity was one of the main reasons the internet performed so well. One of the biggest providers in the world is CenturyLink and their Chief Technology Officer Andrew Dugan has indicated three factors which helped the internet support increased volume.

• Networks are built with redundancy to handle fibre cuts and equipment failures. This means creating capacity headroom to support sudden disasters

• Network monitoring helps operators anticipate where congestion is occurring, allowing them to move traffic to less congested paths

• ISPs have been building out networks for years to account for increasing demand, and planning specifications help prevent networks from reaching capacity

Most of the cost in deploying cables for fibre is the labour to dig the trenches. Because of this cost most ISPs install more fibre strands than they currently have need of. Optical switches can be used to light up the additional cables if required.

Both AI and automation have helped the internet perform so well. AI is used to help identify issues with equipment before it becomes a problem. This AI and automation also help providers quickly respond to changing traffic patterns.

As we move forward, we will continue to see investment in internet backbone infrastructure. This investment should help the internet stay ahead of any future demands put on it.

Source

OneDrive Version history now available in Windows File Explorer and Mac Finder

Wed, 17 Jun 2020 04:44:20 GMT

OneDrive is a very powerful tool developed by Microsoft that enables you to access and sync all your files across multiple devices. The IT landscape is a constantly changing environment, and Microsoft has a process of continual improvement to ensure their products are always releasing new features to improve the user experience.

One of these recently updated features is version history. With this feature you can see and restore older versions of all your files in OneDrive. This works with all file types, including photos and videos.

This feature was available previously but only on the OneDrive web experience. As part of their improvement process Microsoft has now made version history available on the desktop app. This means you can now view and restore previous version of your files directly on to your computer via Windows File Explorer or Mac Finder.

To do this is a pretty simple process, just right click a file and select “View version history”. This option will allow you to see and access all the older versions of that file. You can restore the version from here also.

This feature is now rolling out to all OneDrive for Business users around the world.

Source

How to reposition multiple monitors

Wed, 17 Jun 2020 04:21:07 GMT

Have you recently purchased a second monitor for your computer, but not sure how to set it up so your mouse goes across the middle of the screen? There is a quick and easy fix for that using the method below.

In Windows 10 it is easy to manage and configure multiple monitors. By rearranging their placement on screen, you can relocate monitors to the correct location. If you have monitors with different resolutions you can position these based on your personal preference, affecting how you move between the displays with your cursor. The flexibility of this feature makes any monitor positioning possible.

Step 1

Right click on your desktop and choose “Display settings”

Step 2

Select the monitor you want to reposition and move it within the grey area to the location that you prefer.

The simulated layout in this menu should reflect the location of your monitors on your desk. If you are unsure which number correlates to the monitor you are trying to rearrange, you can use the “Identify” option.

Step 3

After positioning your monitors click on “Apply”. The main display in our image is the red number 2 monitor. This primary display has the notification bar in the lower right corner of the screen.

To change your primary display, simply click on the monitor you want and tick the checkbox “Make this my main display” under the “Multiple displays” section.

Source

Kim Jong-un 'unleashes global wave of cybercrime' in bid to stop coronavirus meltdown

Wed, 17 Jun 2020 03:55:21 GMT

Here at Computer Culture we are constantly talking about the ever-changing threat landscape, , and we do this for a good reason.

Many hacker organisations – and they truly are corporate structured organisations – are state sponsored. Most of them – especially North Korea – do this to combat the effect of crippling economic sanctions from the international community. North Korea’s hacking organisation is called Lazarus, and they are notorious for their efficient and ruthless use of Phishing and APT (Advanced Persistent Threat) attacks.

Phishing is the art of sending fraudulent emails, simulating real companies, in order to get people to reveal personal credentials, such as passwords and credit card numbers.

Approximately 90% of cyber breaches are due to human error, so it is critical that the people element of your organisation is trained in being vigilant in the face of these constant threats.

At Computer Culture we are happy to provide some advice around business and online security. Please contact us and we can discuss options.

Source

Windows 10 Version 2004 Update

Wed, 17 Jun 2020 03:44:01 GMT

It is time for another Windows 10 version upgrade! For those not aware, Microsoft releases a major upgrade to Windows 10 roughly every 6 months. These releases require an upgrade to the Windows Operating System, which are different to the regular patches Microsoft release each month (security updates for example), and bumps the version number up each time (a bit like how Apple release updates to MacOS, e.g. 10.14 Mojave, 10.15 Catalina etc.)

Recent Windows 10 Releases have been:

· Windows 10 1809

· Windows 10 1903

· Windows 10 1909

And now Microsoft is rolling out

· Windows 10 2004

The numbers following Windows 10 indicate roughly the Year and Month of release, for example Windows 10 1909 is the September 2019 release. Microsoft chose to name the most recent release 2004 instead of 2003, to avoid confusion with previous Windows versions that also had 2003 in the name. So this update’s name is because it was released in April 2020.

Some highlights for Windows 10 2004 include

· Improvements to Search throughout the Operating System

· Many user interface refinements, including notifications

· Improved Bluetooth Pairing Experience

· Windows Subsystem for Linux 2 (for the developers out there)

· Native Support for Network Cameras

· Lots of others - see here for a great guide of what is new: https://mspoweruser.com/windows-10-version-2004-update-here-is-whats-new/

When will we get Windows 10 Version 2004?

Microsoft have recently made it available to most Windows 10 devices and you can get it now by checking for updates in the Settings app. Some devices however may be blocked from upgrading as they have incompatible hardware or software, but sit tight, once further updates are released (for example drivers from the manufacturers), the Windows Upgrade will be released.

For our Managed Patch customers, we carefully monitor the rollout of Windows 10 Upgrades in the field and look for compatibility issues or problems with the update. When we are happy that it is stable and reliable, we will release it to be installed as per the regular maintenance windows on your devices. Microsoft supports the latest three Windows 10 releases with security updates, so we always ensure our managed customers are running a supported version, while making sure disruptions to your business are minimised.

That Very Good Robotic Dog Is Now Helping Hospitals Fight the Coronavirus

Mon, 18 May 2020 00:03:54 GMT

You may have seen some viral videos of Spot the robot dog from Boston Dynamics. Over the past year there have been many videos of Spot doing things from towing a truck to dancing.

During the COVID crisis Spot has started helping in the fight against the disease. Healthcare workers in the U.S. treating patients have contracted the disease themselves. To limit patient contact Boston-area hospitals contacted Boston Dynamics about using their robot.

Spot has been working for over two weeks in telemedicine support. It’s been helping in settings like triage tents and parking lots.

Some of these initial contacts were taking up to 5 medical staff members, who are in high risk of contracting the virus. Spot has been fitted with an iPad and two-way radio which allows healthcare workers to video conference with the patients. This has reduced the contact with patients, which results in less infected healthcare workers and less PPE being required.

Boston Dynamics hopes to make the robot even more useful in the near future. They are working on ways for Spot to measure vital signs like body temperature, respiratory rate, and pulse. Once that has been developed, they plan to use UV-C light to sanitise surfaces inside hospitals.

Source

Managed Services Patching for Zoom

Sun, 17 May 2020 23:51:48 GMT

We have all become familiar with using Zoom during the recent lockdown. Catching up with family, friends and colleagues. You may also have noticed some stories in the media about updates for Zoom. Usually these are just adding features to make it work better, but there have been some big updates recently that fixed some of the security issues Zoom had been experiencing.

This is where Computer Culture's Attiva Proactive Patching is vitally important. When Zoom release an update our Patch Management system picks that up and then pushes the update out to our Proactive Workstation (and Server!) customers and installs the update for them. This all happens behind the scenes without them having to do anything.

It's not only Zoom updates this works for. As well as many others, our automatic patching performs updates for products from Microsoft, Adobe and Google just to name a few.

If you would like to hear more about our managed services so you don’t have to worry about updates please contact a member of our sales team.

How to Schedule a Meeting in Teams with a user outside of your organisation

Fri, 15 May 2020 05:01:04 GMT

With the recent lockdown many of us have been using teams for meetings. We have put together the below showing how to invite a user outside of your organisation to a Teams meeting.

From Outlook switch to Calendar view. Then click on the New Teams Meeting button.

From here use the Required or Optional field to add your invitees. You can invite entire contact groups. Add a meeting subject, location, start time and end time before clicking Send .

When the meeting starts the meeting organiser joins the meeting, and then waits for the other users to join. Once the meeting has been started, the external user can then Join Teams meeting from their device.

The user will be presented with a couple of ways to join the meeting. If they have Teams installed on their device, they can select Open Microsoft Teams . If not, they should choose Continue on this browser instead .

The external user should Enter name that they’ll be identified as in the meeting and then click Join now .

The organiser will then admit the external attendee into the meeting.

Corona Virus Email

Fri, 15 May 2020 03:01:08 GMT

As Covid-19 continues to spread around the world so does the rise of malicious emails trying to take advantage of peoples fears.

A recent Cyber Heist News article tells of a new Coronavirus-themed phishing email. The email warns the recipient that they have become exposed to Covid-19 through personal contact with a colleague, friend or family member. They are advised to download the attached document and go directly to a hospital.

The email looks like it came from a local health board and has an attached Excel file. The attached form is actually a malicious, macro-laden Office document.

This is an important reminder that during these trying times the bad guys are still trying to take advantage of every situation. We all need to look at what is required for the new normal of people working both in the office and remotely.

Computer Culture has developed a comprehensive security framework to assist businesses to stay safe during this work from home era, but also in normal day to day operations as well.

These include measures such as

Secure Gateways / Firewall, including remote access
User device protection including antivirus and device compliance
Email, Data and Cloud App security, including Multifactor Authentication
Comprehensive patching to ensure all devices are kept up to date
Complete backup and disaster recovery solutions
Personnel management including staff training
Advice on Cyber Insurance

We are passionate about keeping our customers safe while still being productive, so please speak to one of our team if you would like assistance with any of the above, or if you have any questions at all around security.

Source

Azure data centre in NZ

Fri, 15 May 2020 01:50:48 GMT

Microsoft have released some huge news with the announcement of their first data center region in New Zealand. It shows Microsoft's continued commitment to NZ and will ultimately result in better performance for Microsoft 365 and Azure products. For Disaster Recovery scenarios it makes NZ much more standalone and not dependent on internet connections that cross the ditch.

Three new data centre builds are planned across the Auckland region. The cloud services being deployed here will be Azure, Microsoft 365 and Dynamics. Currently there are no confirmed timelines but it is understood the intent for commencement is around 24/36 months.

Source

Seeing the status of all your team members in Microsoft Teams

Thu, 16 Apr 2020 21:56:02 GMT

A good practice is to always update your "Status" in Teams so others can see you availability.

When you have a larger number of staff using Teams it is sometimes a bit frustrating trying to work out who is available to chat or call. This has become more pronounced with everyone working remotely.

A simple solution is to create "Groups" under "Calls".

For example you may have Groups named Management, Administration, Sales, Engineering, Production, etc.

If you populate each Group with the appropriate team members you will then have a visual overview of all the team showing their status.

Stock Availability

Thu, 16 Apr 2020 21:47:35 GMT

As with most things in life stock availability has been disrupted by the Covid-19 outbreak. Purchasing priorities have changed since we moved to a work from home environment. Orders for webcams have increased to a point that not only has stock sold out, but our suppliers cannot give reliable ETA’s for replacement stock.

Other items with either limited or no stock include docking stations and good quality headsets.

Desktop PC’s were in very short supply when China first went into their lockdown. This has since changed and our suppliers are showing good stock levels for desktop computers.

Laptops have become very popular while people have been working from home which has contributed to the shortage in some models. Although there are still limited models available, customers may have to look at a different model from the one they have purchased in the past.

To help, our suppliers have changed to airfreighting goods from China during the past few weeks. This means that new stock is arriving daily and your preferred laptop may become available sooner rather than later.

If you do require a specific model we advise ordering stock as soon as it is available. We have found it is important to order equipment before it arrives in the country. Once fresh stock arrives in New Zealand for the most popular laptops, it is usually sold out before the end of the day.

Chat with our friendly sales team if you'd like to discuss some device options.

Home Network Risk

Thu, 16 Apr 2020 21:37:53 GMT

Many people are working remotely during these unprecedented times. Moving from Level 3 to Level 4 of the COVID-19 Lockdown occurred very quickly and as a result many will be working within a less secure home network.

We are concerned with unmanaged company workstations accessing data remotely and in particular the instances where home computers are now being used for this function

We strongly recommend that an assessment is carried out to determine the risk of each computer being used for business on a home network.

This assessment is to determine how safe the remote workers home environment is. We will identify the risks and potential solutions to mitigate the risks.

This will enable you to make prioritised decisions on any remediation required to ensure your data is protected as best as possible so remote workers can continue to operate as productively and as safely as possible.

If you wish to learn more about this please call us on 03 377 4663 or email support@computerculture.co.nz.

Windows 10 Upgrade Notification

Thu, 16 Apr 2020 04:57:11 GMT

We are fast approaching the end of support for Windows 10 version 1809 (released November 13, 2018). What this means is that after this date, that particular version of Windows 10 will no longer receive security updates. Its free to update to a newer build to continue receiving updates, so over the next few weeks, for those of you who subscribe to our managed services, we will be auditing all devices still on this version and pushing out an upgrade to them to ensure they stay up to date. As a managed services customer, there is no need for you to take any action as we will look after the process for you.

The current version of Windows 10 is 1909 , which is the build you will receive if your computer requires an update. This upgrade requires a reboot, so we will be pushing it out to run overnight. If for any reason you do not want these upgrades pushed out automatically, or if you have any questions about this process, please get in touch.

If you are curious about which version you are on, type “winver” without quotes in to the start menu / search box and press enter and you will be presented with a popup showing which version you are on.

Microsoft Office 365 Changes

Thu, 16 Apr 2020 04:43:17 GMT

At the end of last month, Microsoft announced that it would be changing the names of its Office 365 subscriptions for small and medium-sized businesses, as well as Office 365 ProPlus. From the 21st April 2020 all of these products will use the Microsoft 365 brand. It is important to note that there are no price, feature, or business model changes to commercial subscriptions.

Office 365 Business Essentials will become Microsoft 365 Business Basic

Office 365 Business Premium will become Microsoft 365 Business Standard

Microsoft 365 Business will become Microsoft 365 Business Premium

Office 365 Business and Office 365 ProPlus will both become Microsoft 365 Apps

The name changes for these products will all happen automatically.

Microsoft stated that they're simply announcing name changes at this stage. But these represent their ambition to continue to drive innovation in Microsoft 365, that goes well beyond what customers traditionally think of as Office. The Office you know and love will still be there, but they're excited about the new apps and services they've added to their subscriptions over the last few years and about the new innovations they'll be adding in the coming months.

Microsoft answered the question of why they've made these changes:

Firstly they want their products to reflect the range of features and benefits in the subscription. Microsoft 365 is a set of integrated apps and services designed to put AI and other cutting-edge innovations to work for you. For small and medium-sized businesses, this includes new capabilities in Microsoft Teams to help you host rich meetings and events online; cloud file storage and sharing capabilities so you can collaborate from anywhere; and security and identity solutions to safeguard your businesses.

Secondly, they're always looking for ways to simplify. This new naming approach is designed to help you quickly understand the plan you need and get back to your business.

For any help with your Office or Microsoft 365 subscriptions, or if you have any questions on these changes, please get in touch with the Computer Culture sales team.

Source

Coronavirus Precautions

Wed, 19 Feb 2020 02:36:43 GMT

As you’ll be aware, the Coronavirus outbreak is having global ramifications on many industries over and above the personal ramifications many are experiencing.  The quarantine zones established to control the spread of the virus are having a substantial impact on both the manufacturing, and shipping of products from Asia.  We have increased our stock levels to minimise the impact during this period but please be aware there may be a longer than usual ETA for some hardware orders.

We foresee laptop and desktop availability being impacted most by this issue, as we are still dealing with the ongoing Intel chipset shortage. We are already seeing very low numbers of available PC's in the country through all distributors, please keep this in mind when you're planning your device upgrades.

Zero Day Security Warnings

Wed, 19 Feb 2020 02:33:41 GMT

In an article last month, Forbes reported that Microsoft had confirmed a remote code execution vulnerability had been found in the scripting engine of the Internet Explorer web browser. Microsoft warned that a successful attack would give the attacker the same access rights as the current user. If the current user had administration rights, the attacker could then take control of an affected system.

Microsoft have released a patch to fix the vulnerability since this article was released. Therefore, it’s critically important to have your workstations patched and up to date which is one of the exact aspects our Managed Workstation plan provides for. Managed Workstation ensures you have the most recent security updates and critical updates installed on your devices.

Please contact our sales team to discuss adding Managed Workstation to your security plan.

Source

Ransomware

Wed, 19 Feb 2020 02:26:00 GMT

We’ve all seen the glowing red Travelex boards in airports showing us the current rates for exchanging dollars. A recent report from the New York Times stated that on 31st December the lights went out on these boards due to a reported ransomware attack. Many banks which use Travelex to offer currency exchange services were also affected. This shows that even large corporations with large budgets for their security can still fall victim to determined hackers by underestimating their security requirements.

In a ransomware attack files become encrypted and the attackers demand payment. If you suspect you’ve been targeted, please contact the Computer Culture service desk before taking any steps such as making any payments so we can advise and support you.

Source

Cybersecurity figures in New Zealand

Wed, 19 Feb 2020 02:20:31 GMT

New Zealand's Computer Emergency Response Team (CERT) revealed that it's received the most incident reports for one quarter since it was established in 2017. An increase of 13% on the previous quarter. This shows that New Zealand is not immune to such attacks, and cybersecurity should be a priority both in your business and personally. To help you get a sense of the potential impact, a recent Newshub article showed how much an attack is likely to cost you. They also break down the different types of cybersecurity incidents being reported in New Zealand.

Even though the number of reports have increased, the dollar value was down 41 percent to $3.8 million for the quarter. This could indicate a change in tact from the fraudsters. They are now targeting smaller amounts, which may not ring any alarm bells for unsuspecting people. The average amount lost by individuals was $13,851, with nine losses being in excess of $100,000

These scams come in a variety of ways; from extortion or blackmail scams, scams when buying, selling or donating, and fake prize scams. There were also many reports of phishing and credential harvesting.

The report showed no-one is immune to being targeted. All age groups had raised incidents with CERT.

Computer Culture can offer Security Audits to help identify the holes in your information systems that attackers would use to compromise your organisation.

Source

The Future of Robotics

Wed, 19 Feb 2020 02:06:03 GMT

With the Olympics happening in Tokyo, Japan later this year the BBC have been looking at robots in the Land of the Rising Sun.

Robots are fast becoming common place in Japan, with the mascots for Tokyo 2020 being two robots called Miraitowa and Someity. You’ll see robots doing all kinds of jobs from retrieving javelins and shotputs to bringing drinks to spectators and helping attendees with disabilities get to the accessible seating area.

It’s not just at the Olympics you’ll find robots in Japan. They are being used as security guards to patrol offices, in nursing homes to help with dementia patients, and in schools for English lessons.

Japan's robot present, is a glimpse into the robot future for the rest of the world as they become the new normal, in a similar manner to how smartphones have over the last decade.

Source

Protect those Summer Snaps

Fri, 17 Jan 2020 02:22:13 GMT

In the past we would take a dedicated camera on holiday to record those special moments.

Since 2010 digital camera sales have fallen 84%, which is mainly due to quality improvement of smartphone cameras.

These days, the majority of us carry a smartphone and tend to take a lot of quality still and video images.

The problem is, that because we are taking so many higher resolution images, we are creating a lot of data that needs sorting (so you can find particular photos again) and protecting by backup.

Most smartphones can be set up so that they will automatically back up the photos to the cloud when connected to a wireless network, however when you are travelling, a safe Wi-Fi connection is not always available.

You can change the settings to override this, so it will backup regardless of the connection, but this uses roaming data, which could end up costing quite a bit extra.

There are several issues that can cause roadblocks to taking a lot of photos

The data storage capacity of the phone
Data limit on free cloud storage

Paying for cloud backup options can be inexpensive and this article - link here - covers some of the cloud backup options.

If you rely on free cloud storage, please bear in mind that this is a storage only and does not meet the criteria of a backup solution. If, for example you back up to Dropbox, this syncs to all computers using that Dropbox account. If you accidentally delete the contents on that computer (or are hacked) the deletion is replicated to all devices with Dropbox.

To reduce the possibility of this our advice would be to setup photo sync on your phone to your cloud storage (Dropbox, iCloud, Google Photos, OneDrive, etc. etc.), make sure those cloud storage accounts are secure, and consider downloading a copy of your cloud storage once a month or once a quarter and storing it “locally” (not in the cloud). Many cloud storage providers give you the option to download a .zip file of the entire contents of you cloud storage. Some have built-in fail-safes to allow you to recover deleted items from your cloud storage (sometimes this is only available for paid plans though).

Email Security Predictions for 2020

Fri, 17 Jan 2020 02:12:57 GMT

Vade Secure, a Predictive Email Defense company have released their Email Security Predictions for 2020. They have listed 6 ways they believe hacker swill target businesses over the next 12 months. Business email compromise (Spear Phishing) will be the main threat to businesses. Most of these are starting with very short emails saying something like, "Hello, are you available?". Click the link below to read more including their other predictions about sextortion emails, phishing links and data leaks.
Predictions

Don't get Scammed

Fri, 17 Jan 2020 01:59:29 GMT

Watch out for realistic phishing emails which are on the rise.

Phishing emails are becoming more sophisticated and realistic with the main goal to trick you into clicking on a link that you shouldn't. Many of these are intercepted by your antivirus/antimalware software, however the clever crooks are always finding ways to get these emails to elude the filters.

They will often use common respected brands to create an atmosphere of trust.

These can include:

Your subscription has expired
Your payment was declined
Someone is using your login
You have an undelivered item which is being held at depot
You have won something

All we can advise is that you need to be extremely suspicious, hover over the link with your mouse. That should display the URL of the site and allow you to verify it is legitimate.

If you think you have clicked on something you shouldn't, shut down the computer and call your friendly IT provider.

Time to Beef up your Security

Fri, 17 Jan 2020 01:55:37 GMT

Having an enjoyable a holiday and immersing oneself in the festive season can cause some of us to take the eye off the ball and become complacent when it comes to cyber security threats.

Unfortunately, the cyber criminals don't have that same Christmas loving and giving attitude and we can be certain that they have been beavering away in the background trying to find more devious and destructive ways to cause grief and losses to businesses in 2020.

Some experts have claimed that the value of cyber-crime in 2018 was over US$1.5 trillion which is far greater than we thought and if this is correct, it will be substantially higher in 2020.
With the escalating tension between Iran and the US, more cyber attacks from Iran are expected to be targeted at the US and her allies.

Make one of your business New Years resolutions to upgrade your security systems so as to reduce the risk and impact of a cyber attack.
Even with the best defences in place, people will always be the weakest link. We are human after all, we make mistakes and can be tricked into clicking on things we shouldn’t. The best form of defence for business owners is to train their staff to be able to know what is good and bad and to always be extremely vigilant.

If you would like information on how to best train your staff on security awareness please get in touch.

Uninterruptible Power Supplies

Tue, 10 Dec 2019 03:36:00 GMT

How often have you wished for an extra few minutes when the power goes out to give you the opportunity to save that document you’ve been working on all morning or complete a transactions on your Point of Sale machine?

An Uninterruptible Power Supply (UPS) will give you those extra few minutes and lessening the impact the power going out has on your business.

Additionally, a UPS protects your equipment from a variety of power problems. This including power spikes and power surges, which both have the potential to damage your electrical equipment, as well as keeping you running temporarily during a black or brownout to avoid damage or data loss by saving and shutting down.

Please speak to us if you think a UPS could be useful to your business. We’ll help you get the right UPS for your needs.

Pay Raise Phishing Attacks

Tue, 10 Dec 2019 03:31:07 GMT

KnowBe4 have recently released details about a new form of Phishing Attack. Users are receiving emails from HR which are offering better benefits or pay rises. That’s something we’d all like just before the holidays.

These emails normally have a link which looks like a SharePoint document, but in fact it is a phishing landing page.

Quite often phishing attacks spoof email addresses. At first glance it looks like it’s come from a legitimate source, maybe your HR manager. If you receive an email or phone call you feel is suspicious it would pay to call the person appearing to have sent the message. They will be able to confirm if they actually sent it to you.

I nformation for this article was taken from KnowBe4

Business IT Evolution

Tue, 10 Dec 2019 03:25:36 GMT

Many new business ventures start off with little or no complexity and few staff. The business owner has a concept that they believe will work, dreams up a company name and gets excited about designing a logo and business card.

Depending on the product or service, they may already have developed a website and thought about email addresses. Typically, they begin working from home or small premises with an internet connection, basic email account, a mobile phone and tons of enthusiasm.

Their computer is often a laptop with free antivirus and no backup solution. Systems are generally simple with and as they move through stages of "excited", "reality check", "somewhat hopeful", then to “Hey, this might be working!”

Companies change as they experience growth, adding staff, purchasing specialised software solutions and requiring more from their hardware and network. As the complexity increases the business develops systems, procedures & policies to provide a level of control and monitoring.

What we find, is with the increase activity and demands on the business owners time (and resources) their network and cyber security is often overlooked.

This is why Computer Culture strongly recommend getting your IT provider involved at an early stage so that they can provide IT solutions that are scalable and adaptable to the businesses changing needs.

These solutions will cover:

Network design, device patching and user management
Protection from viruses, malware and hackers
Remote accessibility and setting up others to work remotely
Data storage, protection and backup
User cyber awareness training and education
Disaster Recovery Plan

Addressing these requirements involves an array of solutions with customisation for each organisation. Having regular reviews and sticking to upgrade cycles are important to maintain the level of protection.

Please contact our sales team if you would like to know more about this assessment process.

Android 10 Accessibility Features

Fri, 22 Nov 2019 01:55:14 GMT

If you’ve bought new phone with the recently released Android 10 operating system, or upgraded your current phone, you might have heard some of the buzz about “Accessibility Features”. To provide some depth about what these features are, Life Hacker have produced a very useful article explaining what these features are and how to turn them on. The features are designed to improve accessibility for people with disabilities, but many of them are proving to be invaluable for every type of user. One of our favorites is Dark Mode which makes using the phone a lot easier on the eyes and can help to save battery life.

Have a look at the below article and see what features would be a help to you.

Source Article

Threats From Within

Fri, 22 Nov 2019 01:52:35 GMT

It’s very easy to look at security as just protecting yourself from attacks from outside your own organization. The below article shows there are a lot of things we must think about with our internal staff and contractors. These threats can be either malicious or accidental. One very interesting statistic from SolarWinds shows 62% of businesses found insider mistakes were the leading cause of security incidents. Whether malicious or not, the result can be devastating to an organisation. The article focuses on two commonly overlooked security issues – employees who leave your organisation, and imposters who try to get passwords reset. Continue reading at the link below to see how these can happen and, more importantly, what can be done to help prevent these breaches.

Source Article

Ransomware

Thu, 24 Oct 2019 23:23:02 GMT

What does Ransomware do? What should you do if you're hit?

Ransomware is something you may have heard about on the news but don't fully understand. The most high profile cases this year include Baltimore City government who were hit with a loss of over $18 million, and multiple healthcare providers. One of these healthcare providers paid $75,000 to recover it's encrypted files. Click here for an article to see many other high profile cases.

These big stories make the news and sometimes it's easy to think that cybercriminals are only interested in targeting large organisations. But one stat from the above article shows that small to medium sized businesses face the largest risk.

So what does ransomware do? It is designed to encrypt files on the victims system and quite often the user is then instructed to pay money to fix this encryption. Normally you get a message on your screen saying that your machine has been locked and you need to pay to fix the problem. Sometimes these can seem quite legitimate. We have seen a machine locked with a message claiming to be from the New Zealand Police. It said "your computer had been locked due to illegal software and you have to pay $2500".

As with so many things in life we recommend that prevention is better than cure . Ensure you are using an up to date antivirus solution and that all your servers and workstations have all the latest updates. These will help reduce the risk of ransomware affecting your systems.

You can never be 100% certain that your antivirus will stop all potential ransomware attacks. The cybercriminals are constantly trying to be one step ahead of the security available. This is where having a disaster recovery/backup system is critical . Usually system downtime has the biggest financial cost on a business during a ransomware outage.

If you do find you've had a breach:

Don't pay the ransom! The people behind these attacks have already proved they are not the most trustworthy individuals and there is no guarantee they will fulfill their side of the deal.
The first thing to do is to turn off the affected computer and remove the network cable to quarantine the device. You don't want it spreading to other devices on your network!
Then contact the team at Computer Culture and we'll get straight on to resolving the issue. The sooner we can start fixing the problem the better the chance we have of stopping it spreading to other machines on your network.

If you'd like some advice on Ransomware and what options you're business has to safeguard itself then get in touch with our friendly sales team.

What is 5G? - The next-generation wireless technology

Mon, 23 Sep 2019 01:26:58 GMT

5G is the fifth generation digital cellular network technology. The industry association 3GPP defines any system using "5G NR" (5G New Radio) software as "5G", a definition that came into general use by late 2018. The International Telecommunications Radio Communications sector (ITU-R) have defined three main uses for 5G. They are:

Enhanced Mobile Broadband (eMBB) - uses 5G as a progression from 4G LTE mobile broadband services, with faster connections, higher throughput, and more capacity
Ultra Reliable Low Latency Communications (URLLC) - refer to using the network for mission critical applications that requires uninterrupted and robust data exchange
Massive Machine Type Communications (mMTC) - would be used to connect to a large number of low power, low cost devices, which have high scalability and increased battery lifetime, in a wide area.

5G Wireless Use Cases

Driverless Automobiles
Autonomous vehicle (AV) is one of the critical necessities of modern wireless infrastructure: It needs to connect people in motion with the computers they may be relying upon to save lives, with near-zero latency.

Virtual reality (VR) and augmented reality (AR)

For a cloud-based server to provide a believable, real-time sensory environment to a wireless user, the connection between that server and its user may need to supply as much as 5 gigabits per second of bandwidth. In addition, the compute-intensive nature of an AR workload may require that such workloads be directed to servers stationed closer to their users, in systems that are relatively unencumbered by similar workloads being processed for other users. In other words, AR and VR may be better suited to small cell deployments anyway.

Cloud Computing

5G wireless offers the potential for distributing cloud computing services much closer to users than most of Amazon's, Google's, or Microsoft's hyperscale data centers. In doing so, 5G could make telcos into competitors with these cloud providers, particularly for high-intensity, critical workloads. This is the edge computing scenario you may have heard about: Bringing processing power forward, closer to the customer, minimizing latencies caused by distance. If latencies can be eliminated just enough, applications that currently require PCs could be relocated to smaller devices -- perhaps even mobile devices that, unto themselves, have less processing power than the average smartphone.

Internet of Things

In a household with low-latency (the delay before a transfer of data begins following an instruction for its transfer) 5G connectivity, today's so-called "smart devices" that are essentially smartphone-class computers could be replaced with dumb terminals that get their instructions from nearby edge computing systems. Kitchen appliances, climate control systems, and more importantly, health monitors can all be made easier to produce and easier to control. The role played today by IoT hubs, which some manufacturers are producing today to cooperate alongside Wi-Fi routers, may in the future be played by 5G transmitters in the area, acting as service hubs for all the households in their coverage areas. In addition, machine-to-machine communications (M2M) enables scenarios where devices such as manufacturing robots can coordinate with one another for construction, assembly, and other tasks, under the collective guidance of an M2M hub at the 5G base station.

Health care

The availability of low-latency connectivity in rural areas would revolutionize critical care treatment for individuals nationwide. As recent trials in Mississippi are proving, connectivity at 5G levels enables caregivers in rural and remote areas to receive real-time instruction and support from the finest surgeons in the world, wherever they may be located.

To make the transition feasible in homes and businesses, telcos are looking to move customers into a 5G business track now, even before most true 5G services exist yet. More to the point, they're laying the "foundations" for technology tracks that can more easily be upgraded to 5G, once those 5G services do become available.

Information for this article has been taken from Wikipedia, and www.zdnet.com

3 in 10 employees fall for test-phishing done by their bosses

Sun, 22 Sep 2019 23:41:53 GMT

Late in August 2019 www.stuff.co.nz featured an article with the above title by Rob Stock. In this article the risk of company's employees being phished was highlighted after two Air New Zealand employees were tricked by phishing emails into handing over data that revealed personal information of 112,000 airpoints customers. The article highlighted that companies are now test phishing their own employees to ensure their staff are security educated enough to reduce the risk of attacks. It is seen as far better for organisations to work out the weak links in their workforce by phishing their own employees than waiting for a real phishing attack to reveal them.

Computer Culture have delivered phishing testing to our clients. If you are interested in this testing, please get in contact.

We are developing a security training programme including test phishing, that we can offer to assist you with educating your staff and reducing risks.

The complete Stuff article can be found here .

Multifactor Authentication Now Essential

Sun, 22 Sep 2019 22:56:12 GMT

With increased security breaches two factor authentication (2FA) is no longer a "nice to have" feature but viewed as a necessity by the Computer Culture Security Team. We wish to actively promote this with our clients to reduce your risk of falling foul to security threats.

If unaware, multi-factor authentication is a method in which a computer user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.

As an example in practical terms, this means approving a request on your phone when signing in to your Office 365 account for the first time on a new device. Therefore if someone obtains your password, they cannot get in to your account without your phone.

Banks and other data critical organisations have already implemented this method. In a ZDNet web article this week Group Program Manager for Identity Security and Protection at Microsoft is quoted as saying "Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA." Automated attacks now are a considerable risk for all organisations.

FBI Phishing Warnings

Sun, 28 Jul 2019 23:54:22 GMT

Cyber Actors Exploit 'Secure' Websites In Phishing Campaigns

Websites with addresses that start with “https” are supposed to provide privacy and security to visitors. After all, the “s” stands for “secure” in HTTPS: Hypertext Transfer Protocol Secure. In fact, cyber security training has focused on encouraging people to look for the lock icon that appears in the web browser address bar on these secure sites. The presence of “https” and the lock icon are supposed to indicate the web traffic is encrypted and that visitors can share data safely. Unfortunately, cyber criminals are banking on the public’s trust of “https” and the lock icon. They are more frequently incorporating website certificates—third-party verification that a site is secure—when they send potential victims emails that imitate trustworthy companies or email contacts. These phishing schemes are used to acquire sensitive logins or other information by luring them to a malicious website that looks secure.

Recommendations :

The following steps can help reduce the likelihood of falling victim to HTTPS phishing:

Do not simply trust the name on an email: question the intent of the email content.
If you receive a suspicious email with a link from a known contact, confirm the email is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
Check for misspellings or wrong domains within a link (e.g., if an address that should end in “.gov” ends in “.com” instead).
Do not trust a website just because it has a lock icon or “https” in the browser address bar.

Top 11 cyber security tips for your business (From CertNZ)

Sun, 28 Jul 2019 23:23:52 GMT

CertNZ recently published the top 11 cyber security tips for your business as cyber security attacks on businesses are becoming more and more common. You have to make sure you do everything to keep your business safe, no matter of the size of your business. This includes protecting your data, network, customer information as well as your reputation.

A printable version of this guide is available at Cert NZ .

1. Install Software Updates

All devices and software should be up-to-date. Installing software updates is the most effective and basic way to prevent attacks and keep the system safe. Devices should be supported by the manufacturer at any time, and software updates (patches) for the operating systems are installed as soon as they’re available.

Patches are much more than adding new features to software, they most importantly fix security vulnerabilities. Installing patches prevents incidents caused by attackers who use these vulnerabilities to gain access to your system. It is to advise to put a decent security policy in place.

To do list:

Set your system preferences to install any new patches automatically. In case your system may need to have the patches tested before rolled out, make sure your IT support provider has a plan in place to apply them within a few weeks of release.
Make sure any servers or computers that you manage for your business run on operating systems that are still supported and patched.
Enforce staff to use supported operating systems and to install any patches as soon as they're available also in mobile devices.
With staff using BYOD - bring your own devices, make sure they are running supported operating systems and software before they access your business network and keep devices up-to-date.

2. Implement two-factor authentication (2FA)

Implement two-factor authentication (2FA) to secure your business protects both your systems and your customers’ accounts. Anyone logging in to your system will need to provide something else on top of their username and password, to verify their identity. It can be implemented on both internal systems and customer-facing systems. Credential reuse, sophisticated phishing attacks, and many other cyber security risks can be mitigated by using 2FA.

To do list:

Enable 2FA on your key systems, like your:

email services
cloud aggregator services, for example Office 365, GSuite, or Okta Cloud Connector
document storage
banking services
social media accounts
accounting services, and
any systems that you use to store customer, personal or financial data.

Enforce the use of 2FA for each user in the system. Focus on using systems that support the use of 2FA. They should be a requirement for any new system that your business uses.
Make it mandatory, not optional.

3. Back up your data
It is essential to regularly back up business data

provided from customers or staff, such as employee or customer personal details, customer account credentials,
generated by the organisation, such as financials, operational data, documentation and manuals,
system-based, such as system configurations and log files.

If data is lost, leaked or stolen, it will need to be restored.

To do list:

Set your backups to happen automatically
Store your backups in a safe location that’s easy to get to — and isn’t on your own server and/or offsite.
Consider cloud backup services and talk to your IT provider
Test backups regularly

4. Set up Logs

Logs record all actions been taken on your systems. Logging helps to find out when an incident may be about to occur, e.g. multiple failed logons to your network, or when an incident has occurred, e.g. a logon from an unknown IP address. Logs can be set up to alert you to any unusual or unexpected events.

To do list:

Set up logs for:

multiple failed login attempts, especially for critical accounts. This includes services like Office 365 or GSuite
successful logins to your CMS and changes to any of the files in it (if you don’t change them often)
changes to your log configurations
password changes
2FA requests that were denied
anti-malware notifications
network connections going in and out of your network.

Setting the logs up to notify you about any unusual events by email. Set email notifications up for events that shouldn’t happen often, like multiple failed logons or denied 2FA requests.

Store logs in a safe location and make sure they’re encrypted.

Access to the logs should be limited to only those that need it.

Consider archiving them to offline storage and keeping them for a while in case you ever need them.

Talk to your IT service provider, we are happy to help.

5. Incident Response Plan - Create a plan for when things go wrong

If your business has a cyber security incident, you’ll need to know what steps to take to keep your business running. An incident response plan helps to get the business back up and running quickly. The plan should be put in place ahead of time.

To do list (after identifying a security incident) :

Call in reinforcements with prepared contact list
Tell your staff
Communicate to clients/customers
Operate business as usual under unusual circumstances
Reflect what happened

6. Update Default Credentials

Default credentials are login details allowing full administrative access. They are used for the initial setup, and then changed afterwards. Unfortunately, these default credentials are often forgotten to be changed and easy to find or guess or find online at the same time.

To do list:

Check for default account credentials on any new hardware or software you buy, or any devices that have been factory reset.

Change them. Make the new passwords long, strong, and unique.

Use a password manager to store your usernames and passwords. They’ll be encrypted and you don’t need to remember.

7. Choose the right Cloud Service

Select a cloud service provider who will provide the right services for your business.

Cloud services are generally used for access to software without needing to buy it yourself, access to your data from any device, at any time, and for storage space and backups for your data. When using cloud services check the provider if they take your security needs and your data seriously.

To do list:

Check your cloud services:

if they’ll back up your data for you, or if you have to do it yourself
if they offer the option to use 2FA (if not, see if there’s another provider who does)
if they’ll notify you of a security breach if it happens
what happens to your data if they’re bought out by another company, or if they go under
if they have a public security policy, and a way for you to report security problems to them.

Check where the servers that they use to hold your data are located (jurisdiction).

8. Only collect Data you need

Only collecting the data which is really needed from customers should be collected. The level of risk is based on the amount of data stored — the more data collected, the more valuable and attractive it is to an attacker. Reduce the risk by only collecting what is needed.

To do list:

Only saving and storing the information which is needed from a new customer or client. Be clear about why you need it.
Make sure you’re encrypting any data you collect at any time including transition as well as storage in a database.
CertNZ refers to the Privacy Commissioner who has built a tool, Priv-o-matic, to help creating a privacy statement that you can share with your customers. It can be used to tell how you’ll collect, use and disclose their information.

9. Secure your Devices

Install security/ anti-malware software such as Antivirus on any device that accesses your business data or systems. It prevents malicious software e.g. viruses or ransomware from being downloaded. This includes both company owned devices and any BYOD devices that belong to your staff. This is one of the basics to minimise your risk

To do list:

Use the security features that come as a default with your computer’s operating system. This includes Windows Defender for Windows 10 devices, or Gatekeeper for OSX. Otherwise, use security software that can prevent and detect malware and that gets updated regularly.

Don’t let your staff access your network with devices that are jailbroken or rooted.

10. Secure your Network

Configure network devices like firewalls and web proxies to secure and control connections in and out of business network. Also using a VPN that in best case relies on 2FA when remotely access systems secures the network.

To do list:

Limit access to the internet-facing parts of your network to only those who need it.
Use a VPN if you need to remotely access systems on your business network. Make sure the VPN software you use requires 2FA.
Use separate VLANs for your business network to control what parts of the network can talk to other parts.
Put servers with sensitive data on a separate VLAN from the one that your employees’ computers are on and use firewalls to control how those two VLANs talk to each other.
Talk to an IT or network engineer to explain what your business does, and what you use your business network for. They can help you configure any separate networks or network devices that you may need to protect yourself.

11. Check financial details manually

Manually checking unusual or unexpected online business requests prevents incidents such as for example invoice scams. It can be hard to tell when an email recipient’s behaviour is ‘phishy’.

Therefore, using another channel to check the person or company is recommended. This can be a phone call or a text message before approving any payments.

To do list:

Set up a clear process for how to make sensitive business transactions or changes. Determine what’s sensitive for your business and make sure these thresholds are clear so your staff know when to raise a red flag.
Use a separate channel of communication to verify a transaction or change before it happens.
Have a clear point of escalation for your staff. Put a process into your incident response plan.

Scamming is Highly Organised

Wed, 19 Jun 2019 00:26:57 GMT

Cybercrime groups don’t restrict themselves to one type of criminal activity; rather, they operate like a growing business, running a variety of different scams at once to bring in money from many sources.

One of the oldest tricks in the book is the “Nigerian Prince Scam", the advance fee come-on that’s come to be known as “419 fraud” after the section of the Nigerian criminal code that makes it illegal.

The Nigerian underworld has evolved too, as organised cybercrime groups don’t restrict themselves to one type of criminal activity; rather, they operate like a growing business, running a variety of different scams at once to bring in money from many sources. Security researchers at Agari (an email security company) discovered this after tracking a large West African criminal group over the course of six months and reconstructing the timeline of its growth and activities since 2008.

Craigslist scams between 2008 and 2010. These scams netted them an average of $24,000 per month, which they split between them. One of these individuals, who Agari calls “Alpha,” started carrying out romance scams in 2010. Alpha would manipulate his victims into handing over their money until they had no more to give, at which point he would use them as mules to assist him with more scams.

The researchers relate the sad story of one of these victims, who was exploited by Scattered Canary until her death in 2017. Even after her passing, the group still used her personal information to carry out crimes, which the researchers say “exemplifies the lengths to which these groups use and reuse their victims until there is literally nothing left to exploit.”

In late 2015, Alpha began launching widespread phishing campaigns, and partnered with other scammers. In 2016, the group started branching out into more targeted BEC attacks, while still running romance scams and credential phishing.

By 2017, Agari says Scattered Canary was a “well-oiled machine,” with numerous employees in various roles. They began phishing US government agencies, knowing that they were safe in Nigeria, since they could bribe local law enforcement to leave them alone.

The group now churns out BEC scams to every target they can find, using online lead services to search out potential victims. In November 2018, Scattered Canary tried to launch a BEC attack against Agari’s CFO, which led the company’s researchers to begin looking into the group. The researchers say the scope of the group’s activities shows that organized cybercrime has reached unprecedented heights.

CEO Fraud - What is a BEC scam?

Wed, 19 Jun 2019 00:04:40 GMT

Cyber-criminals are like every businessman: they want maximum profit for minimum investment. A trend amongst hackers to help achieve this goal is Business Email Compromise (BEC) also known as “CEO Fraud”.

Cyber-criminals are like every businessman: they want maximum profit for minimum investment. A trend amongst hackers to help achieve this goal is Business Email Compromise (BEC) also known as “CEO Fraud”. This type of CEO scam is very profitable since it only needs to be successful a few times to be highly cost-effective for the criminals.

Instead of spending hours sending phishing emails to numerous random email addresses (making them more easily identifiable as spam, and less successful), nowadays, cyber-criminals first do their research before launching an attack. They select the business on which to launch a BEC attack, then use social engineering to find out who the CEO and CFO are (ensuring they have their exact names), and decide who their victim will be within the business. They will usually select someone in the finance department who manages money, or select a senior staff member, a company director, a trusted vendor etc… The cyber-criminals then send a fraudulent email, impersonating the CEO or CFO, and try to trick their victim into initiating one or more bank transfers.

A successful BEC attack results in successful intrusion into the victim’s business systems, unrestricted access to the victim’s employee credentials, and substantial or massive financial loss for the company.

Education of scams is the best way to avoid being scammed

Tue, 18 Jun 2019 02:46:30 GMT

The easiest way to avoid falling for scams and other social engineering attacks is to have an understanding of the tactics employed by attackers says Roger A. Grimes.

One of the most common signs of a scam is the use of “stressor events,” which play on the victims’ emotions to make them act irrationally. There are a wide variety of stressor events, ranging from the mild to the extreme. Scammers can simply try to rush you by claiming that a deal will be called off if you don’t act soon, or they can threaten you with arrest or worse if you don’t pay them quickly.

Additionally, you should be suspicious if a person is difficult to contact, is unwilling or unable to speak on the phone or meet in person, or comes up with excuses to induce you to send or receive money in an unconventional way. For example, whenever someone asks you to pay them in gift cards, don’t: you’re being scammed. This seems obvious and easily avoidable, but many people still fall for it.

Grimes emphasizes that people don’t fall for scams because they’re stupid. Their ability to resist scams depends primarily on their having knowledge of the scams themselves.

“Don’t shame victims into thinking that they were dumb or a patsy,” Grimes writes. “Intelligence has nothing to do with it. The deciding factor whether someone can be scammed is awareness of the scam presented to them.... The number one scam defence is awareness education. Banks are doing it. Employers are doing it. Many people and businesses try their best to inform people about the various scams.”

Ransomware infects victims by masking itself with anti-virus software

Thu, 30 May 2019 02:12:19 GMT

A file-locking malware family has developed a new approach utilising trust to create new ransomware victims.

This successful family of ransomware called Dharma first emerged in 2016 and has been responsible for a number of high-profile cyber incidents. It has been terrorising organisations around the world and has recently released a new approach tempting victims to install file-locking malware pretending to be anti-virus software.

The group behind Dharma regularly update their campaigns in order to keep the attacks effective and to achieve the best chance to trigger ransom payments in exchange for decrypting locked networks and files of Windows systems. Dharma now has further developed their cyber-attacks by bundling it inside a fake anti-virus software installation. It starts off with phishing emails. The messages claim to be from Microsoft and that the victim's Windows PC is 'at risk' and 'corrupted' following 'unusual behaviour', urging the user to 'update and verify' their anti-virus by accessing a download link. If the user follows through, the ransomware retrieves two downloads: the Dharma ransomware payload and an old version of an established anti-virus software from a cyber security company.

At the time the self-extracting archive runs, Dharma begins encrypting files in the background. The user is asked to follow installation instructions for ESET AV remover. This interface is displayed on the user's desktop and requires interaction during the installation process on order to distract from the malicious activity. Once the installation is complete, the victim is confronted with a ransom note, demanding a cryptocurrency payment in exchange for unlocking the files.

It describes a well-known practice for malware to be bundled with legitimate applications. Any application could be used this way. Ransomware still remains a threat to organisations as attackers continue to develop and deploy new tactics and approaches of the file-locking malware. Malicious actors are still trying to upgrade old threats and use new techniques. Ransomware remains a costly and versatile threat. To avoid falling victim to cyber security threats, it is always recommended that organisations keep good cybersecurity hygiene such as securing email gateways, regularly backing up files, and keeping systems and applications patched and updated.

Microsoft Launches ExpressRoute to Azure from NZ

Thu, 30 May 2019 01:53:14 GMT

A Microsoft Azure ExpressRoute site in Auckland has been established to allow New Zealand cloud users to connect to Azure.

The Azure cloud service allows customers to benefit from a dedicated private connection, bypassing the public internet to deliver predicable performance, lower latency and SLA-based connectivity to Microsoft's Azure cloud services.

ExpressRoute is targeted at organisations wanting to deploy business critical workloads in the cloud. New Zealanders looking for such features previously had to connect to the ExpressRoute site in Australia. Customers will be able to choose from local carrier partners, benefit from more deployment options and lower connectivity costs. Local ExpressRoute services will initially be provided by Megaport, Vocus, Spark, Kordia and Devoli.

The service will connect the business critical applications of New Zealand users to Australia and anywhere beyond on the Microsoft backbone. It will be especially useful in connecting hybrid cloud applications and data sources. In terms of its network, Microsoft is one of the largest telcos in the world and offers significant cost savings.

As New Zealand is recognised as a fast adopter of cloud services globally, delivering the site was a big decision. Spark product director Tessa Tierney said business customers are increasingly needing fast, reliable, secure and cost effective connectivity to the Microsoft Azure network to ensure their users have the best possible application experience. "Today for example, we have customers utilising Azure-based data analytics or internet of things platforms, who are moving massive quantities of data, which demands this level of connectivity and flexibility to help them better meet their business objectives," she said. Spark's Cloud Connect solution ensures that connectivity back to the company's network is resilient through diverse fibre connections from the Microsoft edge back to geographically separate Spark exchanges.

Karl Rosnell, CEO of wholesale provider Devoli, said his company's role in the small to mid market is subtly different. "There is a whole heap of IT partners out there looking for a relevant next move to add value to customers and make money," he said. Devoli has been facilitating a similar service to Sydney on its own network for some time. "We win if we enable the NZ IT landscape to be able to build cloud technologies for their customers," he said. "The key thing is how we can help companies access the motorway."

Vocus NZ is hosting the new Azure ExpressRoute in its datacentre. CEO Mark Callandar said Vocus has a range of different carriers in its datacentres already looking to provide direct connectivity to their customers. "They will be looking at how they can package up services to end users," he said. "It is great someone like Microsoft has looked at NZ and enabled it to help transformation."

Kordia's head of product, Murray Goodman, said his company positions itself as a mission critical network provider and access to cloud-based services is now just that. ExpressRoute will now become part of Kordia's "Best Connected" business practice. "Applications will only perform as well as the network," he said. "A large portion of customers will be using Microsoft in one form or another and it makes sense to support them."

Megaport's vice president of cloud products, Matt Simpson, said some of the other partners delivering the new ExpressRoute service are also customers of Megaport. Megaport, he said offered a flexible service without lock-in contracts and with bandwidth scalable at any time. The company has 465 data centres globally with 30 ExpressRoute locations. Megaport has 11 data centres in New Zealand. We essentially extend the reach of the ExpressRoute," he said. "Any customers in those data centres can get the ExpressRoute in a matter of minutes."

For Microsoft New Zealand is one of the fastest evolving digital nations in the world and that placed it in a unique position when the business case was made. “Microsoft New Zealand has worked tirelessly to deliver a Azure ExpressRoute site here for our customers, he said. "The local team strongly believes in the importance of investing in this country’s digital transformation and supporting our Kiwi customers and partners in their transformation journeys." The ExpressRoute site offers multiple deployment models, including an any-to-any (IP VPN), a point-to-point Ethernet connection or now a virtual cross-connection through a connectivity provider at a local co-location facility. The service effectively extends customer’s on-premise networks into the Microsoft cloud over a private connection. Last year, Microsoft invested in a dedicated FastTrack direct cloud engineering assistance service for its New Zealand customers and partners. “Our partners and customers are increasingly looking to reach overseas markets, and we wanted to help them leverage Microsoft’s international networks and resources more effectively.”

Alert Scam Warning

Mon, 29 Apr 2019 05:27:51 GMT

Recently, Apple, Xero and Go Via were among the companies whose brands were hijacked by scammers, with phishing email campaigns using the businesses’ brands to dupe local recipients. On 19 March, email filtering and security company, MailGuard, said in a blog post that it had spotted a phishing scam using Apple branding and employing a “well made” fake Apple login screen. According to MailGuard, the fake Apple website is hosted at a similar URL to Apple's own websites and the design of the page is quite convincing.

If the recipient of the dodgy fake Apple email clicks on the link in the message, they are taken to the fake login page where their credential data would be harvested.

The phishing campaign suggests that the messages were sent from the email domain ‘@applemail.email’ which is hosted with Google mail, meaning it can pass certain authentication tests and, as such, is likely to penetrate multiple inboxes.

A few days later another wave of dodgy emails exploiting the brand of cloud accounting provider, Xero, was spotted. The criminals who are operating this scam appear to have registered four new domains with a Chinese registrar during March that are very similar to Xero's own URL's. MailGuard warned that the individual messages sent out in the latest phishing campaign bear real business names, with the names used in the ‘subject’ fields of the email messages. The objective of this email is to get the recipient to click on a link that will direct them to a hidden JavaScript malware file.

Can you spot "Phishing Rods"

Mon, 29 Apr 2019 05:24:00 GMT

Cyber Security Awareness

We often talk about phishing attacks in our newsletter and that's because we want our customers to always be thinking about whether they'll be caught high and dry by biting on the line too quickly. Don't get caught by a scammer dangling their baited phishing rod in front of you!

But identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know or someone you trust. Can you tell what's fake?

Have a go at the quick quiz below to see how you weigh up..

https://phishingquiz.withgoogle.com/

Keep an eye out for phishing rods by following these handy tips:

Be sure to check out link URLs by hovering over them, and to pay close attention to the sender's email address. Spot the look-alike URL! It shows the insecure imitation domain.
Double check the sender's email domain if it is misspelled and the link actually points to something suspicious. Phishing often tries to trick you with these look-alike URLs.
Remember to be extra cautious if you aren't sure you know the sender.
If you are unsure about a domain, you can use a search engine to find out more information about it.
PDFs can contain malware or viruses — always be certain you trust the sender and if in doubt, use your browser or an online service such as Google Drive to open them safely.
Carefully check the from address field if it is slightly different from what you've seen previously.
Be careful when opening PDF's, especially if you don't expect them.
It is important to be cautious with different kinds of account access requests, and to be sure you trust the developer.
Read closely all information provided about the requesting service before you allow access!

Stronger focus on data encryption within organisations

Mon, 29 Apr 2019 05:21:54 GMT

The use of trusted cryptography to protect data is at an all-time high, according to the 2019 Global Encryption Trends Study from the Ponemon Institute. With corporate data breaches making the headlines on an almost daily basis, the deployment of an overall encryption strategy by organisations around the world has steadily increased. This year, 45% of respondents say their organisation has an overall encryption plan applied consistently across the entire enterprise with a further 42% having a limited encryption plan or strategy that is applied to certain applications and data types.

Threats, drivers and priorities

Employee mistakes continue to be the most significant threat to sensitive data (54%), more than external hackers (30%) and malicious insiders (21%) combined.

In contrast, the least significant threats to the exposure of sensitive or confidential data include government eavesdropping (12%) and lawful data requests (11%).

The main driver for encryption is the protection of an enterprise’s intellectual property and the personal information of customers – both 54% of respondents.

With more data to encrypt and close to 2/3 of respondents deploying 6 or more separate products to encrypt it, policy enforcement (73%) was selected as the most important feature for encryption solutions.

In previous years, performance consistently ranked as the most important feature.

Cloud data protection requirements continue to drive encryption use, with encryption across both public and private cloud use cases growing over 2018 levels, and organisations prioritising solutions that operate across both enterprise and cloud environments (68%).

Data discovery the number one challenge

With the explosion and proliferation of data that comes from digital initiatives, cloud use, mobility and IoT devices, data discovery continues to be the biggest challenge in planning and executing a data encryption strategy with 69% of respondents citing this as their number one challenge.

Trust, integrity, control

The use of hardware security modules (HSMs) grew at a record year-over-year level from 41% in 2018 to 47%, indicating a requirement for a hardened, tamper-resistant environment with higher levels of trust, integrity and control for both data and applications.

HSM usage is no longer limited to traditional use cases such as public key infrastructure (PKI), databases, application and network encryption (TLS/SSL); the demand for trusted encryption for new digital initiatives has driven significant HSM growth over 2018 for code signing (up 13%), big data encryption (up 12%), IoT root of trust (up 10%) and document signing (up 8%).

Additionally, 53% of respondents report using on-premises HSMs to secure access to public cloud applications.

Ponemon Institute chairman and founder Dr. Larry Ponemon says, “The use of encryption is at an all-time high, driven by the need to address compliance requirements such as the EU General Data Protection Regulation (GDPR), California Data Breach Notification Law and Australia Privacy Amendment Act 2017, and the need to protect sensitive information from both internal and external threats as well as accidental disclosure.

“Encryption usage is a clear indicator of a strong security posture with organisations that deploy encryption being more aware of threats to sensitive and confidential information and making a greater investment in IT security.”

nCipher Security, senior director of strategy and business development John Grimm says, “Organisations are under relentless pressure to protect their business critical information and applications and meet regulatory compliance, but the proliferation of data, concerns around data discovery and policy enforcement, together with lack of cybersecurity skills makes this a challenging environment.”

Encryption Key-Trends

The highest prevalence of an enterprise encryption strategy is reported in Germany (67%) followed by the United States (65%), Australia (51%), and the United Kingdom (50%).
Payment-related data (55% of respondents) and financial records (54% of respondents) are most likely to be encrypted. Financial records had the largest increase on this list over last year, up 4%.
The least likely data type to be encrypted is health-related information (24% of respondents), which is a surprising result given the sensitivity of health information and the recent high-profile healthcare data breaches.
61% of respondents classify key management as having a high level of associated “pain” (a rating of 7+ on a scale of 10). This figure is almost identical to the 63% of organisations that use six or more separate encryption products, suggesting there is a clear correlation between the two findings.
Support for both cloud and on-premises deployment of encryption has risen in importance as organisations have increasingly embraced cloud computing and look for consistency across computing styles.

Smart Homes are Spy Homes?

Mon, 29 Apr 2019 05:17:22 GMT

Smart Home Security Basics

Smart homes technology is becoming more and more popular. New exciting gadgets are introduced each year from robotic vacuums, to refrigerators that let you coordinate meals and alert you when products are expiring, to automated video systems that allow you to see who’s at your door right from your phone.

But what is the privacy cost of it? Are you aware of its risks and spying potentials?

Your house knows a lot - it has always been knowing but you have to be aware of that thanks to smart technologies this knowledge is now recorded. The global smart home market is predicted to reach a value of more than $53 billion by 2022.

And the number of installed IoT connected devices by that year is expected be at roughly 43 billion worldwide.

These days, its not only required to lock your front door so that burglars don’t break in and try to take off with your valuables, but you also it is essential to “lock” your home’s network so that hackers can’t break in and take off with valuable private data about your everyday lives.

Today’s smart homes collect and analyse large amounts of user data, generated constantly by your beloved gadgets and appliances that are connected to your network. It is mandatory to carefully consider every single device that you decide to install in your home—weigh its pros and its cons, study its privacy policy, and really consider whether any of its elements might become a weak link in the protective tech chain around your house—and to make sure that invisible home network connection is secure.

Introducing connected devices into your home is a serious business, and overlooking the smallest device could expose you. You can be sure it’s easily possible. Hackers will look for the tiniest gap to squeeze through if it means accessing your home.

It is absolutely recommended to be aware of the security basics of installing a smart home.

Smart Home Security Basics

It is important that owners take care to ensure their tech home is protected and secured. Networked devices can exchange data in a constant flow of traffic that involves a lot of personal information.

Keep asking yourself: Do you want to keep it safe and private? Would you leave your garage door up and your front door unlocked 24/7?

1. Professional Installation in Your Home

Installing a safe and reliable network into your home is the basis of your safe and secure smart home. Choose a trusted professional who will help you in the process of transforming your house into a smart home.

2. A Privacy Protection Agreement

It’s important to ensure that that data is protected. Always remember your smart home is generating a large amount of sensitive data within its network. Have your service provider sign a privacy protection agreement at the beginning.

3. Secure Passwords

A strong password is essential to the security of your network. Never use default passwords, your WiFi password, or that one password you’ve used for 11 other accounts. Make it sure it is long and complex.

4. Protect and Update

Protect your home’s network with a firewall so that third parties are unable to access your data. Additionally, make sure to update your systems regularly.

Multifactor Authentication (MFA)

Wed, 27 Mar 2019 01:23:47 GMT

A layered defence for increased security.

Definition: Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

The purpose of MFA is to create a layered defence and make it more difficult for an unauthorised person to access a target such as a physical location, computing device, network or database. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.

Here are a couple of examples

Swiping a card then entering a pin
Logging into a website, entering a password then wait for the website to send a code to the user’s phone or email address to verify.

CERT Report

Wed, 27 Mar 2019 01:11:57 GMT

CERT (Computer Emergency Response Team) Q4 2018 Report

CERT (Computer Emergency Response Team) is the official Government body set up to handle cyber security issues.

They have recently released their report for the last quarter of 2018 which provides an overview of the cyber security events reported between 1 October and 31 December 2018. It offers insights on incident types, how they operate and how you can best mitigate the risk.

Here are the key statistics:

1,333 incident reports were received in quarter four, up 53% from quarter three.

$5.9 million in reported losses up $3m from quarter three.

783 reports were about individuals, up 103% from quarter three.

Malware reports continued to increase with 48 reports, more than double the amount in quarter three.

For the full report see https://www.cert.govt.nz/about/quarterly-report/quarter-four-report-2018/

HP Battery Recall

Wed, 27 Mar 2019 00:35:54 GMT

HP Notebook Computer and Mobile Workstation Battery Safety Recall and Replacement Program

We have been notified of the current HP Notebook Computer and Mobile Workstation Battery Safety Recall and Replacement Program.

We have notified our customers that we believe are affected by this recall, however we would recommend that you check the list at this link . This will explain the process to obtain a replacement.

Blockchain Use-Cases

Tue, 26 Feb 2019 22:41:47 GMT

Blockchain technology is expected to cross $360 billion by 2026 and scale over $3.1 trillion by 2030 according to Gartner. But blockchain is much more than digital security and goes beyond the well-known cryptocurrency. The following use-cases are listing some of the most current scenarios.

Reducing Complexity in Transactions
Healthcare, international banking and video games are all complex transactional systems that will benefit from blockchain's ability to reduce transactional complexity and costs by eliminates the need for third party oversight

Helping Conversations
Forbes Reports that blockchain technology is being used to combat environmental crimes such as deforestation and illicit trade of animals by fostering transparency in commercial value chains

Digital Voting
Blockchain development in the electoral process is being developed to ensure that the democratic benefits of electronic voting are not tainted by cyberattacks or other threats

Fighting Art Forgers
Blockchain technology is used to combat art forgery and reinstating trust when selling art online by establishing image based records

Supply Chain Management and Automobiles
Blockchain’s ability to enable the digitization of assets is of significant benefit for its supply chain management usage. Products can be tagged and assigned with unique identities that are then transplanted onto a transparent and immutable blockchain. Vital product information, for example: state of the product, time, location can all be tracked on the blockchain. This could for example prove useful in detailing car history.

Music
Using blockchains music artists can avoid a middlemen such as labels and publishers, and instead sell their music directly to their fans. Blockchain-based cryptocurrencies such as Bitcoin and Ethereum support micropayments, which could facilitate this novel artist-fan relationship.

Top Tech Trends In 2019

Tue, 12 Feb 2019 00:00:00 GMT

1. Increased Automation
Increasing amount of tools and apps that do the work for consumers and business owners, taking over more mindless and time-consuming tasks

2. A Blockchain Comeback and AI
2019 is expected to be another year full with new blockchain applications and data breaches affecting companies. In 2019, AI will become mainstream, solving real problems for people in a variety of industries, not just ads or search.

3. Better Human/AI Collaboration
2019 will be the year that companies focus more on getting datasets consistent and teaching humans to collaborate with AI without giving it too much power. Some companies got into trouble by giving it too much decision-making power. Using unstructured and potentially biased data led to biased outcomes.

4. Expansion Of Connected Devices
In 2019 there will be an explosion of connected devices that moves us forward with this smart system for living and working.

5. Inclusion Of Augmented Reality In Most Apps
In 2019 augmented reality will be growing and even more available with mobile devices in everyday life. Initially it was hitting mobile devices as games or fun activities. This year, it will become integrated into most apps in the marketplace.

6. Upgraded Cybersecurity Using ML And AI
2019 might become a year to remember in technology. Trends are showing that the tech world is focusing on cybersecurity using machine learning and artificial intelligence to predict and protect against attacks.

7. Solutions To The Tech Backlash
In 2018, we saw a backlash against tech — swirling headlines around the negative influence of technology on our democratic process, society, interpersonal relationships and so on. However, there was a dearth of solutions, whether in the proposal of alternatives or the introduction of regulations or other best practices. Next year will see this: What we use, and how we use it, will differ from today.

8. Technology Convergence
In 2019 a generation shift of technology is to be expected. AI, machine learning, blockchain and AR are the buzzwords. The integration of these technologies into standard processes will lead to productivity gains and benefits for companies.

9. Augmented Analytics Using Natural Language
Augmented analytics leveraging natural language generation (NLG) will transform the way organisations, executives and data experts glean more accurate insight and deepen engagement from their data. Adoption of natural language to surface the most important findings in a fraction of the time will make data science more accessible, developing citizen data scientists throughout all business roles.

10. Growing Commitment To Data Security
2019 will be a year of information security. Currently, all companies try to get as much data as possible, but they often forget to care about data security. Companies will open security departments or outsource it to specialised companies. Data breaches will continue and increase.

11. Increasing E-Commerce Sales Of Everyday Items
In 2019 online shopping is going to expand as people like purchasing everyday consumables online.

Evolution of Microsoft Teams

Tue, 05 Feb 2019 00:00:00 GMT

Microsoft's TEAMS collaboration platform is underlying a rapid development indicated by the latest changes. Initially it was unveiled in 2016 as a competitor to Slack and largely focused on the needs of information workers.

The latest updates will help Microsoft differentiate Teams in a crowded collaboration software market. It has started as a horizontal team collaboration solution. Microsoft Teams is now taking the next step by identifying specific use cases address, and deliver tailored, packaged offerings to meet the needs of the users. It is to be expected that Microsoft builds on this moving forward as it looks to reinforce its head start with the first-line worker updates.

There is a variety of communication and collaboration tools existing, that deskless workers can choose from. Even Facebook has targeted its Workplace application at staffers of all types. The most commonly used tools by frontline staff are likely to be consumer apps such as in particular WhatsApp, or Facebook Messenger and even text messages.

Microsoft's advantage is to be more compliant to IT standards of companies, especially in terms of security. Hence, Teams will be “welcomed by IT buyers. Still it remains a change management challenge to convince staff to switch to corporate-mandated mobile communication apps. Features such as the new Shifts tool for shift management will be extremely valuable in pulling people into the Teams app.

Microsoft upgrades Teams mobile app to woo frontline workers

Tue, 29 Jan 2019 00:00:00 GMT

Microsoft intends to draw in ‘first-line’ staffers with location sharing, a camera module and audio-message sharing functions added to the team collaboration app. Microsoft has added some updates to its Teams collaboration tool in order to attract “first-line” workers such as retail, healthcare and service staffers. The additions include new mobile app functions, integrations with third-party scheduling apps and an employee “praise” tool.

Microsoft claims there are more than two billion frontline staff globally – a segment of workers that has received less attention than knowledge workers, who have access to a variety of digital tools to support workplace communications and productivity.

“First-line workers are a massive segment of workers around the world that are currently pretty drastically underserved by technology,” said Emma Williams, corporate vice president of Modern Workplace Verticals at Microsoft. “What we are delivering today is a customisable experience that really focuses on a mobile-first worker based on their role.”

The additions to the Teams mobile app include location sharing, the ability to record and share audio messages, and a camera module with image annotation that can help protect sensitive data within an organisation. “In healthcare, sending images is one of the primary forms of communication with clinicians sharing x-rays back and forth or pictures of a patient's injuries." Williams said. A lot of this is happening in unsanctioned consumer chat apps, with is no security awareness, no compliance, and photos get automatically stored on someone's personal mobile phone or cloud account. The secure camera app ensures you take the photo within Teams and it only gets shared within Teams.

Role-based policy templates can be set up in the mobile app of Teams. IT admins can enable or restrict certain functions such as calendars, calling or private chats, for instance, depending on user needs. Employees can also customise the app themselves, with the ability to pin frequently used modules to the app's navigation bar.

Integration with workforce management systems is another update. This relies on the launch of Shifts – a lightweight schedule management feature available in Teams and announced at Microsoft Ignite in September. The Graph API for Shifts hooks Teams into enterprise scheduling systems like Kronos, allowing workers and managers to view information around attendance or payroll and benefits, for example, within the mobile app.

Finally, a new “praise” feature lets managers and executives recognise the work carried out by staff - a factor that can help in industries with high rates of staff churn, such as retail. The new features are available to all Teams users, in all SKUs, except for Teams Free, Microsoft said.

Introducing new advanced security and compliance offerings for Microsoft 365

Tue, 22 Jan 2019 00:00:00 GMT

When Microsoft 365 was first introduced and bringing together Office 365, Windows 10, and Enterprise Mobility + Security (EMS), Microsoft's vision was two-fold: 1) deliver a great experience for customers to empower employee creativity and teamwork, and 2) provide the most secure and easy to manage platform for a modern workplace.
Microsoft has been thrilled with the response, as customers have contributed to triple-digit seat growth since its launch.

A big driver of customer adoption of Microsoft 365 is the need for security and compliance solutions in an age of increasingly sophisticated cybersecurity threats, as well as complex information protection needs, due to regulations like the General Data Protection Regulation (GDPR). To underline these needs, Microsoft is introducing two new Microsoft 365 security and compliance offerings that will be available for purchase on February 1, 2019.

Identity & Threat Protection —This new package brings together security value across Office 365, Windows 10, and EMS in a single offering. It includes best of breed for advanced threat protection services including Microsoft Threat Protection (Azure Advanced Threat Protection (ATP), Windows Defender ATP, and Office 365 ATP including Threat Intelligence), as well as Microsoft Cloud App Security and Azure Active Directory.

Information Protection & Compliance —This new package combines Office 365 Advanced Compliance and Azure Information Protection. It’s designed to help chief compliance officers perform ongoing risk assessments with a compliance score across Microsoft Cloud services, automatically classify and protect sensitive data, and efficiently respond to regulatory requests leveraging artificial intelligence (AI).

Wi-Fe Be as the Biggest Security Gap

Tue, 15 Jan 2019 00:00:00 GMT

More than 75% of all mobile communications flows over Wi-Fi. In 2017, 8.4 billion devices were connected to Wi-Fi and the volume is expected to hit 20.4 billion by 2020, according to analyst firm Gartner.

In 2018, 52.2% of all website traffic worldwide was generated through mobile phones, up from 50.3 percent in the previous year. Hackers prefer to go after the weak link in the security chain and it doesn’t take much to hack into the Wi-Fi network using easily accessible tools and a plethora of online how-to videos. Even the most rookie hacker can intercept traffic flowing over Wi-Fi and steal valuable data from your smartphone, tablet, smartwatch, or laptop. Once the malware is injected and credentials are stolen over Wi-Fi, your business networks become compromised, and it can cost millions in fines and breach remediation expenses to fix.

The Six Known Wi-Fi Threat Categories That Leave Your Business Vulnerable

Rogue Access Point (generates your wireless network): Allows attackers to bypass perimeter security
Rogue Client (such as your computer or smartphone): Delivers malware payloads to the network after connecting to malicious APs.
Neighbouring Access Point or Client false association: Risks infection from connecting to other networks while in range of the authorised AP.
Ad-Hoc Network: Uses peer-to-peer connections to evade security controls and risk exposure to malware.
"Evil Twin" Access Point: Tempting users to connect to it so as to spy on traffic, steal data and infect systems.
Misconfigured Access Point: Opens networks to attack as a result of configuration errors.

What is a Trusted Wireless Environment?

In a world with growing open Wi-Fi networks, Wi-Fi hackers are able to not only steal personal information but also spread malware to computers on the network, costing your businesses millions. Simply put, the Wi-Fi system that you installed seven years ago is no longer adequate. As you face the responsibility of evolving your Wi-Fi networks, it's best to get your IT Provider involved in the process to help you make the right decisions. Companies that offer a Trusted Wireless Environment deliver on these three core pillars:

Market-Leading Performance:
You should never be forced to compromise security to achieve the necessary performance to support your environment with the speed, connections and client density that it needs.

Scalable Management:
With easy set-up and management, your entire wireless network should be able to be controlled from a single interface and execute key processes to safeguard the environment and its users.

Verified Comprehensive Security:
You need proof that the security solution that defends your business against Wi-Fi attacks can deliver on the following benefits:

Provide automatic protection from the six known Wi-Fi threat categories
Allow legitimate external access points to operate in the same airspace
Restrict users from connecting to unsanctioned Wi-Fi access points

Best practice is to install more than just Wi-Fi connectivity by also consider Wi-Fi security which automatically detects and prevents all of the most common Wi-Fi threats simultaneously.

Blockchain NZ and its Power to Revolutionise Electric Power

Tue, 08 Jan 2019 00:00:00 GMT

Blockchain NZ, also known formerly Blockchain Association of NZ (BANZ) is part of the NZ Tech Alliance. Their goal is for NZ to become a global hub for blockchain innovation. It is an association of organisations and individuals representing the rapidly emerging business sector and those engaged in the wider global Financial Services, IT, and public sector communities. Blockchain NZ provides New Zealand businesses and individuals opportunities for connecting, promoting and advancing in all things blockchain, crypto and decentralisation.

Blockchain NZ published a report in December 2018: Distributed ledgers and blockchain are anticipated to provide a significant positive uplift to New Zealand’s economy. General Manager of Strategic Partnerships at Centrality, Andy Higgs, said the report provided useful analysis of the significant opportunities that exist for distributed ledger and blockchain technologies. “Blockchain presents a huge opportunity, with over $11 billion USD raised through initial coin offerings (ICOs) in the first half of 2018. New Zealand has a chance to lead the way, thanks to our sense of fairness and social inclusiveness, to ensure all New Zealanders benefit from the full potential of blockchain and decentralisation.”

According to analyst firm GlobalData, Blockchain may be the ‘missing link’ that potentially transforms the electric power industry and leaves traditional business models behind. Currently, electric utilities face challenges including high operational costs, aging grids, security, regulatory compliance, and personalised customer service. Blockchain is the focus of experiments to overcome these challenges. “Blockchain is meant to be the leading enabler of decentralisation, democratisation, and liberalisation in the power industry,” says GlobalData disruptive tech analyst Archi Dasgupta.

One business is Australian-based crypto-startup Power Ledger, which develops decentralised energy trading platforms on blockchain. Its distributed P2P blockchain network allows consumers and businesses to sell their surplus solar power in their neighbourhood without a middleman. Lithuanian startup, WePower, has been working around the same in partnership with Estonia’s transmission system operator Elering. WePower uploaded 26,000 hours and 24TWh of energy production and consumption data from the smart meters of Estonia on to the Ethereum blockchain, which led to the creation of 39 billion smart energy tokens that are tradable. P2P energy networks also capitalise on blockchain’s potential by creating a decentralised marketplace, which connects owners of electric vehicles and owners of charging stations for ‘mutual benefits’. German startup Motionwerk has proposed a blockchain-based P2P energy sharing project Share & Charge. Users are encouraged to share their private electric charging stations for money.

“Although blockchain technology started scaling from its incumbent phase in the power industry, it is still largely dominated by proof-of-concept projects and small-scale production deployments,” says Dasgupta. He also estimates mass-scale commercial adoption is still three-to-five years away. “There are several challenges to be addressed including deployment costs, the requirement of power to run the setup, and more importantly, the need to develop common standards and regulations. Electric utilities are similar to banks in the way they are centralised and highly regulated, hence it is crucial to creating an ideal set up for the implementation of transformative technologies such as blockchain.

Artificial Intelligence Key for NZ's Future

Tue, 01 Jan 2019 00:00:00 GMT

Artificial Intelligence (AI) is developing everywhere today: as a virtual assistant on every new smartphone, a robo-advisor to help make investment decisions, driving autonomous vehicles on our roads, and in sophisticated algorithms underlying recommendation engines for many of the world’s leading web platforms.

New Zealand has a thriving AI sector working with AI technologies at all levels. The AI Forum New Zealand (AIFNZ) brings together New Zealand's artificial intelligence community working together to harness the power of AI technologies to enable a prosperous, inclusive and thriving future New Zealand. It shows who's investing in, working with and thinking about the effects of Artificial Intelligence in New Zealand and sets out to raise the level of awareness and capabilities of Artificial Intelligence (AI). Due to it's rapid development, AI technologies present major opportunities and challenges. New Zealand needs to actively engage with AI now in order to secure our future prosperity. The Forum brings together citizens, business, academia and the Government connecting, promoting and advancing the AI ecosystem to help ensure a thriving future New Zealand enabled by technology.

New Zealand needs to seize new opportunities in 2019 and harness new AI technologies to deliver positive social and environmental outcomes, AI Forum New Zealand executive director Ben Reid says. AI has found NZ and making giant leaps forward in our lives. We are seeing so much potential for AI to solve some of our grand challenges in New Zealand, too. For example, AI can be used to reduce road fatalities from more accurate analysis of accident hot spots and also from autonomous vehicles arriving on our roads very soon.

Emerging and disruptive digital technologies continue to converge and while many of us have heard of ‘Artificial Intelligence’, this rapidly evolving technology ecosystem and its potential for economic transformation, is poorly understood. (Carolyn Treman, Chief Executive Ministry of Business, Innovation & Employment)

Artificial Intelligence is now an essential element in New Zealand’s journey towards being a Digital Nation. (Berry Sheers, Managing Director Microsoft New Zealand)

The AIFNZ defines artificial intelligence as: advanced digital technologies that enable machines to reproduce or surpass abilities that would require intelligence if humans were to perform them. This includes technologies that enable machines to learn and adapt, to sense and interact, to reason and plan, to optimise procedures and parameters, to operate autonomously, to be creative, and to extract knowledge from large amounts of data.

AI technologies will be influencing our lives today more than most people are aware of. Undoubtedly, AI will have major long term impacts on our business and economy, legal frameworks, ethics, environment, education, labour, productivity, social and justice outcomes. Perhaps unsurprisingly, given its complexity and rapid emergence, New Zealand’s understanding of AI’s significance is low compared to other issues with similarly wide-ranging effects on our society. New Zealand needs to act now, in a substantial, coordinated way, to increase it’s ability to remain competitive and adapt to changes brought about by AI.

Here are some examples of the impact AI could have:

Reducing cancer deaths from melanoma by assisting doctors to identify cancerous moles earlier and more accurately (and helping to alleviate the shortage of trained dermatologists)
Dairy Framing: Reduction of pollution – for example, by automatically identifying dairy cows which have strayed near waterways using machine vision on high resolution satellite images.
Improve educational outcomes by providing students with a 24/7 AI maths tutor, making individual tuition accessible to everyone.
Improve access to government services online whether via a simple chatbot on government websites or using AI to optimise digital customer journeys – enabling citizens to achieve what they want to do quicker and more efficiently.

The AIFNZ has published it's AI Forums landmark 2018 report which analyses AI impacts and opportunities for New Zealand's economy and society.

The AI Forum NZ is organising three upcoming events this year:
An AI-DAY conference in Auckland on March 27 and 28 includes international keynotes, presentations of industry experts and local trailblazers as well as panel discussions. Six practical 90 minute workshops with deep-dive into case studies, demonstrations and in-depth discussions are scheduled for the 3rd and 4th April 2019. Finally, a hackfest is held on 6th and 7th of April with up to 25 teams which will create, build and compete for supremacy.

Over 1200 NZ cyber security incidents reported in six months

Tue, 18 Dec 2018 00:00:00 GMT

Security threats are significantly increasing across the country. Within the period of January till July more than 1200 cyber security incidents have been reported in New Zealand, amounting to more than $5 million in losses according to the quarterly report findings from CERT NZ. These numbers show that an increasing number of Kiwi businesses and individuals were affected by cyber-attacks during the first half of 2018.

Phishing attacks dominated the reporting list, followed by scams, fraud and unauthorised access, alongside ransomware, website compromises and malware. “A vulnerability is a weakness in software, hardware or an online service that can be exploited to damage a system or access information,” said Rob Pope, director of CERT NZ. Global incidents also impacted Facebook, Ticketmaster, Ortbiz or Meltdown and Spectre. New Zealand has already had a number of popular security breaches such as the Inland Revenue, Z Energy and Vector. They have all fallen victim to media headlines and public scrutiny. Furthermore, a government minister was impersonated via social media.

Despite the breaches, security remains the number one investment priority of Kiwi channels, followed by managed services and customer experience. Customers are ranking security as a number three priority locally, behind cloud migration and data centre expansion. 44 per cent of businesses are planning to increase the number of partners they use during the next 12 months, while end-users are seeking “specialists with proven experience” in the market.

Only 12 per cent of businesses in New Zealand are seeking security expertise from outsourcing partners. Businesses are focusing more on digital transformation and cloud credentials. The forecast for security spending in New Zealand is predicting a growth of 9.9 per cent in 2019, reaching $604 million from $550 million in 2018.

Artificial Intelligence - Personal data you give away when you shop

Tue, 18 Dec 2018 00:00:00 GMT

Every single time you use your loyalty card at the check-out, use free Wi-Fi at an airport or shopping centre or put orders in place via an app, you hand over a huge amount of valuable personal data. You agreed to do so when you clicked 'accept' on the terms and conditions at the point of sign-up or login. Consumer data is used to personalise experiences and cut through the clutter of information, giving you more of what they think you want and less of what you don't.

More experts are increasingly concerned about how personal and sensitive data will be used in the future. For example, health insurers could one day set premiums based on predictions about your future wellbeing, employers could determine your productivity and loyalty, and banks might approve or reject your mortgage application using computer-generated analysis.

Artificial intelligence and algorithms might one day control us based on the data we freely give over now and we should be aware of it. Companies are drowning in information and collecting a lot of it. All of them know that data is important and they all have put in place a strategy to collect it as a top priority. With all that data, personalised, one-to-one experiences can be established in a way that hasn’t existed before.

Data usage is more and more used by artificial intelligence to figure out what you might buy in the future. Spotify is recommending new music based on your previous consumption habits in a calculation that's not just serving you more of what you like now, but what you could like. Rewards in exchange for their data are provided to users, e.g. free Wi-Fi at the airport, points on shopping, special discounts and the like. A US tech company has produced a device that connects to a smartphone and allows people with heart conditions to conduct a free at-home electrocardiography test. The data you're giving them is much more valuable and powerful than what you are paying for the service. In the future, they can make predictions about heart attacks and strokes.

People should not take it for granted and keep asking questions such as why do they want that kind of data? What might they do with it in the future? Private health insurers in Australia have been lobbying the Federal Government to overturn a ban on them accessing data from the controversial My Health Record. They argue it would be anonymous and used for research and statistical analysis, which may very well be the case — for now.

At a recent technology conference, ANZ revealed it was testing the use of artificial intelligence to assess a potential borrower's risk profile. The company IBM has also started using a system dubbed Watson that predicts future performance based on data and computerised analysis.

Facebook Data Usage

Tue, 18 Dec 2018 00:00:00 GMT

Internal Facebook documents released by a U.K. parliamentary committee offer the clearest evidence yet that the social network has used its enormous trove of user data as a competitive weapon, often in ways designed to keep its users in the dark. Facebook has been accused of cutting special deals with some app developers to give them more access to data. At the same time other potential rivals have been cut out.

Other documents showed Facebook executives discussing how company data and user data is collected. It considered quietly collecting the call records and text messages of users of phones that run on Google's Android operating system without asking their permission. More than 200 pages of documents on the tech giant's internal discussions about the value of users' personal information have been released by the U.K. committee covering the period between 2012 and 2015. It indicates the company's inner workings and the extent to which it used people's data to make money while publicly vowing to protect their privacy.

It is concerning how little users actually know about how Facebook treats their data. Facebook called the documents misleading and said the information they contain is "only part of the story." "Like any business, we had many internal conversations about the various ways we could build a sustainable business model for our platform," Facebook said in a statement. "But the facts are clear: We've never sold people's data."

In a Facebook post, company CEO Mark Zuckerberg was intending to put the documents in context. "Of course, we don't let everyone develop on our platform," he wrote. "We blocked a lot of sketchy apps. We also didn't allow developers to use our platform to replicate our functionality or grow their services virally in a way that creates little value for people on Facebook." The U.K. committee got hold of the documents from app developer Six4Three, maker of a now-defunct bikini-picture search app. Six4Three acquired the files as part of a U.S. lawsuit that accuses Facebook of deceptive, anti-competitive business practices. The documents remain under court seal in the U.S.

The documents "raise important questions about how Facebook treats users' data, their policies for working with app developers, and how they exercise their dominant position in the social media market," said committee chair Damian Collins. Facebook for example collected data about the mobile apps its users favoured to help it decide which companies to acquire. It also said Facebook knew that an update to its Android mobile app phone system — which allowed the Facebook app to hoover up user call logs and text messages — would be controversial. "To mitigate any bad PR, Facebook planned to make it as hard as possible for users to know that this was one of the underlying features of the upgrade of their app," the committee summary pointed out.

The documents also show Facebook would jealously safeguard its interests. In a January 2013 email exchange, Zuckerberg signed off on cutting access to Twitter's Vine video-producing app, which had allowed users to find their friends on Vine by pulling in data from Facebook. Also, a robust internal discussion about linking data to revenue could be found in the documents.

45% of Kiwi businesses ‘unprepared’ for data breaches

Tue, 18 Dec 2018 00:00:00 GMT

Businesses in New Zealand are struggling to defend against data breaches and are not properly using endpoint security, data protection or training security driven employee behaviour. HP research reports that 45 per cent of Kiwi organisations are self-rated as “not secure”, with 50 per cent of companies lacking in cyber security confidence.
“The consequences of a data breach are severe; from financial to brand and reputation damage,” said Grant Hopkins, managing director of HP New Zealand. “Organisations need to be vigilant about implementing processes that regularly monitor, detect and report data breaches. Running regular risk assessments and managing your endpoint security is critical in keeping businesses data safe.”

Hopkins also added that traditional security measures and anti-virus programs are becoming “less effective” with an increasing number of Kiwis working remotely and using personal devices in the workplace. Nowadays remote access to company data is very common and 60 per cent of local businesses “regularly allow” remote working, but only 42 per cent have a security policy in place.

“Endpoint security - at the device level - is critical,” Hopkins added. “Organisations tend to rely solely on third party software security to protect their devices when, in reality, stronger and better business security must be integrated into the device itself. … With hackers able to bypass traditional network perimeter security and anti-virus programs, it’s time we scrutinise a hardware’s security as closely, if not more, than our external security solutions.”

Customers tend towards focusing on efforts around PCs, tablets and other connected devices, but neglecting “one of the largest areas of vulnerability” in the form of the printer, Hopkins said. Printers used in general Kiwi businesses are “relatively insecure”. 30 per cent of the printers do not offer any security features and only 35 per cent of customer printers put effort in to IT security assessments.

“Security threats are evolving every day, …Due to reduced effectiveness of firewall protection, every device on an organisation’s network is at risk, and unfortunately printing and imaging devices are often overlooked and left exposed.” Hopkins finally mentioned. Therefore, “Protecting against security breaches is one of the biggest challenges organisations face.”

Samsung Phone Development

Tue, 18 Dec 2018 00:00:00 GMT

Samsung recently revealed the "second chapter" in smartphone technology. This is done by a so-called ‘Infinity Flex Display’, which stands for the first generation of foldable Galaxy smartphones. These foldable phones are an entirely new product category in mobile computing. They refer to a bendable display that can be unfolded into a larger form factor. The idea is to essentially provide a smartphone and a tablet in one device.

At this year’s Samsung Developer Conference (SDC), the Infinity Flex Display and One UI was revealed by their mobile president, DJ Koh. One UI is a “reengineered” design interface for Android. It has been made to assist with one-handed operation by automatically ordering relevant content on the bottom half of the screen using simplified, readily identifiable icons. Infinity Flex Display stands for Samsung’s folding screen application and has a larger, immersive display providing vast improvements to media playback and multitasking. For example, it can allow the usage of three active apps simultaneously.

Samsung has been working hard for a seamless apps transition from the smaller display to the larger display as the device unfolds. They also partnered with third-party developers to ensure the platform is well stocked with applications when it launches. Samsung's first folding phone is expected to launch in early 2019. A March release is expected to meet the tenth anniversary of the Samsung Galaxy brand. Samsung would like the folding/flexible smartphone displays to become mainstream while working on a range of Infinity Flex Display prototypes, such as screens that unroll like toilet paper!

The current debut model - ‘Galaxy X’ – was briefly shown off during the SDC keynote. It folds inwards and boasts a third OLED on the outer side with full smartphone functionality. When unfolded, the screen measures a tablet-esque 7.3 inches. The model seems to be quite thick - but that's to be expected.
Besides Samsung other vendors such as Huawei, LG, Lenovo and Apple are developing similar prototypes.

New 14TB IronWolf Leads NAS Hard Drives for Capacity, Performance and Durability

Tue, 18 Dec 2018 00:00:00 GMT

Seagate’s IronWolf and IronWolf Pro hard drives now come with a new 14TB top capacity leading the NAS storage market with the largest capacity options available. With IronWolf’s new unsurpassed 14TB capacity, your multi-drive NAS becomes exponentially more powerful. IronWolf and IronWolf Pro drives providing best-in-class reliability and performance for always-on environments and are trusted by the world’s top NAS vendors.

IronWolf drives are built with multi-user environments in mind, delivering a workload rating up to 300TB/year. This can be used in connected home setups, small and medium offices, and larger businesses. The benefits of IronWolf drives are including RAID performance, dual-plane balance, rotational vibration (RV) sensors, advanced power management and error recovery control as well as Seagate’s unique IronWolf Health Management embedded analysis and recovery software and 2-year Seagate Rescue Data Recovery Services (included with IronWolf Pro, and optional with IronWolf).

Business segments, government services and organiations will want to harness real-time data to deliver the absolute best product or service possible and nobody can afford a delay in processing information. The end-to-end use of data is disrupting every industry and segment in the world. Those that find a way to create value out of unstructured data, versus seeing data as a problem to deal with, will succeed. IronWolf also reliably makes larger workloads possible for creative professionals.

IT Earthquake Preparations

Thu, 29 Nov 2018 00:00:00 GMT

The recent large quake up north was a timely reminder to all about being prepared.

We all get constant reminders to ensure we have plans in place if the big one should hit. We have additional supplies of water, food, torch, etc and somewhere safe to go.

What we also need to do is to make sure we are IT Quake Ready.

This is in terms of Safety, Power, Communication & Backup.

Safety: Your hardware is firmly mounted, so that it won’t topple and injure someone or damage the important hardware.

Power: Protect critical hardware with UPSs (Uninterruptible Power Supplies). Have a Power Bank to recharge your phone.

Communication: Have the modem/router on a UPS to continue Internet access.Know how to use your phone as a hotspot.

Backup: Make sure you have in place a reliable, offsite backup system that is automated and monitored.

Endorsement for Microsoft Azure and Office 365 Services

Thu, 29 Nov 2018 00:00:00 GMT

The Office of the Privacy Commissioner has inked a contract to store all applications and data on Microsoft Azure and Office 365 services.

The deal was made, after a Privacy Impact Assessment found that Microsoft offered industry-leading data security, and better data security than the Privacy Commissioner can deliver for itself.

"Our privacy impact assessment (PIA) explains the context for our move, the key privacy risks, and why we are satisfied that we can overcome those risks," a notice on the Commissioner's website said.

Data will reside in Microsoft’s data centres in Sydney, with possible back-ups in Melbourne.

"We are satisfied that the privacy laws in Australia provide an equivalent level of protection to New Zealand law," the Privacy Commissioner said.

"Microsoft’s terms of service, along with local and overseas privacy regulations, will make sure that we have control over the data while we store it in Microsoft’s data centres.

"Microsoft also undergoes regular independent audits of its compliance with international standards."

The Privacy Commissioner said the deal provides access "state-of-the-art" support and security at a fraction of the cost of doing it in-house or through any onshore provider.

"This means that our data is safer, and we have more resources to deploy for to other parts of our business," the Privacy Commissioner said.

"Our move to an externally hosted environment is consistent with government policy to encourage the uptake of outsourced data storage and processing."

Current Scams Circulating

Thu, 29 Nov 2018 00:00:00 GMT

Fake Tech Support Calls
The phone call at your office and a fake Microsoft person is investigating a malware attack. Sounding official and asking to access your desktop. Once being in installing ransomware and lock you out, extorting you or your company to pay a hefty fee in order to get your files back.

"Look at This Resume"
An official-looking email comes from an unfamiliar name but with an attachment and request that sounds like it could be related to something you’d forgotten. Clicking the attachment and infecting your computer and possibly your whole company’s system with malware.

One-Ring Scam
A call comes in from an unknown number, rings once, and then stops. You call the number back not realising until later that you were automatically charged for a service you didn’t ask for.

Infection Detected
A pop-up add with graphics such as a big red X appears and alerts you that your computer might be infected with a virus. Click a link and pay $50 to scan and clear your system but computer will now be infected by new malware and other unpleasantness.

“See Who’s Viewed Your Profile”
This type of “clickjacking” promises to show you who has been checking out your profile requesting for personal information, leading your info to be compromised or malware to be installed on your computer.

Credit Card Pre-Approval
Notice that you’ve been pre-approved for a credit card and you have to pay the annual fee up front.

Account Cancellation Notice
An email telling you that your credit card or banking account has been cancelled leads you to provide your account information and login info to scammer.

“Confirm Your Email Account”
You get a request to confirm your account from a bank or other seemingly reputable company, but as you click through and enter your information, you are merely confirming that you’re gullible to a convincing scam.

Job Scams
Email offering a job in a foreign country asking to send money to cover the cost of paperwork or the cost of getting a work permit.

Court Notice
An email from a law firm telling you to appear in court including a link to court notice. Click to infect your computer.

Free Stuff
It promises free things or tickets asking you to click a link to claim your freebies and infect your computer with malware.

The Nigerian Prince
A prince from Nigeria (Ivory Coast, Spain, or Togo …) is wanting your help pay for the taxes, legal fees etc. with the goal to lift it from your bank account.

The Perfect Girlfriend
An message sent through a dating site or Facebook from an account with a really cute profile pic asking you for money to cover the airfare to come and see you.

“Work From Home” Mailed Check or Upfront Fees
Popup ads promising that you can make $2,000 a week working from your living room ending up costing you money by wiring back mistakenly paid money while the check will bounce. Or charge you an “activation fee” to get started.

All-Expenses Paid Vacation
Email or phone call informing you that you’ve won an all-expenses-paid vacation to some exotic destination asking for your credit card information to hold the reservation.

Free Gift Cards
More popular than ever as phishing scam. An offer of a free gift card takes you to enter personal information.

“Payment Requested”
Notice of outstanding charge for a cable bill or some online purchase.

Fake Celebrity News
A shocking headline to click a pop-up ad with unintentional malware download that could cause major problems.

The Scandalous Photo
A Facebook message pointing out a photo of you leads you to file-sharing website by clicking and brings some nasty malware onto your computer.

Mugged on Vacation
Email or message from a friends address/account reaches you out of the blue to tell you they’ve been mugged and need your help to pay their expenses to get back home.

Unprepared for Data Breaches

Thu, 29 Nov 2018 00:00:00 GMT

45% of Kiwi businesses ‘unprepared’ for data breaches
Half of Kiwi companies lacking in cyber security confidence

“The consequences of a data breach are severe; from financial to brand and reputation damage,” says HP New Zealand managing director Grant Hopkins. “Organisations need to be vigilant about implementing processes that regularly monitor, detect and report data breaches. Running regular risk assessments and managing your endpoint security is critical in keeping businesses data safe.

Many IT departments tend to focus their efforts around PCs, tablets and other connected devices, but they neglect one of the largest areas of vulnerability: the printer.

The study found that New Zealand businesses have printers that are relatively insecure with 30% not offering any security features and only 35% of businesses including printers in their IT security assessment. Without embedded security measures like real-time threat detection, automated monitoring, and data encryption, printers are left open and vulnerable to attack. Not only does this make the confidential and sensitive documents that are printed, scanned and copied by the printer easily accessible for hackers, but risks the entire network being hacked, while bypassing the firewall altogether.

USB Ninja Cable Attack

Tue, 30 Oct 2018 00:00:00 GMT

A malicious version of a USB charging cable has been built compromising a computer in just a few seconds. Once the USB cable is plugged in, it turns into a peripheral device capable of typing and launching commands.

Its makers of several computer security specialists call it USBHarpoon. Researchers have shown an attacker being able to reprogram the controller chip of a USB drive and make it appear to the computer as a human interface device (HID) which can be anything from an input device like a keyboard that issues a rapid succession of commands, to a network card that modifies the system’s DNS settings to redirect traffic.

Replacing the USB drive with a charging cable, users are less likely be aware of. Modified connectors of the cable allow both data and power to pass through. Any type of device that powers through USB can be effected without raising suspicions about plugging the cable.

Now Kevin Mitnick, KnowBe4's Chief Hacking Officer wrote: "I’m excited to share the new #USBNinja cable that uses Bluetooth to command the malicious cable to inject its payload onto a targeted machine. The transmitter range is up to 100m depending on the antenna used.

Mitnick continued with: "My sincere congrats to Olaf, Dennis, Vincent Yiu and the rest of the RFID Team for such brilliant work. This work was borne out of the NSA’s COTTONMOUTH project disclosed by Edward Snowden. For those that are interested in the #USBNinja cable, this was formally codenamed USBHarpoon."

Here is a link where you can see this brand new attack video yourself. Have fun and shiver:
https://blog.knowbe4.com/knowbe4s-chief-hacking-officer-kevin-mitnick-demonstrates-the-usb-ninja-cab...

Block Chains

Tue, 30 Oct 2018 00:00:00 GMT

Blockchain was invented by Satoshi Nakamoto in 2008 to serve as the public transaction ledger of the cryptocurrency bitcoin. The invention of the blockchain for bitcoin made it the first digital currency to solve the double-spending problem without the need of a trusted authority or central server.

A blockchain is a growing list of records, called blocks, which are linked using cryptographic algorithms. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data to be resistant to modification of the data. It is "an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way". Hence, a blockchain is generally managed by a peer-to-peer network collectively adhering to a protocol for inter-node communication and validating new blocks. Once recorded, the data in any given block cannot be altered retroactively without alteration of all subsequent blocks.

You can find a blockchain explanation into more detail here:

Mazonka, Oleg (29 December 2016). "Blockchain: Simple Explanation" (PDF). Journal of Reference http://jrxv.net/x/16/chain.pdf

UEFI Rootkit

Tue, 30 Oct 2018 00:00:00 GMT

Until August this year, no UEFI rootkit has ever been detected in a real cyber attack. They have been presented at security conferences as proofs of concept and are known to be at the disposal of governmental agencies.

Late September 2018, Security researchers from ESET came across a Unified Extensible Firmware Interface (UEFI) rootkit (named LoJax by ESET, detected by Trend Micro as BKDR_FALOJAK.USOMON and Backdoor.Win32.FALOJAK.AA) in the wild being used for cyberespionage based on a campaign by the Sednit APT group. The UEFI rootkit was found bundled together with a toolset able to patch a victim's system firmware in order to install malware at this deep level.

The rootkit is reportedly packaged with other tools that modify the system’s firmware to infect it with malware.

Malware is dropped off onto the system and ensures it is executed when the computer boots. LoJax affects UEFI, which provides an interface for the system’s operating system (OS) to connect with the firmware. As such, LoJax can persist in the UEFI even if the system’s OS is reinstalled or its hard drives replaced. If infection is successful, attackers can use LoJax to remotely access the system constantly and install and execute additional malware on it. The security researchers said that it can also be used to track the system’s location and possibly that of the system's owner.

What is UEFI (Unified Extensible Firmware Interface)?
The computer code that starts right after the computer is turned on and has the ultimate power over the computer’s operating system (and thus the whole machine) is called firmware. The standard – think of it as a set of rules – for how the firmware behaves is called UEFI (its predecessor was called BIOS). Firmware and UEFI (Unified Extensible Firmware Interface) are often linked together and called UEFI firmware.

A rootkit is a dangerous malware designed to gain “illegal” and persistent access to what is otherwise not allowed. Typically, a rootkit also masks its existence or the existence of other malware.

New HP Leather Laptop

Tue, 30 Oct 2018 00:00:00 GMT

HP has just released the new designed Spectre Folio using leather material. It's the HP way of expressing creativity and high end technology in a stunning way by combining newest technologies with a traditional good feeling material.

The Spectre Folio looks finely crafted from its leather spine to the smooth way the hinge transitions between different orientations. The Spectre Folio features: USB-C ports, smooth touchpad, a small leather slot for HP's Digital Pen as well as four Bang & Olufsen speakers for rich sound. The leather makes it different with its almost vintage appeal being soft and warm to the touch.

The Folio is the first computer using the new dual-core, 8th generation Y-series Intel CPU, which allows for its completely fan-less design. HP worked together with Intel to build a motherboard that's 20 percent smaller than most laptops. The Folio is also the first to use Intel's low power display technology, which can significantly reduce screen battery use. To be an HP "Always Connected" PC, it also comes with a huge battery with up to 19 hours worth of juice on the Core i5 model, and over 17 hours on the Core i7.

Pre-ordering the Spectre Folio has started in the US. "Cognac Brown" is the initial colour to pick, but HP also plans to release a "Bordeux Burgundy" option later.

Data Breach

Thu, 27 Sep 2018 00:00:00 GMT

Protecting your customers from a Data Breach is a very real, very valid concern. With rapid implementation of the General Data Protection Regulation (GDPR) and Australia's new Notifiable Data Breach (NDB), companies across the world are having to react and adapt quickly, to secure their system from the risk of their customers data being exposed.

New Zealanders are not immune from hefty fines, penalties and sanctions in failing to protect information of their customers and it is only a matter of time before New Zealand law follows suit, to enforce its own set of laws around the way data is handled.

We will keep you updated as we learn more, however ensuring your systems and data are secure from hackers is an essential action with or without legislation.

Destructive Ransomware

Thu, 27 Sep 2018 00:00:00 GMT

The SamSam ransomware has made cybercriminals at least $6m since they started distributing the file-locking malware in late 2015 to encrypt data and backups. Their profits are still on the rise, netting around an additional $300,000 each month.

SamSam is different to other forms of ransomware; while other variants are spammed out to potential victims by email, SamSam attacks are thought to begin with a remote desktop protocol (RDP) compromise, either by brute force attacks, or credentials purchased on the dark web.

Once inside a compromised machine, the attackers seek out vulnerabilities which they exploit to spread across an organisation's network before encrypting files.

With a stranglehold on an entire network, the attackers then demand a huge bitcoin ransom payment in exchange for the decryption keys. The payments now regularly reach over $50,000.

SamSam requires a more hands-on technique than other forms of ransomware, but the time and effort is apparently paying off for the crooks.

The number of payments received per month throughout 2018 has peaked at 10, indicating a level of precision by the attackers.

Infected PDF's

Thu, 27 Sep 2018 00:00:00 GMT

The Turla threat group, certainly Russian-speaking and widely attributed to Russian intelligence services, is back with a new scary phishing technique. These bad guys are sending emails with a malicious PDF payload that installs a hidden backdoor in the workstation.

The backdoor is a standalone dynamic link library that's able to install itself and interact with Outlook and other email clients. It exfiltrates data through email, which means that it evades detection by many commonly used data loss prevention products. The stolen data is enclosed in a PDF container, which also looks unproblematic to many security solutions.

Researchers who've tracked this latest evolution of Turla warn, there's no command-and-control server that can be taken down - the malware can be completely controlled via email, the data exfiltration can look entirely legitimate, and the ways in which the campaign modifies standard functions make it a stealthy and tough-to-eradicate infection.

The purpose of this malware is monitor to all incoming and outgoing emails from infected systems and to gather info about the sender, recipient, subject, and attachment name (if any). That data is then organised into logs that are sent to Turla operators.

The Outlook backdoor also checks all incoming email for PDFs that might contain commands from the attackers. It will accept commands from ANY threat actor that is able to encode them in the right format in a PDF document.

If the email address to which the malware typically transmits stolen data is blocked, the hacker can recover control of the backdoor simply by sending a rogue PDF with a new C2 address.

Shopping Trends

Thu, 27 Sep 2018 00:00:00 GMT

NZ Post commissioned Datamine to carry out some research into shopping trends. The results provide an interesting overview of the state of play of bricks and mortar versus online shopping, and New Zealand versus international spend:

51.2% of global web traffic originated from mobile devices, up from 48.3% in the corresponding previous quarter
33% of all online product spend goes overseas. When adding digital services like Netflix, this increases to 45%. (Figures exclude tourism, utilities, etc)
8% of overall retail spend is online. Forecast to rise to 17.5% by 2021.
Year on year growth of online was 13% in 2017, outstripping bricks and mortar retail growth of 0.9%.
In the USA, 44% of their 9% online spend was on Amazon.
In China, 25% of all retail sales will be online this year.

Mandatory data breach law - what this means for your business

Wed, 29 Aug 2018 00:00:00 GMT

Changes to the Privacy Act could force NZ businesses to notify people when they have a data breach.

Currently in NZ, if a cyber-attacker steals personal information from a company, the company doesn't legally have to alert those people who are affected or even tell the Privacy Commission. But thankfully, new privacy laws that were introduced into Parliament in March 2018 could make this a thing of the past.

One of the main changes to the Privacy Act, currently with the select committee, is a mandatory data breach notification which will force public and private sector agencies to notify affected individuals, and the Privacy Commissioner, if they experience a 'data breach which poses a risk of harm'. Failure to do so, could result in a fine of up to $10,000. This would encourage businesses to increase security around data storing and sharing, and potentially obtain insurance specific to cyber-security risks.

How do I prevent or minimise data breaches?
As a business, there are several things you can do to help you stay one step ahead of cyber- crime, such as:

• Learn how to identify and deal with cyber-attacks – Make sure you're up-to-date with the latest ways on how to identify, prevent, and minimise data breaches.

• Educate employees - Teach your staff the most secure ways of data sharing and storing, and how to identify and deal with data breaches.

• Evaluate your technology – Check if your software and hardware can adequately identify and deal with data breaches in real time.

• Analyse your data security - Ensure that IT and printer software and security is comprehensive, up-to-date and monitored on a 24/7 basis.

• Minimise the amount of personal information you hold – This can be a tough one, especially when it comes to marketing databases, but if you can, try and decrease the personal data your organisation stores.

• Encrypt and anonymise personal data – When you can, encrypt or anonymise personal information.

Cyber Attackers are Targeting Kiwi Work Printers

Wed, 29 Aug 2018 00:00:00 GMT

In the hacker world, printers are now seen as a 'weak link' into any business network, making them one of the easiest entry points for an attack. Printer breaches now make up 16 per cent of all cyber-attacks and result in millions of dollars being lost by companies each year.

The reality is, that most businesses overlook print security with many network-connected printers having no restrictions or not being securely locked down. This can be things such as not changing their password or failing to make the password complex enough, such as using 'admin'.

Company printers are not only accessed by people across the business, but they offer network access, providing greater opportunities for attackers to compromise the device and, therefore the entire network. Hard drives, operating systems, memory storage and access to the internet are also factors that make printers vulnerable. What makes it worse, is that work printers are generally never switched off which offers hackers 24/7 access, meaning they are vulnerable all the time.

Technology advances have meant that hackers can use any free open source tool to upload malwares to printers these days, making it easy to get their foot in the door.

What can attackers do once they've hacked into your printer?
Once hackers are into your printer, there are so many different things they can do with access and information – they've not only got access to your network but also the files sent or printed.

The obvious one is they can see all information (sensitive or not) relating to your business and use this either for marketing purposes or use it against you (name and shame). They then use this information to make money in many ways, such as siphon from a bank account.

They can steal information or delete files. They can also stop you from getting access to certain things such as folders, or even your whole network, and companies can be forced to pay a ransom to get their access back.

How do you know if your work printers are exposed?
There are various ways to find out if you're exposed to thwart cyber-attacks, including educating employees on how to spot threats and what to do next. It's also important to check if you're exposed by having an expert check your printers.

Brands like HP do security assessments and can advise on your current infrastructure through their Print Security Advisory Service that is dedicated to helping companies defend themselves against cyber-attacks. HP have invested in building secure printer portfolios that are designed to detect and defend against cyber-attacks, some can even self-heal if they are breached. They can help you develop a print security plan, to help you address those risks and understand how to spot potential threats in the future.

Fortnite for Android Skips the Play Store, and that's a Huge Security Risk

Wed, 29 Aug 2018 00:00:00 GMT

Android gamers have been itching to get their hands on Fortnite ever since the game made the jump to iOS back in April. But the developer has now confirmed that to play it, they’ll have to go outside Google’s Play Store distribution service.

The potential for unclear guidelines and abuse is unlimited. Malware and spyware developers have been posting fake Android downloads for “Fortnite” for months, even advertising them on YouTube. They’re hoping that gamers will throw away caution in order to install an unverified program, and open up their phone to data harvesting, ransomware attacks, cryptocurrency mining, and other unsavoury practices.

The games developer Epic Games, has boasted of Android users’ “freedom to install the software they choose,” and cautioned them to download only from trusted sources. That’s sage advice, but it’s advice that they are making it harder to follow.

If you’re a gamer looking to get your battle royale on via Android, and especially if you’re a parent whose kids are obsessed with the game, take extra care to make sure you don’t become a victim of Epic Games’ short-sighted lack of concern.

Information Technology Acronyms

Tue, 17 Jul 2018 00:00:00 GMT

The computer industry seems to have a disproportionate number of acronyms and to the lay person it must sound like we are talking a foreign language.

To help we have listed some of the common ones below:

AD Administrative Domain

AMOLED Active-Matrix Organis Light-Emitting Diode

API Application Programming Interface

CERT Computer Emergency Response Team

DHCP Dynamic Host Configuration Protocol

DoS Denial of Service

HDD Hard Disk Drive

HDMI High-Definition Multimedia Interface

GUI Graphical User Interface

LAN Local Area Network

NAS Network-Attached Storage

OS Operating System

PCI Peripheral Component Interconnect

PCIe PCI Express

PoE Power over Ethernet

PPP Point-to-Point Protocol

PPPoE PPP over Ethernet

RAID Redundant Array of Independent Disks

SATA Serial ATA

SSD Solid State Drive

TCP/IP Transmission Control Protocol/Internet Protocol

VoIP Voice over Internet Protocol

WLAN Wireless Local Area Network

If you would like further punishment, follow this link:
https://en.wikipedia.org/wiki/List_of_computing_and_IT_abbreviations
Trackbacks (0) | Permalink

Scam Phone Calls

Tue, 17 Jul 2018 00:00:00 GMT

Virus phone scam being run from call centres in India

The scam always starts the same way: the phone rings at someone's home, and the caller – usually with an Indian accent – asks for the householder, quoting their name and address before saying "I'm calling for Microsoft. We've had a report from your internet service provider of serious virus problems from your computer."

Dire forecasts are made that if the problem is not solved, the computer will become unusable.

The puzzled owner is then directed to their computer and asked to open a program called "Windows Event Viewer". Its contents are, to the average user, worrying: they look like a long list of errors, some labelled "critical". "Yes, that's it," says the caller. "Now let me guide you through the steps to fixing it."

The computer owner is directed to a website and told to download a program that hands over remote control of the computer, and the caller "installs" various "fixes" for the problem. And then it's time to pay a fee: £185 for a "subscription" to the "preventative service".

The only catch: there was never anything wrong with the computer, the caller is not working for Microsoft or the internet service provider, and the owner has given a complete stranger access to every piece of data on their machine.This scam has been going on quietly since 2008 but has abruptly grown in scale this year, is being run from call centres based in Kolkata, by teams believed to have access to sales databases from computer and software companies.Often, the victims are inexperienced or elderly, convinced by the apparent authority of the callers and the worrying contents of the Event Viewer. In fact, such "errors" are not indicative of any problems.

Microsoft denies any connection with the companies that call people up offering these services.

When The Guardian newspaper in the UK contacted Microsoft about these scams, Microsoft said it was "currently investigating a series of instances in which the business practices of an organisation within the Microsoft Partner Network [that] have given rise to significant concerns from a number of sources. We take matters such as these extremely seriously and will take any action that is appropriate once our investigation is complete."

Computer Culture's Security Solutions

Fri, 22 Jun 2018 00:00:00 GMT

We have developed a process to assist clients to understand your current security level and how you can reduce the risk of cyber-attacks.

This covers:

Upgrading the security appliance
Securing the network (including the Wi-Fi)
Implementing device management
Ensuring there is a high level of end point threat protection
Adding email protection
Advising on how to improve data security
Ensuring there is regular patching
Putting a managed offsite backup in place
Helping with user education and rights management

The Importance of Risk Management

Fri, 22 Jun 2018 00:00:00 GMT

We just learnt of a cyberattack in Chile where a bank’s servers and workstations were knocked out to cover the electronic theft of US$10 million dollars. This highlights the need to have a robust system in place to help reduce the risk of your network being compromised.

Identify and address security gaps
Secure mission-critical infrastructure
Enforce the principle of least privilege
Proactively monitor online premises
Foster a culture of cyber security
Create a proactive incident response strategy

Computer Culture can help you work through this process. Please contact us to discuss.

Remote Workers

Thu, 21 Jun 2018 00:00:00 GMT

Data from Spark Lab shows over 70% of small-to-medium enterprises (SMEs) are providing their employees with access to business systems and tools to work remotely. While that means employees can, and will, spend more time away from the office, that’s not necessarily a bad thing for businesses.

Remote access has been recognised by SME owners as one of the key ways to further their business potential – not just allowing employees to be contactable via email, but providing full document sharing and information circulation for complete mobility.

This latest data comes from Spark Lab’s partner, Digital Journey, which discovered that of the 70% of SMEs that provide access to business systems remotely, document access and access to financial information has increased the most on previous years. One explanation for this growth is the rise of services like Office 365 and Xero.

Another recent Spark survey of business people found that 62% believe mobile technology will give NZ businesses the greatest technology edge in 2018. Spark business marketing head Sally Gordon says there’s clearly a trend towards collaboration and document sharing services, and the benefits for SMEs can be great. “Moving your applications and software to cloud-based platforms enables you to access and manage everything, anywhere with just an internet browser, as opposed to being confined to your computer’s hard drive.” “Cloud-based applications foster stronger collaboration across different workplaces, whether it be at home, in a café or between meetings. They also provide business continuity when moving offices or during an unplanned event like an earthquake.” “There are a lot of rewards on the social side of things too, with employees able to work flexibly to suit their family or other commitments.”

Here are Spark Lab’s top tips to make your business more mobile:

- Set up your digital infrastructure so employees can work from anywhere, at any time.

- Set boundaries based on trust. Be clear about what’s expected of employees. For example, what hours do they need to be online and available?

- Don’t forget data. Employees working mobile may require more mobile data. Have measures in place to manage usage, such as mobile data caps or an unlimited data plan that removes the risk of going over.

- Stay secure. There are a few easy steps to keep your information secure while working remotely. Enabling 2-factor authentication is easy to do, and often free. It means a hacker would need more than your password to get in.

- Another really easy way to keep your data safe is by using an incognito or private browser. This stops your browsing history from being remembered, including your search history and auto-fill information.

Stop Google from Tracking You and Delete Your Personal Data

Tue, 29 May 2018 00:00:00 GMT

You probably know that websites keep track of how you're using them, and even the sites that don't require you to sign up with an account can keep a track of your preferences and behaviour using cookies. But the biggest networks, like Google, and Facebook, keep tracking you even when you're not signed in and follow you around the Internet to serve you with "relevant" advertising and content. And since most of us will have signed up for at least one of Google's many popular services, that's the company that has the most information. Not everyone is comfortable with the idea of one company knowing so much about them. If you're one of these people, read on to find out how to minimise Google's tracking online.

Disable Tracking
If you've noticed the same ads following you no matter which website you visit, it may be because Google is tracking you. Thankfully, Google makes it very easy to disable tracking. Go through these steps to protect your privacy.

1) Google has a page for advertisement settings. Visit it and sign in. https://adssettings.google.com/authenticated
2) Here you will see two columns, one for advertisements you'll see on Google's websites and one for the advertisements you'll be shown on the Web. Based on your data, Google will have estimated your gender, age, languages you speak and your interests. Scroll down to Opt-out settings and click Opt-out in both columns. You'll notice that the data above will be replaced by N/A.
3) Google's advertising cookie is still tracking you. To remove it, head to the Advertising cookie opt-out page and click Download the cookie opt-out plugin. This plugin is available for Chrome, Internet Explorer and Firefox. After downloading this plugin, Google will stop tracking your browsing activity.

Disable Search History
While that stops the direct tracking, Google is still gathering a lot of information about your behaviour. Whether you're using Gmail, or YouTube or Google itself to search for things, you're giving the company a clear trail of browsing data. The good news is that you can stop it from doing so easily. This is how:
1) Head to Google's account history page and sign in. https://myaccount.google.com/activitycontrols
2) You will see four large cards (Things that you search for, Places you've been, Your YouTube searches, and Things that you've watched on YouTube). Each one of these will have a Pause button near the bottom-right and a Manage Activity link on the bottom-left.

3) Click Pause on all four tiles. This will stop Google from recording your personal data.
4) To remove the data that Google has already recorded, for each tile, click the Manage Activity link, then select the items, and click on "Delete Activity by" to delete by date.

For Android, iOS Users
If a smartphone or tablet is your preferred device for browsing the Web, you can take a quick peek in its settings to disable tracking. On Android, head to Settings > Accounts & Sync > Google > Ads (on some devices, Google may appear in the Settings app itself). Now make sure that there is a check-mark next to Opt out of interest-based ads. On iOS, go to Settings > Privacy > Advertising and turn on Limit Ad Tracking. This will stop websites that serve advertisements from tracking your browsing activity.

The Cost of Cybercrime

Mon, 28 May 2018 00:00:00 GMT

In 2017 one million Kiwis lost $177M to cybercrime. This will be significantly higher in 2018.

According to Norton by Symantec findings for 2017, nearly half of all New Zealanders have or know someone who has been impacted by an online security threat. Of those who have ever been a victim of cyber crime, 56% have been affected in the past year. “People’s actions revealed a dangerous disconnect,” Symantec director of consumer business, Mark Gorrie, said. “Despite a steady stream of cyber crime sprees reported by media, too many people appear to feel invincible and skip taking even basic precautions to protect themselves. This disconnect highlights the need for consumer digital safety and the urgency for consumers to get back to basics when it comes to doing their part to prevent cyber crime.” The report, which spanned 20 countries, found that 978 million people were affected by cyber crime in 2017. Specific to New Zealand, millennials were the most common victims of cyber crime during the past 12 months. Despite the availability of device protection technologies such as fingerprint ID, pattern matching and facial recognition, nearly half of millennials don’t have any security measures on their devices. “They were also the most likely age group to share their passwords – half of all millennials have shared their smartphone passwords,” Gorrie explained. Password sharing is “rife” in New Zealand with 51% of Kiwis sharing passwords for at least one online account with others.

Behaviours
Despite 86% of New Zealanders believing cyber crime should be treated as a criminal act, 16% believe stealing information online is not as bad as stealing property in “real life”. Furthermore, 40% of Kiwis believe it’s sometimes acceptable to engage in “morally questionable online behaviour” in certain instances such as reading someone else’s emails without their consent (22%), sharing things they know are untrue on social media (14%) and putting software on someone’s machine to spy on them (12%). Of interest to the channel, people’s level of trust affects their behaviour when it comes to security. “Kiwis who reported gaining trust in themselves and their security software were more likely to apply security updates when prompted,” Gorrie added. “Kiwis were also more likely to gain trust in security software providers if they received a scam email which was flagged as such.” However, Gorrie said they are not as trusting of some institutions and organisations. Over the past year New Zealanders lost trust in the ability of credit report companies that gather information without user consent (39%), social media platforms (37%) and the government (33%) to manage their data and personal information.

The findings follow news that data breach notification is widely expected to become mandatory in New Zealand, positioning the channel as subject matter experts across the country. As part of changes to the Privacy Act now being drafted by the Ministry of Justice, Privacy Commissioner John Edwards has recommended fines of up to $100,000 in the case of an individual and up to $1 million in the case of a body corporate being breached.

Credit to Reseller News and James Henderson for this article.

General Data Protection Regulation (GDPR)

Fri, 18 May 2018 00:00:00 GMT

New EU legislation, the General Data Protection Regulation (GDPR) will be in place soon and it will be the biggest shake-up of data privacy laws since the birth of the web. Privacy and data protection may not seem important to countries outside the EU, however the new rules will impact on any international organisation handling personal data of anyone residing in the European Union.

The extraterritorial scope of the GDPR means that some New Zealand organisations and businesses need to review their internal data processing procedures, or risk hefty fines for non-compliance. European data protection authorities will have the power to impose fines of up to €20 million or 4% of annual worldwide turnover (whichever is higher) for any breach of the GDPR. The GDPR can also result in civil liability. Any person who has suffered damage as a result of a breach of the GDPR has the right to receive compensation from the data controller or the data processor.

Step 1: Who needs to comply?
The GDPR is fitted with a broad territorial scope – meaning it is affecting businesses outside the EU.

EU-based entities
Any processing of personal data in the context of a branch or subsidiary in the EU must comply with the GDPR. That is the case even if the actual processing itself takes place outside the European Union. Providers of outsourced services such as IT or admin services or cloud storage will be caught by this provision.

Example
Kiwi Ltd is offering an international money transfer service to customers worldwide. All customer data is processed and stored on a cloud storage facility hosted in the United States. Kiwi Ltd offers the service to its European customers through a German subsidiary.

Non-EU based entities processing data of individuals within the EU
All businesses with customers in the European Union or businesses that merely monitor the behaviours of individuals who live in the EU must abide by the new EU data protection standards. These businesses must ensure that they comply with the GDPR; irrespective of their physical location. The game changer here is that even businesses without a physical presence in the EU may have to comply with the new rules if they:

sell goods or services to a person who lives in the EU; or
monitor the behaviour of a person who lives in the EU.

The critical factor is the location of the individual (data subject) not the location of the data processor or data controller.

Example for monitoring behaviour of EU residents
NZ Ltd (without an EU subsidiary or branch) is selling apparel online to Australian and New Zealand customers. It is considering expanding its operations to the European market. To that end, NZ Ltd uses web analytic tools to determine how many people from each European country visit the NZ Ltd website and what they are interested in. NZ Ltd would need to comply with the GDPR because any form of web profiling or tracking, whether through cookies or otherwise, will fall into the ambit of the GDPR. The direct consequence of this is that businesses can no longer go “forum shopping” for the lowest data protection standards in the EU. Uncertainty exists as to how these privacy standards will be enforced in practice against an entity outside the EU, especially if they have no assets in the EU. However, there is a reputational element at play as well. Businesses that want to succeed in the European market must therefore ensure that they comply with the GDPR. The bigger sting may result from potential civil liability which would be (unlike fines) enforceable in New Zealand as a money judgment.

Step 2: What personal data is being collected and processed?
Personal data is broadly defined in the GDPR. Personal data is any information relating to a person who can be identified either directly or indirectly. Personal data may relate to a person’s private, professional, or public life. It can be anything from a name, a photo, an email address, employment details, interactions on social media, medical records, or an IP address. Even a dynamic IP address can be personal data (C-582/14 2016 Breyer v Federal Republic of Germany).

A person may be indirectly identifiable if identification is made possible through combining different pieces of information that by themselves alone would not reveal the identity of the person.

The GDPR does not apply to personal data that has been anonymised so that an individual can no longer be identified from the information itself. However, pseudonymised data that is retracable may be considered as personal data on individuals which are indirectly identifiable.

Step 3: How is personal data collected?
Businesses need to have a close look at how they collect personal data. Data may be collected from many sources: A person may have provided it voluntarily for “free” services such as search engine services or social networks. Personal data may also be captured automatically through cookies, web analytics, and sensors.

The GDPR approaches consent more restrictively. Consent must be “freely given, specific, informed and unambiguous”. Silence, pre-ticked boxes or inactivity is not a form of valid consent.

Consent must be specific to distinct purposes for handling personal data. Consent should cover all intended processing activities.

Particular conditions are imposed in the case of children online and for sensitive personal information.

Step 4: Why is personal data processed?
Businesses need to be clear about the legal ground or grounds for which they process personal data.
The GDPR prohibits the processing of personal data unless there are legal grounds to do so. In other words just because a business can process personal data does not mean it is also legally entitled to do so.

Legal grounds for processing of personal data include:

To perform a contract;

The individual concerned has given consent;

The data controller has a legitimate interest;

Statutory obligation to collect and retain information (eg, employers);

To perform the lawful function of a public authority; or

For the protection of vital interests of that person.

Personal data must be handled for specified and explicit purposes. During the life cycle of data, the personal data cannot be further processed in ways that are incompatible with the initial purposes for which the data was collected.

For instance, personal data that has been collected to perform a sale of goods contract cannot later be used for marketing, unless the person has specifically agreed to receiving promotional offers.

The GDPR does not provide for an intra-group privilege. Instead each group subsidiary will be accountable for its own data protection standards. This also means that intra group data transfers must be justified by law.

Example
Kiwi Holding Ltd is employing Swedish staff through its Swedish subsidiary. However, the actual payments of salaries to the Swedish staff comes from Kiwi Holding. There is – by default – no right for the Swedish subsidiary to transfer employee data to Kiwi Holding Ltd. Express consent is required from each Swedish employee for the intra-group data transfer to be legal.

Conclusion
The GDPR has introduced extended liability and increased penalties. With this in mind, companies should be particularly careful when handling personal data of Europeans. Businesses need to review their internal data policies and procedures that address privacy and data protection, including their IT policy, HR policy, outsourcing procedures, and any policy affecting data subjects in the European Union. GDPR compliance is not a one-off task. It is an ongoing process. Relevant policies should therefore continuously be monitored, reviewed, and most importantly communicated to staff. Bianca Mueller bianca@lawdownunder.com practises as a New Zealand barrister and solicitor and a German lawyer. She is the founder of the technology law firm LawDownUnder which focuses on European transnational and commercial relationships with New Zealand and Australia.

Why are privacy standards high in Europe?
The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. The European understanding of privacy is deeply rooted in human dignity and autonomy. It implies that each person can control and draw the line between their public and private sphere. The basic idea is that people should be able to control personal data about them also called “informational self-determination”. This means that individuals have a right to determine when, how, and for what purpose personal information about them is being held and used.

Household Battery Recycling

Wed, 16 May 2018 00:00:00 GMT

Help keep our environment clean. Recycle your old household batteries.

Piko Wholefoods offer a collection bin to send your old batteries away to a suitable country for recycling. There is a small charge per battery to cover the costs of shipping these overseas.

Costs are as follow:
80 cents for D batteries
40 cents for C batteries
30 cents for 9 volt batteries
20 cents for AA batteries
10 cents for AAA batteries
10 cents for button batteries

You can also recycle your old cellphone batteries too. There is no charge for these.

Piko Wholefoods is located at :
229 Kilmore Street Christchurch
corner Kilmore / Barbadoes Streets

Apple, Xero and Go Via Scams

Thu, 19 Apr 2018 00:00:00 GMT

Last month Apple, Xero and Go Via were among the companies whose brands were hijacked by scammers, with phishing email campaigns using the businesses’ brands to dupe local recipients.

On 19 March, email filtering and security company, MailGuard, said in a blog post that it had spotted a phishing scam using Apple branding and employing a “well made” fake Apple login screen.

According to MailGuard, the fake Apple website is hosted at www.appleid.apple(dot)com(dot)appsupportmail(dot)com, with the design of the page quite convincing.

If the recipient of the dodgy fake Apple email clicked on the link in the message, they are taken to the fake login page where their credential data would be harvested. MailGuard said its analysis of the phishing campaign suggests that the messages were sent from the email domain ‘@applemail(dot)email’ which is hosted with Google mail, meaning it can pass certain authentication tests and, as such, is likely to penetrate multiple inboxes.

On 22 March, MailGuard revealed it had spotted another wave of dodgy emails exploiting the brand of cloud accounting provider, Xero. MailGuard flagged an earlier wave of Xero-branded phishing emails as recently as February. The latest wave of fake Xero-branded emails are meant to look like invoice notifications sent through the Xero accounting platform, MailGuard said in a blog post. “The criminals who are operating this scam appear to have registered four new domains: xerocentral[dot]com, xero-fx[dot]com, xerogroup[dot]org and xeromobile[dot]net with a Chinese registrar on 21 March,” MailGuard said in its blog post.

MailGuard warned that the individual messages sent out in the latest phishing campaign bear real business names, with the names used in the ‘subject’ fields of the email messages. The objective of this email is to get the recipient to click on a link that will direct them to a hidden JavaScript malware file.

Just a day earlier, MailGuard said it had detected an email scam impersonating Queensland eToll operator Go Via involving messages designed to look like a real Go Via statement notification, with logo branding. “This scam is being sent from multiple email accounts,” MailGuard said in a blog post. “The message contains malicious links that point to compromised websites intended to harvest the personal data of victims.”

The phishing campaigns picked up by MailGuard in the past week came as Consumer Affairs Victoria warned that it had received a number of reports of a possible hacking scam targeting certain industries, including real estate agents and builders. “In most instances, a client received an email from the business they were dealing with, which included details of an account to make a payment to,” Consumer Affairs Victoria said in a statement. “Shortly afterwards, they received a second communication from the same email address, telling them that the business had just updated their account details, and to pay into a new account,” it said.

Power Cord Recall - Microsoft Surface Pro

Thu, 19 Apr 2018 00:00:00 GMT

REMINDER: AC Power Cord Recall for Microsoft Surface Pro (original), Microsoft Surface Pro 2, and certain Microsoft Surface Pro 3 Devices

In January 2016, Microsoft initiated a voluntary recall for the original AC power cords sold with the original Surface Pro, Surface Pro 2, and any Microsoft Pro 3 devices purchased prior to March 15, 2015. This recall was done in cooperation with various government regulatory agencies.

If the original AC power cord is repeatedly wound too tightly, twisted, or pinched over an extended period of time, it may become damaged. Damaged AC power cords can overheat, posing a potential fire or shock hazard.

ACTION REQUIRED:

- Check to see if the AC power cord you are currently using looks like the one pictured on the left below. If it does, we recommend that you STOP using that AC power cord and order a replacement AC power cord from Microsoft. Microsoft will provide a replacement AC power cord at no cost to you through the website below.

- Please go to www.surface.com/powercord to order a free replacement AC power cord. Proof of purchase or device serial numbers will be required. Please recycle or dispose of your original AC power cord in accordance with local requirements.

Microsoft Outlook Shortcuts

Wed, 18 Apr 2018 00:00:00 GMT

Many users find that using an external keyboard with keyboard shortcuts for Outlook on Windows helps them work more efficiently. For users with mobility or vision disabilities, keyboard shortcuts can be easier than using the touchscreen and are an essential alternative to using a mouse.

Below are some frequently used shortcuts.

To Do This	Press
Close	Escape or Enter
Go to Home tab	Alt + H
New Message	Ctrl + Shift + M
Send	Alt + S
Insert file	Alt +N, A, F
New task	Ctrl + Shift + K
Delete	Delete (when a message, task, or meeting is selected)
Search	Ctrl+E, Alt + H, R, P
Reply	Alt + H, R, P
Forward	Alt + H, F, W
Reply All	Alt + H, R, A
Copy	Ctrl + C or Ctrl + Insert
Send/Recieve	Alt + S, S
Go to calendar	Ctrl + 2
Create Appointment	Ctrl+Shift+A
Move to folder	Alt + H, M, V, select folder from list
Attachment Save As	Alt + 1A, A, S

Strategies to Deal with Your Email

Tue, 27 Mar 2018 00:00:00 GMT

With the demise of postal mail and fax machines, electronic mail usage has skyrocketed.

Many of us become overwhelmed with the onslaught of correspondence, orders, newsletters, etc and we struggle to stay on top of our inbox. The speed of modern communications means senders are expecting an instant response which adds further pressure.

Here are some tips that could help you.

1) Use “Rules’ for filter you incoming mail. Ie, electronic newsletters automatically go to folders labelled “Newsletters”.
2) Don’t check your mail so frequently.
3) Reply in a timely manner, but not immediately. Some companies have a rule where important emails need to be responded to within 2 hours
4) Unsubscribe to unwanted mail
5) Set a goal to keep your in-box under a certain volume.
6) Mark (with flags) email that needs to be dealt with in a certain timeframe

Security Watch

Tue, 27 Mar 2018 00:00:00 GMT

Email is a business’s lifeblood. Unfortunately, this reliance makes email an effective tool for cyber criminals.

66% of malware is delivered via email attachments
50% of SMEs have experienced some form of cyber breach
85% of organisations have been targets of a phishing attack
91% of successful cyberattacks start with a phishing email
30% of those phishing emails are opened by someone in the organisation

Hackers are becoming more and more sophisticated with their attacks.

A large portion of these hacks include Ransomware

The cost of downtime for such attacks is increasing

So how do you protect your company?

1) Use multiple layers of security

2) Provide user awareness training

3) Talk to your IT company about how better to protect your business

Watch Out for WannaMine

Wed, 21 Feb 2018 00:00:00 GMT

The name “WannaMine” is a coined term that refers to a malware family that uses the network spreading capabilities of WannaCry to deliver cryptomining malware rather than ransomware.

Cryptomining is when crooks secretly get your computer to do the calculations needed to generate cryptocurrency, such as Bitcoin and then keep any cryptocoin proceeds for themselves.

To make money with cryptomining it requires a lot of electricity to deliver the heavy processing power on lots of computers. By illegally installing cryptominers inside your network, the badguys steal your resources to do their work.

If malware like WannaMine can penetrate your network, you are at serious risk of other malware at the same time, including ransomware. Don’t ignore WannaMine infections if they show up – where one crooks goes, others will surely follow.

OneDrive and SharePoint

Wed, 21 Feb 2018 00:00:00 GMT

Over this past year OneDrive and SharePoint have become one of the favoured cloud storage solutions.

As part of this migration to the cloud we set up users with a SharePoint team site.

A SharePoint team site connects you and your team to the content, information, and apps you rely on every day. For example, you can use a team site to store and collaborate on files or to create and manage lists of information. On a team site home page, you can view links to important team files, apps, and web pages and see recent site activity in the activity feed.

We then use a third-party backup application to carry out a cloud to cloud backup to protect the data.

Please call our sales team if you would like to find out if this technology is suitable for you?

5 Likely Technology Trends for 2018

Wed, 21 Feb 2018 00:00:00 GMT

1. Cryptocurrencies

Over this past year, Bitcoin has had a marked impact in the financial world, but there are dozens of other cryptocurrencies out there which are still evolving. There are several impediments to Bitcoins increased acceptance, partially caused by the volitivity in its trading price. It only needs major financial institutions to recognise these currencies to change the landscape.

2. Blockchain

Blockchain is a digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly. This technology will soon find its way into credit card companies and other industries where high security is required.

3. Social Media

Many expect that the impact of social media on our lives and news dissemination will only increase.

4. Augmented Reality

Already Apple and Samsung phones are capable of high end AR and recently there are new releases of advanced AR headsets. Some are predicting the release of another app which will have a greater impact than Pokémon.

5. Virtual Assistants

Virtual assistants are in the market place in phones, however expect to see these built in to other devices such as your television in the near future. Watch out for Samsung’s Bixby technology.

Cyber Security Risk Preparation

Wed, 21 Feb 2018 00:00:00 GMT

Cover the cyber security basics

- Patching, antivirus and a firewall

Understand how security breach could affect your company

- Data loss

- Compromise sensitive customer information

- Phishing and social engineering attacks

- Denial of service

- Blackmail

- Identity theft

Understand where the threats come from

- Email, rogue sites, careless staff members

Develop a Cyber Security Policy

- identify risks related to cyber security

- establish cyber security governance

- develop policies, procedures and oversight processes

- protect company networks and information

- identify and address risks associated with remote access to client information and funds transfer requests

- define and handle risks associated with vendors and other third parties

- be able to detect unauthorised activity

Reduce the risk from the Human Factor

- Privilege abuse

- Data mishandling

- Unapproved hardware (devices, external drives) and software

- Internet and email misuse

Have a Recovery Plan

- Develop a plan of what to do when there is a cyber attack

Communication Plan

- Understand what resources and actions you need to get the business productive again

Keep your infrastructure up to date

- Older hardware can be a significant risk as the support ends

Your Desktop or Laptop is probably affected by the Intel Flaw

Tue, 23 Jan 2018 00:00:00 GMT

Meltdown and Spectre are two memory corruption flaws that could allow hackers to bypass operating systems and other security software to steal passwords or encryption keys on most types of computers. They are CPU hardware design flaws that we techies understand. In a nutshell, Meltdown breaks the isolation between the user app and the OS, so the app can do a memory dump and steal any data in it. Spectre goes further. It breaks the isolation between apps. It's harder to exploit but harder to mitigate.

Early in January this flaw was discovered and security patches that have been released to guard against this are slowing down personal computer and servers, with systems running on older Intel processors seeing a noticeable decrease in performance.

I own a computer, am I affected?
Probably. All 64-bit Intel processors are vulnerable to the exploit, so anyone who bought a desktop or laptop computer using an Intel central processing unit (CPU) in about the last 10 years, or who uses one at work, will be impacted. Intel has suggested processors made by rival AMD are also potentially vulnerable – a claim which AMD has played down – and it may take time for the dust to settle on those claims. British chip-designer ARM has reportedly indicated that some of its processors, which are widely used in smartphones, may also be affected.

What should I do?
Nothing. Software vendors will issue patches for the fault in the coming days and weeks and so long as automatic updates are turned on, these should self-install.

Rob Pope, chief executive of cyber security agency Cert NZ, says it is monitoring the situation and computers users should be "alert to the issue", but it hasn't as yet issued any specific advice.

Storm in a tea cup?
Not really. Intel has acknowledged the software fixes will slow down processes carried out on its CPUs, in some cases by 30 per cent or more. For some other tasks the performance overhead will be less than 2 per cent. Vice president Stephen Smith said the impact should not be significant "for the average computer user", but that is arguably optimistic. Computer servers in data centres that are used to run cloud computing services are more likely to experience a bigger impact than home PCs that are used for web browsing and gaming.

People may notice services that they access over the internet run a bit slower in the weeks and months ahead, even if software on their own computer is okay. Computer processors aren't always the "bottleneck" that determine how fast computers run, so it is impossible to be specific about the performance impact people can expect.

What is the flaw?

To speed up computing, modern computer processors will try to jump ahead to process software routines while they are still awaiting the outcome of another operation or instruction.

What Google's researchers discovered was that the results of those "speculative processes" can be stored in memory in a way that allows data to be accessed by software (including malicious software) that should not have the right to access that information.

Is that a big deal?
Yes. Smith noted that exploiting the flaw would be complex. But the vulnerability is so fundamental that it can't be ignored. It could expose almost anything on a computer to hackers, including passwords, Smith has acknowledged. The flaw appears especially concerning for usually-secure cloud computing platforms, where servers might be running a variety of software, processing information for a large number of businesses and individuals – all of which might be put at risk by a single exploit.

For the full article click here .

Security Watch 2018

Tue, 23 Jan 2018 00:00:00 GMT

2017 was quite a year for cyberattacks, including:

Equifax: A breach that led to the theft of personal information for hundreds of millions of US citizens.

Shadow Brokers: A hacking group that sold Windows exploits they allegedly stole from the NSA.

Google Docs: A sophisticated phishing scam that tried to compromise victims’ email accounts.

WannaCry: A ransomware attack that affected thousands of organizations, even harming hospitals in the UK.

Petya: Another ransomware attack that followed on the heels of WannaCry, affecting organizations in multiple countries.

Vault 7: A breach of the US Central Intelligence Agency that led to sensitive documents being published by WikiLeaks.

The experts expect that 2018 will be far worse and here is why:

Cybercrime has gone professional over the last 5 years. Attacks have become much more sophisticated and intense. The bad guys are now going after your employees. They bypass your firewall/antivirus security software and social engineer your employees to click on a malicious link or open an infected attachment.

From that point forward, they hack into your network and put keyloggers on accounting systems. You can guess the rest. A few days later the organisation’s bank accounts are empty, or valuable corporate intellectual property is stolen. Another cyberheist victim.

Social Engineering is the No. 1 go-to strategy for the bad guys. They are going after the human—the weakest link in IT security—and your last line of defence.

Ransomware is only going to get worse in 2018. Email is still their favourite attack vector, and their sophistication is increasing by the month. The downtime caused by ransomware can be massive.

Ransomware, the threat that seemed to smash all other cybersecurity topics in 2017, is still evolving by the day, and experts said companies should expect more sophisticated attacks in the new year.

Highly targeted phishing attempts, possibly powered by artificial intelligence; greater risks to shutting down industrial operations; and an increasing regulatory burden on preventing ransomware attacks are all part of the picture companies will need to consider in 2018.

Your Password Probably Needs to Be Changed

Tue, 23 Jan 2018 00:00:00 GMT

The email addresses and passwords of 771 million people have been published online during a gigantic data leak.

Personal data collected by a “spambot” called Onliner has been dumped on a server thought to be located in the Netherlands.This bot is designed to spread malware that steals banking details and infects people’s computers to pump out more viruses as well as vast amounts of spam.

Troy Hunt, who owns the website HaveIBeenPwned, said the leak was “the largest single set of data I’ve ever loaded into HIBP”. His website offers an easy way of finding out if your details have been published in a data breach.

“Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe,” he said. Mr Hunt said the incident is so severe that even he was caught up in it. He added: “The first place to start is with an uncomfortable truth: my email address is in there. Twice.”

Anyone whose email address is on the list is likely to be hit by a barrage of spam. If your email address is on the list, your account could be taken over and turned into a spam factory or used to distribute dangerous malware.

To see if your email and password could be compromised click here .

Kiwis Scammed out of Millions of Dollars

Tue, 23 Jan 2018 00:00:00 GMT

New Zealanders have lost more than $1.9 million to cyber security issues in the past nine months. Specifically, $1.1 million was scammed during the third quarter of 2017, bringing the total financial loss to $1.9 million since the launch of CERT NZ in April.

CERT NZ takes reports from all Kiwis about how they have been affected by cyber security, with plans in place to assist in recovery strategies. Reports they received in the third quarter show that NZ's geographic isolation is no barrier to being affected by these threats. In that quarter CERT NZ received 390 incident reports of which the vast majority, 297, were responded to by the organisation.

They have seen an increase in targeted invoice scams and a 50% decrease in ransomware reports. As a result, they encourage all Kiwis affected by cyber security issues to report any incidents to CERT NZ, so they can give advice on how to avoid and overcome them.

Security Spending
The rise in cybercrime across the country follows news that worldwide enterprise security spending will total US$96.3 billion in 2018, representing an increase of eight per cent from 2017.

According to Gartner research, organisations are spending more on security as a result of regulations, shifting buyer mindset, awareness of emerging threats and the evolution to a digital business strategy. “Overall, a large portion of security spending is driven by an organisation's reaction toward security breaches as more high profile cyberattacks and data breaches affect organisations worldwide,” Gartner research director Ruggero Contu observed. “Cyber-attacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years.” As outlined by Contu, this is validated by Gartner's 2016 security buying behaviour survey.

Of the 53 per cent of organisations that cited security risks as the no.1 driver for overall security spending, the highest percentage of respondents said that a security breach is the main security risk influencing their spending. Consequently, security testing, IT outsourcing and security information and event management (SIEM) will be among the fastest-growing security subsegments driving growth in the infrastructure protection and security services segments.

In addition, Gartner forecasts that by 2020, more than 60 per cent of organisations will invest in multiple data security tools such as data loss prevention, encryption and data-centric audit and protections tools, up from approximately 35 per cent today.

Skills shortages, technical complexity and the threat landscape will continue to drive the move to automation and outsourcing.“Skill sets are scarce and therefore remain at a premium, leading organisations to seek external help from security consultants, managed security service providers and outsourcers,” Contu added. “In 2018, spending on security outsourcing services will total $18.5 billion, an 11 per cent increase from 2017. The IT outsourcing segment is the second-largest security spending segment after consulting.” By 2019, Gartner predicts that total enterprise spending on security outsourcing services will be 75 per cent of the spending on security software and hardware products, up from 63 per cent in 2016.

Contu said enterprise security budgets are also shifting towards detection and response, and this trend will drive security market growth during the next five years. “This increased focus on detection and response to security incidents has enabled technologies such as endpoint detection and response, and user entity and behaviour analytics to disrupt traditional markets such as endpoint protection platforms and SIEM,” Contu added.

For the original article click here .

Leveraging New Technology, Employee Satisfaction, & Business Success

Tue, 23 Jan 2018 00:00:00 GMT

Overall, the research indicates that organisations investing in workplace technology are more likely to be successful in the APAC market than those that don't. In fact, 89% of respondents who rate their companies as above average in business performance also believe their companies are technology focused. Employees of successful businesses are over two times more likely to rate their organisation as 'extremely focused’ on technology when compared to those who rate their companies as below-average performing businesses.

Leveraging new technologies
Technology was cited as the top priority for APAC professionals. However, what’s interesting is that 72% of ANZ businesses are ‘not at all focused’ or ‘somewhat focused’ on leveraging technology to empower productivity and improve employee experiences. Furthermore, only 16% of ANZ professionals consider technology to be an ‘enabler of automating menial tasks to save time.’

So where does this put ANZ in relation to the wider APAC market?
ANZ falls below the APAC average of 23% for leveraging technology, indicating that ANZ professionals are behind when it comes to recognising the full potential of technology to overcome business challenges. Mark Henley, director of transformation and digital strategy at Adobe, Asia Pacific, comments, “In the current Experience Business era, smart organisations are realising that outstanding customer experiences hinge on their ability to attract the best people.” “As a result, businesses today must strategically invest in workplace technologies to drive productivity and deliver a compelling experience for employees.”

Man vs machine
Nearly 1 in 3 (34%) of ANZ professionals surveyed state that they are “anxious about the impact” of artificial intelligence and machine learning. However, they are significantly more optimistic about these technologies compared to their APAC counterparts; 73% of APAC professionals say they are either 'somewhat' or 'extremely concerned' about the impact of new tech.

Millennials drive innovation
While technology spearheads innovation at the workplace, the report finds that young employees are also driving positive transformation. Some of the top ways young workers are driving change across the organisation include by sparking creative thinking and innovative projects, creating diverse and open-minded environments, and propagating social media use and engagement.

Enabling work-life balance in mega-cities
62% of respondents were based in major metropolitan cities, with populations of more than 5 million, and the survey finds that technology is critical to enabling work-life balance for office workers across APAC. Almost two-thirds of these office workers rated the wide availability of job opportunities, lifestyle choices, and infrastructural facilities as top reasons for choosing to live in the region’s major cities. These respondents named 24x7 availability and the ability to work across all their devices as the most important ways technology can accelerate their productivity.

The Future of Work: APAC Study included more than 4,700 APAC office workers who use a computer daily for work. The research was conducted from October 17 to November 13, 2017. The survey included working professionals from various sectors across 10 countries - Australia, New Zealand, India, Singapore, Thailand, Malaysia, Korea, China, Hong Kong and Taiwan.

For the original article click here.

Cyber Monday (27th November 2017)

Mon, 18 Dec 2017 00:00:00 GMT

Your age, gender, and location can determine how likely you are to fall victim to internet crime on the biggest online shopping day of the year, according to a new report from OpenVPN.

In the USA, last year's Cyber Monday (Monday after the Thanksgiving holiday) was the biggest online shopping day in the history of US e-commerce, with $3.39 billion spent online. This year's promises to be even larger. However, malicious attacks against consumers increase almost 40% on Cyber Monday, and online shoppers need to be more vigilant than ever to ensure the safety of their personal information.

To help consumers better understand their risk of falling victim to an attack, a new report from OpenVPN analysed cybercrimes reported to the FBI and CSN in 2015 and 2016—concentrating on internet crime, fraud, and identity theft. With this data, researchers found the states that were affected most in the country for cybercrime victims, the amount of money lost, the number of victims, and the most victimized sex and age.

In terms of gender, men fell victim to cybercrime more, 75% more often than women, the report found—possibly because men spend more money online, it noted. In terms of age the report found, people over age 50 were the group most likely to fall victim to attacks in about 30 states.

HP Patches Hundreds of Laptops to Remove Hidden Keylogger

Mon, 18 Dec 2017 00:00:00 GMT

In November 2017 Hewlitt Packard revealed that nearly 500 of its notebooks dating as far back as 2012 were shipped with a secret keylogger installed. Before the issue was publicly disclosed, HP owned up to the mistake of leaving this tool inside of its laptops, and on Nov. 7 posted device-specific patches for most of the models affected, which can be downloaded.

Hopefully, the tool was already removed from your notebook, as Microsoft bundled those patches into the November Windows update, but if you have any concerns feel free to get in contact.

Security researcher Michael Myng discovered the keylogger when probing the Synaptics touchpad software on an HP laptop. HP’s security bulletin says the “potential security vulnerability” affects all laptops with “certain versions of Synaptics touchpad drivers”— not necessarily just HP models. The keylogger is disabled by default, however.

“A party would need administrative privileges in order to take advantage of the vulnerability,” the bulletin states. “Neither Synaptics nor HP has access to customer data as a result of this issue.” HP told Myng that the keylogger was a debugging tool.

The same security bulletin includes separate software updates for every HP laptop loaded with the keylogger, and HP says you should install those updates “as soon as possible.”

For the original article please go here .

Refurbished Computers Donated

Mon, 18 Dec 2017 00:00:00 GMT

This month Computer Culture, in partnership with the McPhail Foundation Charitable Trust and Air New Zealand donated 11 refurbished computers to pupils from Bamford Primary School.

Generally the computers we donate are for underprivileged school children that don’t have access to computers at home.

We are very pleased to be able to give back to the community and thank both Air New Zealand and the McPhail Foundation Charitable Trust for their generosity, both in equipment and time.

Uber Has 57 Million Records Stolen and Hides Data Breach for A Year

Mon, 18 Dec 2017 00:00:00 GMT

Uber is known for pushing the limits of the law and has dozens of lawsuits pending against it, but this one went too far and now comes the reckoning.

Bloomberg was first to report that hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year. Recently, they fired their chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers to "delete the data". Yeah, sure!

Victim Of A Simple Credentials Phishing Attack?

Here’s how the press describes the hack: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. If you read between the lines, that could very well be a simple credentials spear phishing scheme, done with some crafty social engineering, or perhaps careless developers leaving internal login passwords lying around online.

Failure To Disclose

Joe Sullivan, the outgoing security chief, spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year.

Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.

No doubt regulators will also be asking tough questions about why they were not informed about the breach until this week, and class-action lawsuits... heeeere we come!

Uber says it has "not seen evidence of fraud or misuse tied to the incident." Let's hope that they are right, but it is highly unlikely that these records were deleted. It's practically sure they are sold on the dark web or will be. There are many ways that data could be abused by criminals without Uber ever becoming aware.

All organizations would be wise to remember this: SNAFUS are bad, but cover-ups can kill you. You can ask forgiveness for being hacked and handle your disclosure correctly, but many people will find it harder to forgive if you deliberately covered up the truth.

Bad Rabbit Ransomware

Thu, 16 Nov 2017 00:00:00 GMT

Organizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit, a new strain of ransomware with similarities to NotPetya.

The outbreak appears to have started via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files. You have just 40 hours to pay.

Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.

Based on analysis by ESET, Emsisoft, and Fox-IT, Bad Rabbit uses Mimikatz to extract credentials from the local computer's memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.

The hardcoded creds are hidden inside the code and include predictable usernames such as root, guest and administrator, and passwords straight out of a worst passwords list. (Note to Self: all user passwords need to be strong, step all employees through a strong password training module ASAP.)

As for Bad Rabbit, the ransomware is a so-called disk coder, like Petya and NotPetya. Bad Rabbit first encrypts files on the user's computer and then replaces the MBR (Master Boot Record).

Check Your Home Network

Thu, 16 Nov 2017 00:00:00 GMT

Bitdefender, the home version of our managed antivirus has developed a home network scanner to enable you to check for any dodgy devices on your network, it’s available as a free download.

Bitdefender Home Scanner lets you see all devices connected to your home network. You get an alert every time an unknown device connects to your wi-fi. Which means you can instantly boot out freeloaders and prevent connection slowdowns.

Home Scanner looks for weak passwords, as well as vulnerable or poorly encrypted communications. It correlates the information gathered from your connected devices with online vulnerability databases and gives you a thorough report so you can ensure maximum security for your network.

For more information go to Bitdefenders website here .

How to Remove Cookies

Thu, 16 Nov 2017 00:00:00 GMT

On a PC or mobile device cookies can compromise your privacy, and fill up your storage. If you’re concerned about what websites are leaving behind, and how advertisers are accessing that data, here are some instructions on how to clear cookies from the latest version of your favourite web browser.

So what are cookies?

Cookies are small text files written by a web browser that contain information about your interaction with one specific site. They include information such as what you put into a virtual shopping cart, your username for logging into the site (not the password), products you viewed during your last visit, and any other information that could be used to tailor the visit just for your needs.

Typically, cookies pose no threat to your computer. But many cookies can compromise your privacy. That’s because advertising companies are prone to embedding cookies with web advertisements, allowing them to easily track your browsing history, and tailor ads toward your individual habits across multiple sites.

Cookies don’t take up much space on your hard drive. In fact, they’re extremely small, and should only be a concern for mobile devices with small amounts of storage. For instance, even without clearing the cookies in Chrome on PC for many, many months, we’ve only accumulated around 4MB worth of cookies. That said, the amount of volume they use isn’t troublesome; it’s the privacy risks that are difficult to ignore.

Google Chrome

Google Chrome lets you easily delete cookies, control browsing data, and specify what sort of files Google Chrome should accept or block. Here’s how:

Access content settings: Click on the “Menu” tab in the upper-right corner, and select “Settings.” Once the new tab opens, scroll to the bottom of the page and click on “Advanced.” This will expand the “Settings” page to include additional options.

The first expanded window you should see is the “Privacy and security” panel. Next, click on “Content settings,” and then select “Cookies.”

You may also simply type “chrome://settings/content/cookies” into your address bar, and Chrome will take you to your intended destination.

Cookie juggling: On the “Cookies” panel, you will see three toggles: allow sites to save and read cookie data (recommended), keep local data only until you exit Chrome, and block third-party cookies. This third option means advertisements won’t be able to read cookie data provided by a parent website, preventing them from using that information across multiple sites.

Smashing cookies: Google also provides options to block specific sites from leaving cookies, to allow specific sites to leave cookies, and to clear cookies left behind by specific websites when exiting Chrome. If you want to delete it all, click on the “Remove All” button, and you will be cookie-free. You can delete cookies individually, too.

For Android, iOS: Access Chrome’s menu, go to “Settings,” and then find the “Privacy” tab under “Advanced” settings. From there, select “Clear Browsing Data” at the bottom, and check “Clear cookies and site data.” There are also options for clearing your browser history, and removing space-eating cached images and files.

Mozilla Firefox

Access custom settings: Click on the “Menu” three-lined icon in the top-right corner. In the drop-down menu, select “Options,” which will open a new “Preferences” tab. On this page, select “Privacy” listed on the menu to the left, and then head to the “History” section. Here you will need to choose “Use custom settings for history” in the drop-down menu located next to “Firefox will…”

Cookie juggling: With the advanced history settings enabled, you should see an option to toggle on/off “Accept cookies from sites.” To the right, Mozilla provides an “Exceptions” button where you can control the cookie flow. These include blocking or allowing cookies from specific sites, and allowing a cookie from a specific site for only one browsing session. This is done by inserting the address of the website.

Next, you have the ability to accept or deny third-party cookies, or accept third-party cookies from sites you already visited.

Smashing cookies: To manually delete cookies in Firefox, you’ll need to hit the “Show Cookies” button. A window appears with a search field for locating a specific cookie, and a list of all cookies stored on your device. You can hit the “Remove Selected” button to delete a highlighted cookie, or hit the “Remove All” button to delete all the cookies.

Firefox (iOS): Tap the New Tab button (top right, with the number in it). Now tap the cog button in the top left of the screen. Scroll down to “Clear private data.” On the next screen, make sure “Cookies” is selected, then tap “Clear Private Data.”

Time Saving Android Tips

Thu, 16 Nov 2017 00:00:00 GMT

1. Snap between apps

Cut out delays in toggling between apps by putting Android's semi-secret fast-snap function to use. If your device runs Android 7.0 or higher, double-tap the Overview key — the square-shaped icon next to the Back and Home buttons — and you'll find yourself flipping between your two most recently used apps faster. It'll even work from your home screen for a zippy return to whatever process you had open last.

2. Slide into Quick Settings

Android's Quick Settings panel is a shortcut in and of itself — a single place with one-tap toggles to some of your device's most commonly used functions, from Bluetooth to the flashlight (and even more, if you know how to expand it).

To get a shortcut to this mecca: Just swipe down from the top of your screen with two fingers (any two — swiper's choice!). That'll skip past the standard notification panel and take you directly to the fully expanded Quick Settings section.

3. Open menus like a pro

Not many folks know it, but there's a faster way to open those three-dot overflow menus in a lot of apps.

Rather than tapping the icon to load the menu and then tapping the item you want, simply swipe downward on the icon and move your finger directly to your item of choice — without ever lifting your finger from the screen. The menu will appear as you swipe, and whatever item your finger is touching when you let go will be activated.

4. Stop disturbances without the fuss

Sometimes you need to silence your phone quickly and discreetly. Whenever that time comes, don't mess with on-screen menus and icons; just activate your phone's display, then press the device's volume-down key until the ringer volume goes all the way down.

That'll put your phone into vibrate-only mode, and you should feel a brief vibration to let you know you're there. If you want to take it a step further and go into Android's full do-not-disturb mode, in which nothing but an alarm will cause your phone to sound — assuming your phone is running 2015's Android 6.0 (Marshmallow) or higher — release the volume-down button and then press it one more time. (You'll see the confirmation of the mode change on your screen.)

Whenever you're ready to return to a normal state, simply activate your device's screen and press the volume-up button until the level lands wherever you like.

5. Refresh the web with ease

Say you're looking at a web page in Chrome. For one reason or another, you realize you need to refresh the page. What do you do?

Sure, you could open the Chrome menu and then select the refresh icon. Or you could skip a step and just swipe downward from anywhere on the page. You'll see a circular refresh symbol appear at the top of the screen as you swipe. Make sure you pull down until the arrow within the symbol turns blue, then let go. (Once you get used to the gesture, you'll find that a quick downward flick is all it really takes.)

6. Force a restart

No technology is foolproof. If your Android device ever isn't responding, press its power and volume-up buttons at the same time — even if the display is off — and hold them down together for 10 to 15 seconds. Unless something really disastrous is going on (or your battery's just dead), that'll force your phone to restart, regardless of what you were last doing.

7. Get to your camera in a flash

When a photogenic moment arises two seconds can be the difference between an unforgettable snapshot and an after-the-fact image. So don't futz around with unlocking your phone and looking for the on-screen camera icon; instead, just double-tap the device's power button to jump straight into shooting, whether your display is on or not.

That shortcut works on many popular Android phones, including Google's Pixel and Nexus devices, Samsung's most recent Galaxy gadgets (on pre-2017 models, use the physical Home button instead of the power button) and HTC's latest handsets. LG phones tend to shift the shortcut to the volume-down button, meanwhile, while Motorola phones use a double-twist motion to achieve the same effect.

8. Put notifications on notice

Next time you get an annoying notification, don't scream out in frustration. Press and hold the notification in question to hop over to some helpful advanced settings. They'll let you control exactly when and how that app is able to alert you.

9. Wake your screen with two taps

If you have a Pixel, a Galaxy S8 or Note 8 or a recent LG or HTC device, there's a decent chance your device supports a super-speedy way of waking the screen: Tap your finger on it twice. That's it! With the Samsung devices, you have to tap specifically on the always-on Home button at the bottom of the display; with the others, you can tap anywhere on the screen's surface.

(Note that on some of these devices, you may have to manually enable a "double-tap to wake" option before this'll work. Look in the Display section of your system settings to find it.)

10. Send a friendly rejection

When you get a phone call you can't or maybe just don't want to answer, look toward the bottom of the screen for a message icon or a "Send message" option.

Slide your finger up from that area, and you'll be presented with a list of ready-made rejection messages you can send to the caller while simultaneously declining his call.

11. End calls with ease

When you do talk on your phone, finding the on-screen button to end a call isn't always convenient. But Android actually has an easier way — if you know where to find it.

Open up the Accessibility section of your system settings, then activate the option labeled "Power button ends call." Now, when you're ready to say farewell, just tap your phone's power button and bask in your shortcut-aided efficiency.

What is a Firewall?

Thu, 19 Oct 2017 00:00:00 GMT

By Brandon Butler – senior Editor Network World

Firewalls act as a perimeter defence tool that monitor traffic and either allow it or block it. Over the years functionality of firewalls has increased, and now most firewalls can not only block a set of known threats and enforce advanced access control list policies, but they can also deeply inspect individual packets of traffic and test packets to determine if they’re safe. Most firewalls are deployed as network hardware that processes traffic and software that allow end users to configure and manage the system. Increasingly, software-only versions of firewalls are being deployed in highly virtualized environments to enforce policies on segmented networks or in the LaaS public cloud.

Types of firewalls

Advancements in firewall technology have created new options firewall deployments over the past decade, so now there are a handful of options for end users looking to deploy a firewall. These include:

Stateful firewalls – When firewalls were first created they were stateless, meaning that the hardware that the traffic traverse through while being inspected monitored each packet of network traffic individually and either blocking or allowing it in isolation. Beginning in the mid to late 1990s, the first major advancements in firewalls was the introduction of state. Stateful firewalls examine traffic in a more holistic context, taking into account the operating state and characteristics of the network connection to provide a more holistic firewall. Maintaining this state allows the firewall to allow certain traffic to access certain users while blocking the same traffic to other users, for example.

Next-generation firewalls – Over the years firewalls have added a myriad of new features, including deep packet inspection, intrusion detection and prevention and inspection of encrypted traffic. Next-generation firewalls (NGFWs) refer to firewalls that have integrated many of these advanced features into the firewall.

Proxy-based firewalls – These firewalls act as a gateway between end users who request data and the source of that data. All traffic is filtered through this proxy before being passed on to the end user. This protects the client from exposure to threats by masking the identity of the original requester of the information.

Web application firewalls – These firewalls sit in front of specific applications as opposed to sitting on an entry or exit point of a broader network. Whereas proxy-based firewalls are typically thought of as protecting end-user clients, WAFs are typically thought of as protecting the application servers.

Firewall hardware

Firewall hardware is typically a straightforward server that can act as a router for filtering traffic and running firewall software. These devices are placed at the edge of a corporate network, between a router and the Internet service provider’s connection point. A typical enterprise may deploy dozens of physical firewalls throughout a data center. Users need to determine what throughput capacity they need the firewall to support based on the size of the user base and speed of the Internet connection.

Firewall software

Typically end users deploy multiple firewall hardware endpoints and a central firewall software system to manage the deployment. This central system is where policies and features are configured, where analysis can be done and threats can be responded to.

Inside a next-generation firewall

Modern firewalls are a collection of features. These include:

-Stateful inspection: This is the basic firewall functionality in which the device blocks known unwanted traffic

-Anti-virus: The functionality that searches for known virus and vulnerabilities in network traffic is aided by the firewall receiving updates on the latest threats and being constantly updated to protect against them.

-Intrusion Prevention Systems (IPS): This class of security products can be deployed as a standalone product, but IPS functionality is increasingly being integrated into NGFWs. Whereas basic firewall technologies identify and block certain types of network traffic, IPS uses more granular security measures such as signature tracing and anomaly detection to prevent unwanted threats from entering corporate networks. IPS systems have replaced the previous version of this technology, Intrusion Detection Systems (IDS) which focused more on identifying threats rather than containing them.

-Deep Packet Inspection (DPI): DPI can be part of or used in conjunction with an IPS, but its nonetheless become an important feature of NGFWs because of the ability to provide granular analysis of traffic, most specifically the headers of traffic packets and traffic data. DPI can also be used to monitor outbound traffic to ensure sensitive information is not leaving corporate networks, a technology referred to as Data Loss Prevention (DLP).

-SSL Inspection: Secure Sockets Layer (SSL) Inspection is the idea of inspecting encrypted traffic to test for threats. As more and more traffic is encrypted, SSL Inspection is becoming an important component of DPI technology that is being implemented in NGFWs. SSL Inspection acts as a buffer that unencrypts the traffic before it’s delivered to the final destination to test it.

-Sandboxing: This is one of the newer features being rolled into NGFWs and refers to the ability of a firewall to take certain unknown traffic or code and run it in a test environment to determine if it is nefarious.

Exchange Online dropping support for Office 2007 from Oct 31 2017

Thu, 19 Oct 2017 00:00:00 GMT

RPC over HTTP, also known as Outlook Anywhere, will no longer be a supported protocol for accessing mail data from Exchange Online as of Oct 31, 2017. Microsoft will no longer provide support or updates for Outlook clients that connect through RPC over HTTP, and the quality of the mail experience will decrease over time.

This is being replaced by MAPI over HTTP, a modern protocol that was launched in May 2014. This change affects you if you're running Outlook 2007 because Outlook 2007 won't work with MAPI over HTTP. To avoid being in an unsupported state, Outlook 2007 customers need to update to a newer version of Outlook or use Outlook on the web.

This change may also affect you if you're running Outlook 2016, Outlook 2013, or Outlook 2010 because you must regularly check that the latest cumulative update for the version of Office that you have is installed.

What is RPC over HTTP? What happens on October 31, 2017?

RPC over HTTP, also known as Outlook Anywhere, is a legacy method of connectivity and transport between Outlook for Windows and Exchange. In May 2014, Microsoft introduced MAPI over HTTP as a replacement for RPC over HTTP.

Starting on October 31, 2017, RPC over HTTP will no longer be a supported protocol for accessing mail data from Exchange Online. Starting on this date, the following conditions will apply:
1. Microsoft will not provide support for RPC over HTTP issues (regular or custom).
2. No code fixes or updates to resolve problems that are unrelated to security will be released.

Additionally, for Office versions that support MAPI over HTTP, Microsoft may elect to override existing registry keys that customers are using in order to force RPC over HTTP use.

Why is RPC over HTTP being replaced by MAPI over HTTP?

MAPI over HTTP offers the following benefits:
• Improves the connection resiliency when the network drops packets in transit.
• Enables more secure sign-in scenarios, such as multi-factor authentication for Office 365.
• Provides the extensibility foundation for third-party identity providers.
• Removes the complexity of RPC over HTTP dependency on legacy RPC technology.

CCleaner Cyberattack Leaves Millions of Devices Vulnerable

Thu, 19 Oct 2017 00:00:00 GMT

If you were not aware CCleaner, Avast's free and highly popular maintenance application, was compromised after a cyberattack placed a backdoor into the application itself. While Avast is in the process of tracking down the culprit of the attack, it is essential that IT Admins take steps to secure any potentially affected devices and remove compromised versions of CCleaner when possible.

On September 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data.

Avast’s investigation and hunt for the perpetrators continues. In the meantime they advise users who downloaded the affected version to upgrade to the latest version of CCleaner and perform a scan of their computer with a good security software, to ensure no other threats are lurking on their PC.

"Fake-tortion" Phishing Attacks

Thu, 19 Oct 2017 00:00:00 GMT

This is a heads-up about a new aggressive form of email attack that you need to warn your employees, friends and family about. The bad guys have beta-tested and refined it in Australia, and now the first incidents have been spotted in the US.

The sophisticated attackers are targeting potential victims in an email sequence that starts with pornography and adult dating links, which are then followed up with extortion attempts.

IT security company Forcepoint says it picked up more than 33,500 such emails in August, when the testing was happening Down Under.

The scam threatens to steal users’ privacy, sequencing emails that say, “look at this”, then “we know what you just looked at”, and demand US 320 dollars payment in Bitcoin.

The email claims that a virus was installed on a porn website which recorded the victim through their webcam. “Then my software collected all your contacts from messengers, e-mails and social networks,” it says. “If I don’t receive my Bitcoins I’ll send video with you to all your contacts.”

Carl Leonard, principal security analyst at Forcepoint, said cyber-extortion was a prevalent tactic today. While it largely takes the form of ransomware, he said data exposure threats were growing in popularity.

“Cyber-blackmailing continues to prove as an effective tactic for cybercriminals to cash out on their malicious operations,” he said. “In this case, it appears that a threat actor group originally involved in adult dating scams have expanded their operations to cyber-extortion campaigns as a result of this trend.”

Microsoft SharePoint Explained

Thu, 19 Oct 2017 00:00:00 GMT

Microsoft SharePoint is a private intranet site, a data repository, a smart website, a built-in content management system, a development platform, an extranet site, a collection of websites, best-in-class portal software, a document management system, a project management system, a workflow designer, and more. You can collaborate, communicate, gather decision-making reports and data from multiple resources and publish those online, make visually presentable reports, create and view intuitive and real-time dashboards, do customizations, import theme templates, and do more with your SharePoint site.

Organisations use SharePoint to create websites. You can use it as a secure place to store, organize, share, and access information from any device.

SharePoint Online
A cloud-based service, hosted by Microsoft, for businesses of all sizes. Instead of installing and deploying SharePoint Server on-premises, any business can subscribe to an Office 365 plan or to the standalone SharePoint Online service. Your employees can create sites to share documents and information with colleagues, partners, and customers.

Passwords

Thu, 28 Sep 2017 00:00:00 GMT

The man who wrote the book on password management has a confession to make: He blew it.

14 years ago Bill Burr advised creating complex and different passwords, now he says N3v$r M1^d!

Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.” The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers—and to change them regularly.

Now he says the vast majority of the trusted tips and tricks we employ when crafting a custom password actually make us more vulnerable to hackers. In an interview with The Wall Street Bill Burr admitted that the document he authored on crafting strong passwords was misguided. “Much of what I did I now regret,” says Burr, who is 72 years old and now retired.

The problem wasn’t that Burr was advising people to make passwords that are inherently easy to crack, but that his advice steered everyday computer users toward lazy mistakes and easy-to-predict practices. Burr’s eight-page password document, titled “NIST Special Publication 800-63. Appendix A,” advised people to use irregular capitalization, special characters, and at least one numeral. That might result in a password like “P@ssW0rd123!” While that may make it seem secure on the surface (neglecting, of course, that “password” is a bad password), the issue is that most people tend to use the same exact techniques when crafting these digital combo locks. That results in strings of characters and numbers that hackers could easily predict and algorithms that specifically target those weaknesses.

Even worse, Burr suggested people should change passwords regularly, at least every 90 days. This advice, which was then adopted by academic institutions, government bodies, and large corporations, pushed users to make easy-to-crack passwords. Most people can probably point to a password they’ve created that was deemed strong simply because it had a special character like the “!” or “?” symbol and a numeric string like “123.” And when prompted to change a password, who hasn’t altered it only slightly to avoid the hassle of coming up with an all-new code?

A popular xkcd comic from cartoonist Randall Munroe, published back in August 2011, poked a hole in this common logic by pointing out how the password “Tr0ub4dor&3” could be cracked in about three days with standard techniques, due to its predictable capitalization, numeric substitutions, and special character use. The password “correct horse battery staple,” written as a single phrase, would take 550 years. (Security experts have confirmed Munroe’s math, according to the WSJ.) “Through 20 years of effort, we have correctly trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess,” Munroe wrote at the bottom.

In other words, the passwords you should be using are obscure, almost unexplainable phrases full of human randomness that make them easy to commit to memory and yet almost impossible for an automated system to make sense of. Of course, for those who use password managers like LastPass, you can generate cryptographically secure passwords on the fly. But it’s still important to have a hard-to-crack master password.

“In the end, it was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree,” Burr admits of his advice. The new NIST standards that were published in June, authored by technical advisor Paul Grassi, did away with much of Burr’s advice."

We ended up starting from scratch,” Grassi tells the WSJ. But Burr might be exaggerating the negative effects of his password advice, Grassi adds: “He wrote a security document that held up for 10 to 15 years. I only hope to be able to have a document hold up that long.” For the complete article click here

System Security Buzz Words Made Easy

Thu, 28 Sep 2017 00:00:00 GMT

Phishing
the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Ransomware
a type of malicious software designed to block access to a computer system until a sum of money is paid.

Malware
Short for malicious software, is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is defined by its malicious intent, acting against the requirements of the computer user - and so does not include software that causes unintentional harm due to some deficiency.

Programs supplied officially by companies can be considered malware if they secretly act against the interests of the computer user. An example is the Sony rootkit, a Trojan horse embedded into CDs sold by Sony, which silently installed and concealed itself on purchasers' computers with the intention of preventing illicit copying; it also reported on users' listening habits, and unintentionally created vulnerabilities that were exploited by unrelated malware.

Software such as anti-virus and firewalls are used to protect against activity identified as malicious, and to recover from attacks

Viruses
A computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs or files, and that usually performs a malicious action (such as destroying data).

Trojan horses
A Trojan horse is a malicious computer program which misrepresents itself to appear useful, routine, or interesting in order to persuade a victim to install it. The term is derived from the Ancient Greek story of the Trojan horse used to invade the city of Troy by stealth. Trojan horses are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to be unsuspicious, (e.g., a routine form to be filled in), or by drive-by download. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. While Trojan horses and backdoors are not easily detectable by themselves, computers may appear to run slower due to heavy processor or network usage. Unlike computer viruses and worms, Trojan horses generally do not attempt to inject themselves into other files or otherwise propagate themselves.

Rootkit
Once a malicious program is installed on a system, it is essential that it stays concealed, to avoid detection. Software packages known as rootkits allow this concealment, by modifying the host's operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process from being visible in the system's list of processes, or keep its files from being read. Some malicious programs contain routines to defend against removal, not merely to hide themselves. An early example of this behaviour is recorded in the Jargon File tale of a pair of programs infesting a Xerox CP-V time sharing system: Each ghost-job would detect the fact that the other had been killed, and would start a new copy of the recently stopped program within a few milliseconds. The only way to kill both ghosts was to kill them simultaneously (very difficult) or to deliberately crash the system.

Backdoor (computing)
A backdoor is a method of bypassing normal authentication procedures, usually over a connection to a network such as the Internet. Once a system has been compromised, one or more backdoors may be installed in order to allow access in the future, invisibly to the user. The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. It was reported in 2014 that US government agencies had been diverting computers purchased by those considered "targets" to secret workshops where software or hardware permitting remote access by the agency was installed, considered to be among the most productive operations to obtain access to networks around the world. Backdoors may be installed by Trojan horses, worms, implants, or other methods.

Evasion
Since the beginning of 2015, a sizable portion of malware utilizes a combination of many techniques designed to avoid detection and analysis. The most common evasion technique is when the malware evades analysis and detection by fingerprinting the environment when executed. The second most common evasion technique is confusing automated tools' detection methods. This allows malware to avoid detection by technologies such as signature-based antivirus software by changing the server used by the malware. The third most common evasion technique is timing-based evasion. This is when malware runs at certain times or following certain actions taken by the user, so it executes during certain vulnerable periods, such as during the boot process, while remaining dormant the rest of the time. The fourth most common evasion technique is done by obfuscating internal data so that automated tools do not detect the malware. An increasingly common technique is adware that uses stolen certificates to disable anti-malware and virus protection; technical remedies are available to deal with the adware. Nowadays, one of the most sophisticated and stealthy ways of evasion is to use information hiding techniques, namely stegomalware.

Billions of devices at risk as Bluetooth-bourne vulnerability exposed

Thu, 28 Sep 2017 00:00:00 GMT

A Bluetooth vulnerability dubbed BlueBorne, discovered in April 2017, has been made public after companies including Google and Microsoft issued updates.

US-headquartered security company, Armis Lab, revealed the vulnerability on 12 September 2017.

BlueBorne is an attack vector through which hackers can potentially use Bluetooth connections to access devices including computers, mobile phones and IoT devices.

Such an attack would not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector.

Armis Labs estimates that more than 8 billion devices could be at risk. The vulnerabilities affect all devices running on Android, Linux, Windows and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use.

All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability.

BlueBorne’s difference to other types of attack vectors is the fact that it spreads through the air, which according to Armis, allows it to spread with minimum effort.

The other major concern is that traditional security measures do not protect from this type of threat. Also, no action from a user is necessary to trigger the attack.

On 19 April, Armis Labs contacted Google and Microsoft about the vulnerability. Google released a public security update and security bulletin on 4 September.

Microsoft had already issued updates on 11 July.

Apple was contacted in August but it had no vulnerability in its current versions. Samsung was contacted on three separate occasions and did not respond to the security company.

Linux was also contacted in August, information was provided to the Linux kernel security team and to the Linux distributions security contact list.

For the original article click here .

Identifying Phishing Emails

Thu, 28 Sep 2017 00:00:00 GMT

With the increasing use of phishing emails, we’d like to draw your attention to how to identify whether the email links you are being asked to click are legitimate. This is done by hovering your cursor / pointer over the link and revealing the domain or destination to where you will be sent. If you look at the final part of the domain before the forward slash (/) you can determine whether you think this link is from the organization referred to in the email. In the example below .cenotehopping makes little sense and indicates the link is not authentic.

If there is a string of cryptic numbers or an .exe file do not click on the link. Ring the organisation who has sent you the email and verify that the email is legitimate. As always it is better to be cautious than caught out.

Microsoft offers this information on recognising phishing email messages, links, or phone calls.

Bit Defender has been selected as Editor’s Choice by PC Magazine

Thu, 28 Sep 2017 00:00:00 GMT

PCMAG.COM Neil J. Rubenking - EDITORS CHOICE

Pros
Excellent scores in antivirus lab tests and our own tests. Autopilot mode for no-hassle protection. Best antiphishing score. New ransomware protection. Enhanced password manager. Secure browser. Vulnerability scan.

Cons

Password manager's form-fill ability proved inaccurate in testing.

Bottom Line

Editors' Choice winner Bitdefender Antivirus Plus earns top scores in lab tests and our own tests, and also packs in a wealth of useful bonus features.

The line dividing a simple antivirus utility from a full security suite isn't always clear. Take Bitdefender Antivirus Plus, for example. In addition to every feature you'd expect in an antivirus, it includes a password manager, a hardened browser, a secure deletion utility, a scan for system vulnerabilities, protection against ransomware attacks, and more. However, it doesn't offer a firewall, spam filtering, or parental control, among other features you get with Bitdefender's actual suite products. It's an antivirus, with benefits, and it remains an excellent choice if you're seeking malware protection.

Installation and Appearance

As with many modern security utilities, installation of Bitdefender involves going through your online account. Log into Bitdefender Central, enter your product key, and download protection. During the installation process, it runs a quick scan for active malware.

The product's appearance hasn't changed much since the previous edition, still featuring mostly white text against a dark gray background. A left-rail menu offers access to features: Protection, Privacy, Tools, Activity, Notifications, Account, Settings, and Support. The status panel displays a red warning if your configuration settings put the system at risk. Putting the system back in Autopilot mode should solve such problems, and if you leave Autopilot on, you should always see Protected in green as your status. Autopilot has been a Bitdefender staple for quite a few years now. In this mode, the antivirus takes care of business with an absolute minimum of fuss. It quietly wipes out any malware it finds. It updates itself as needed. If it really wants to communicate with you, it displays a number on the Notifications icon.

Bitdefender Antivirus Plus Main Window

From the Protection and Privacy tabs, you can click to view feature details. Here, you'll begin to realize how this feature-rich antivirus differs from Bitdefender's security suite products. On the Protection Features page, you see that firewall and antispam protection require an upgrade. Under Privacy Features, file encryption, webcam protection, and parental advisor all require an upgrade. The Tools page, furthermore, is filled entirely with features that are only present in Bitdefender's top-of-the-line suite.

Fantastic Lab Scores

Each of the independent antivirus testing labs takes its own approach to testing and scoring antivirus products. The more labs that include a product in testing, the more complete a picture I can get by looking at all their results. I follow five labs, and all five of them include Bitdefender. That's an honor not accorded to many. Of the companies I track, the only others covered by all five labs are Avast, AVG, ESET, and Kaspersky Anti-Virus.

SE Labs attempts to emulate real-world situations as closely as possible in testing, by capturing real malicious websites and using a playback system to hit each product with the exact same attack. This lab offers certification at five levels: AAA, AA, A, B, and C. Bitdefender took the top certification, AAA, along with quite a few others.

Out of the many tests regularly performed by AV-Comparatives, I track results of four. This lab certifies a product at the Standard level provided that it achieves a passing grade. Those that do better, or much better, than the minimum can earn certification at the Advanced or Advanced+ level. Out of four tests, Bitdefender earned four Advanced+ ratings.

Most of the tests that I follow return a numeric result or a rating level. Tests by MRG-Effitas don't do that. A product either turns in a near-perfect performance or it fails, and many do fail. Bitdefender passed this lab's banking malware test. In the general malware test it received Level 2 certification, which means that while it did not completely prevent every malware attack, it did remediate all attacks within 24 hours.

For the full article click here .

CEO Fraud Attacks Were Far More Lucrative Than Ransomware Over the Past 3 Years

Thu, 24 Aug 2017 00:00:00 GMT

Cisco's midyear report released this week showed that CEO fraud netted cybercrime five times more money than ransomware over the last three years.

The surprising highlight of Cisco's ninety-page report was that cybercrime made 5.3 billion from CEO fraud attacks--called business email compromise (BEC) by the FBI--compared with a "mere" 1 billion for ransomware over a three-year stretch.

Ransomware takes time to develop and extensively test before any Bitcoin comes into the wallet, compared to doing a quick bit of research on LinkedIn and crafting a spoofed spear-phishing attack. CEO fraud simply is faster to pull off. Moreover, your run-of-the-mill spray-and-pray ransomware attacks are often lower-dollar numbers.

Schooling Users on CEO Fraud and Ransomware

Cisco says targeted cybersecurity education for employees can help prevent users from falling for CEO fraud and ransomware attacks. The finance department could especially benefit from security training on phishing campaigns, so when the bogus email comes across the transit of the CEO asking for a funds transfer it can be detected.

Regular software patching also is crucial. When spam laden malware hits or ransomware attacks like WannaCry surfaces, the impact can be minimised. "People focus on new technology, but forget about patching and maintaining the infrastructure."

A balanced defensive and offensive posture is required, not just with firewalls and antivirus, but also including measures to hunt down possible attacks through data collection and analysis.

Spyware Makes a Comeback

Cisco found that in the first half of this year, attackers altered their methods of delivering, hiding, and evading their malicious packages and techniques.

File-less malware is popping up, which lives in memory and disappears when a device reboots, according to the report. As a result, it makes detection and the ability to investigate it more difficult.

Additionally, attackers are also making use of anonymised and decentralised infrastructures, to hide command and control activities.

Meanwhile, three families of spyware ran rampant, affecting more than 20% of the 300 companies in the report sample.

Ironically, many organisations underestimate or virtually dismiss spyware. "Spyware is being disguised as adware and adware, unlike spyware, does not create damages for a company," says Cisco. He adds that attackers are injecting spyware and other forms of malware into adware, since adware is a low priority for security teams.

‘Destruction of Service’ Attack Threat

The report also highlights the dangers of Destruction of Service (DeOS) attacks, epitomised by the likes of WannaCry and NotPetya which were both much more destructive than traditional ransomware. According to Cisco, these types of attacks have the strength to eliminate organisations’ data backups and leave them unable to recover.

Cost of Downtime Not Calculated

The one thing related to ransomware that was not considered was the amount of damage caused by downtime, having workstations and servers not up & running. If you calculate that in, ransomware is probably as damaging as CEO fraud, or even more.

New Type of WhatsApp Phishing Attack

Thu, 24 Aug 2017 00:00:00 GMT

Heads-up. There is a new social engineering attack currently being tested in Europe, which means we may see it in the rest of the world very soon.

The bad guys are using malicious WhatsApp ads, which offer a 250-dollar coupon for a well-known retailer, in exchange for a short survey. The invite looks like it comes from a friend on WhatsApp. A similar strain installs a malware on the phone, which looks like a software update, but steals all the contacts, phone numbers and email addresses - and if they can find any, passwords and banking credentials.

There are different ways to monetise all this phishing data, and it looks like the bad guys have got that down too, from selling the stolen credentials to using the malware to go viral to all the contacts on the phone.

The large retailers have reported hundreds of these attacks to Europe's federal Cyber Crime Unit.

Does your house need a Google Home?

Wed, 23 Aug 2017 00:00:00 GMT

Though there are multiple options for voice-activated smart assistants available in the US, the launch of Google Home marks the first official entry of this exciting new category into Australia.

This cute little speaker essentially acts as a hub for all things Google in your house, performing tasks you might already do on your phone or computer — quick web searches, streaming music and TV shows, interacting with smart home gadgets — but it does it all with a quick spoken request from you.

Given how hit-and-miss voice services are in general, the reviewer was immediately impressed with how naturally you can interact with the Home. It can hear you whispering from across the room, can learn to differentiate different members of the household, and can parse natural-language requests regardless of your syntax, so you don't have to remember many exact phrases to get to what you want.

Just say "OK Google" or "Hey Google" to make it listen — you can tell by the colourful lights that appear on its surface — and then make your request. The Google Assistant replies in a soft, female voice, answering your questions or confirming the operations it's carrying out on your connected devices.

Let the music play
The first query the app suggested to be tried after setup was "OK Google, play some music". Home, of course, had no problem carrying out the simple request, immediately pumping out some 80s rock.

As a music player Home is surprisingly competent, one the nicest sounding speakers of its size, even at full volume. It can be used just like a Chromecast Audio, sending directions from any compatible app to play on the speaker, and an update rolling out soon will let you connect via Bluetooth if the app you're using doesn't cast.

Most convenient though is just asking for what you want to hear. You can be as broad or as specific as you like, asking for genres, moods, artists, albums or songs. If you want a specific version, just add more details.

You'll need Spotify Premium or a YouTube Red / Google Play Music subscription. Once you've trained Home to recognise the voice of each person in your household, it will use their Play Music library to tailor choices to them.

It will also easily pull music you've personally uploaded to your Play library.

You can ask for the radio too. If you have Chromecasts in your home you can also choose to beam your audio to any speaker or groups of speakers you like, as easily as saying "OK Google, play Metallica in the lounge room".

Hidden smarts
Beyond being a media player, Home can connect to a multitude of services — Google owned and otherwise — to quickly fetch info and fulfil tasks in a fraction of the time it would take you on your phone.

This is great for the dozens of quick queries you might usually Google each day — "what time will the sun set tonight?", or "what is 800 ounces in grams?" — but also for information you might get from other apps, like weather forecasts, news on a particular topic, or where the nearest burger joint is.

Home can also read your calendar so you can ask "when's my first meeting", "what do I have on today" or "can you schedule a lunch meeting at 1pm Thursday". Unfortunately this currently only works with the main calendar of your Google account.

It can also be used to set timers, alarms, and reminders.

Smart home pioneers can use Home to interact with certain brands of connected light globes, powerpoints and more as well. The selection is a bit limited, but there is full compatibility with IFTTT, so you can apply your own recipes and, for example, have all your globes turn on when you say "OK Google, lights up".

If you watch TV on a cast-enabled device, Home will also pull down shows from Netflix, and YouTube just fine.

Of course, like any voice-activated tech it's also fun just to chat to it and see what it says. You'll occasionally get a bemused dead end, but there's a surprising amount of simulated wit packed in.

Overall Home has been adapted very well to life in Australia. The language recognition is top notch, the responses are in-depth and conversational, and it makes heaps of tiny tasks a little bit simpler. Future updates will doubtlessly add more functionality as well but if there was one hardware feature I'd like to see in a Home 2 it's a bit of battery power so it could be carried temporarily to a different room.

For the original article click here.

New Social Engineering Attack Turns Off Your Power

Wed, 23 Aug 2017 00:00:00 GMT

OK, better get thinking about generators and 1,000 gallon drums of fuel to keep your data center up and running (which you should have done anyway for your disaster recovery plans...)

A new attack vector that bypasses all your software defenses has been discovered by Israeli cybersecurity company Cyberint. At the moment, the bad guys are only targeting US and UK energy companies which could cause power cuts and even cost lives, but this tactic could be used against anyone.

Here is how it plays out. A "honey-doc" masquerades as a resume attached to a harmless email. Both email and attachment are totally clean and contain no malicious code whatsoever. That's what makes them undetectable to any kind of incoming email filter.

However, the Word doc *is* weaponized with a template reference that, when the document is loaded, connects to the attacker’s server via Server Message Block and downloads a Word template which has an extremely well-hidden malicious payload.

The connection to the SMB server also provides the attacker with the victim’s credentials, which can then be used to acquire sensitive information and/or infiltrate the network and/or control systems used by the targeted employee.

The campaign appears to have started in May, and as it is targeted at infrastructure control systems of US and UK energy companies, it's not too hard to guess who is behind it.

The problem is that once this type of attack is out there in the wild all kinds of bad guys get their hands on it. To protect against this type of attack, you want to step your employees through new-school security awareness training so that they do not fall for social engineering tactics like this.

Computer Interfaces Gets Faster

Wed, 23 Aug 2017 00:00:00 GMT

Your desktop or laptop computer has a wide variety of ports and connection types, but what are they all for and how do they differ? USB 2.0, USB 3.0, eSATA, Thunderbolt, Firewire, and Ethernet are some of the technologies that are built into many of the computers sold today. So, what’s the fastest connection type? What type of connection is best to consider for an external hard drive? What about for 4K multi-monitor support? In this article, we’ll talk about the different types of high-speed data ports and how they are used. No matter what type of computer you have, you probably have one or more of the high speed connection types covered in this article. Let’s first take a look at the different speeds for each type of connection. Note that the rated speeds are not what you’ll get in real-world conditions. Most likely, you’ll be able to get anywhere from 70% to 80% of the max speeds listed.

Speed
The USB 2.0 connection type has pretty much become the standard. You have likely used a USB 2.0 cable to connect some device or drive to your PC or Mac at some point and you probably have several spare USB cables laying around the house. Even though USB 3.0 is here, many PC peripherals and other devices are still being manufactured with USB 2.0 connectivity. Many devices do not yet use USB 3.0, nor do they use Thunderbolt. Why? Because USB 2.0 is simply fast enough to handle minor tasks and many devices simply do not require lightning fast speed, such as mice and keyboards. OK great, so how fast is USB 2.0 exactly?
USB 2.0 is rated at 480Mbps. That's about 60 megabytes per second. For quick reference, 1000 Mbps equal 1Gbps, which is considered gigabit.

The USB 3.0 connection type is the next step for USB (from 2.0). USB 3.0 transfer speeds are about 10x faster than previous USB 2.0 speeds. So, what does that amount to?

USB 3.0 is rated at 5 Gbps. That’s about 640 megabytes per second.

In 2013, USB 3.1 was also released and is rated up to 10 Gbps. That’s around 1280 megabytes per second or 1.2 GB per second. This means that USB 3.1 is about as fast as a single first generation Thunderbolt channel. It’s also worth noting that the new USB Type C connection will support USB 3.1 for a max data transfer rate of 10 Gbps. eSATA stands for external SATA. SATA, of course, is a connection type that is used to connect an internal hard drive to a computer. So, inside your desktop or laptop is the hard drive, which in most cases, connects to the motherboard using a SATA interface.

With eSATA, an external hard drive can use that same connection type and technology to be connected to the computer. The hard drive inside a computer is quicker than a standard external hard drive (USB 2.0), so what kind of speeds does eSATA produce?

eSATA is rated at 3 Gbps and 6 Gbps.

Thunderbolt cables are the newest connection type featured on this list. Originally codenamed “Light Peak,” Thunderbolt was first a technology that was developed by Intel. For Thunderbolt’s consumer debut, Apple Inc. added the high speed interface to nearly all of their devices in the Mac lineup, making them one of the first companies to use the technology. Thunderbolt is capable of more than other connection types, but we will get to that later. What kinds of speeds does Thunderbolt produce?

Thunderbolt is rated at 10 Gbps per channel (x2). Thunderbolt 2 raises that value to 20 Gbps over a single channel. Thunderbolt 3 doubles the bandwidth again to 40 Gbps.

Firewire, or IEEE 1394, is another connection type that was popular for a while, but has kind of gone away over the last few years. The popularity of USB 2 and USB 3 devices slowed adoption of Firewire, resulting in the slow decline of the connection. This occurred even though Firewire 400 and 800 are faster than previous USB technologies (not including 3.0).

Firewire is rated at 3 Gbps (400) and 6 Gbps (800).

Ethernet is a connection type that is used mainly for networking, so it is not designed to be super-fast. However, Ethernet cable can be used to transfer computer data too.

Ethernet is rated at 100Mbps.

Summary
To summarise the above data, the connection types would result in the following from fastest to slowest.

1. Thunderbolt (up to 40 Gbps)
2. USB 3.1 (10Gbps), then USB 3.0 (5 Gbps)
3. eSATA (6 Gbps)
4. Firewall (6Gbps)
5. Gigabit Ethernet (1 Gbps)
6. USB 2.0 (480 Mbps)
7. Ethernet (100MBps)

For the original article click here .

Windows 10 Anniversary Update

Sat, 19 Aug 2017 00:00:00 GMT

Microsoft have just released the Windows 10 Anniversary Update.
This update is being rolled out progressively so it may be a week or two before it is available on your device.

There are a lot of new features including being able to log into apps using face recognition.

Click here to learn more.

Just a note of caution. Plan when you are going to run this update as your device will be unavailable for at least an hour while the upgrade is installed.

Microsoft Office 2016

Thu, 13 Jul 2017 00:00:00 GMT

Please note: Businesses should not be running any version of Office older than 2010

With Microsoft Office 2007’s support due to expire on 10 October 2017, now is a good time to upgrade to a newer suite such as Office 2016. From October Microsoft will no longer supply patches for security vulnerabilities or fixes for other bugs, nor will it provide company-assisted technical support, whether free or paid, such as by-phone or trouble shooting.

That gives businesses that are using Office 2007 just over three months to drop Office 2007’s applications and switch to a new suite.

Here are the top 6 reasons to upgrade your Microsoft Office Suite to 2016 .

1. Built for teamwork

In Word, PowerPoint, and Excel, there's easy sharing right from within the app. You can also see who has access to a given file and who is currently working in it.

2. New Chart Types in Word, PowerPoint, and Excel

Visualize financial or hierarchical data, and highlight statistical properties of your data with new chart types: Treemap, Waterfall, Pareto, Histogram, Box and Whisker, and Sunburst.

3. Faster, easier ways to get data into Excel

Excel includes a powerful new set of features called Get & Transform, which provides fast, easy data gathering and shaping capabilities. Get & Transform enables you to connect, combine, and refine data sources to meet your analysis needs.

4. Modern Attachments in Outlook

Attach a document from your recent items and share them from OneDrive or SharePoint with email recipients. Also configure sharing permissions so that all the recipients have access to the attached file without having to leave the app.

5. Smart Lookup in Word, PowerPoint, Excel, and Outlook

Fact-check or explore terms in your documents with Bing-powered Smart Lookup. Simply highlight terms in your document and use this feature to bring in search results from the web right into your reading or authoring environment.

6. Tell Me in Word, PowerPoint, Excel, Outlook, Project, Visio, and Access

Simply type what you want to do in the app using your own words, and then Tell Me will guide through the process as well as offer additional resources.

Security News

Thu, 13 Jul 2017 00:00:00 GMT

When we think of hackers we mostly assume these are individuals working alone. This is far from the truth with communities of hackers working together, mostly to the detriment of governments and organizations.

“Anonymous” is a loosely associated international network of activist and hacktivist entities. A website nominally associated with the group describes it as "an Internet gathering" with "a very loose and decentralized command structure that operates on ideas rather than directives". The group became known for a series of well-publicized publicity stunts and distributed denial-of-service (DDoS) attacks on government, religious, and corporate websites.

Anonymous originated in 2003 on the imageboard 4chan, representing the concept of many online and offline community users simultaneously existing as an anarchic, digitized global brain. Anonymous members (known as "Anons") can be distinguished in public by the wearing of Guy Fawkes masks in the style portrayed in the graphic novel and film V for Vendetta.

In its early form, the concept was adopted by a decentralized online community acting anonymously in a coordinated manner, usually toward a loosely self-agreed goal, and primarily focused on entertainment, or "lulz". Beginning with 2008's Project Chanology—a series of protests, pranks, and hacks targeting the Church of Scientology—the Anonymous collective became increasingly associated with collaborative hacktivism on a number of issues internationally. Individuals claiming to align themselves with Anonymous undertook protests and other actions (including direct action) in retaliation against copyright-focused campaigns by motion picture and recording industry trade associations. Later targets of Anonymous hacktivism included government agencies of the U.S., Israel, Tunisia, Uganda, and others; the Islamic State of Iraq and the Levant; child pornography sites; copyright protection agencies; the Westboro Baptist Church; and corporations such as PayPal, MasterCard, Visa, and Sony.

Anons have publicly supported WikiLeaks and the Occupy movement. Related groups LulzSec and Operation AntiSec carried out cyberattacks on U.S. government agencies, media, video game companies, military contractors, military personnel, and police officers, resulting in the attention of law enforcement to the groups' activities. Some actions by members of the group have been described as being anti-Zionist. It has threatened to cyber-attack Israel and engaged in the "#OpIsrael" cyber-attacks of Israeli websites on Yom HaShoah (Holocaust Remembrance Day) in 2013.

Anonymous have also joined the fight against terrorism. The group announced a major, sustained operation against ISIS following the November 2015 Paris attacks, declaring "Anonymous from all over the world will hunt you down. You should know that we will find you and we will not let you go” ISIS responded by calling them “idiots” and asking “What they gonna hack?”.

By the next day, however, Anonymous claimed to have taken down 3,824 pro-ISI Twitter accounts, and by the third more than 5,000. A week later, Anonymous increased their claim to 20,000 accounts and released a list of the accounts.

LastPass

Thu, 13 Jul 2017 00:00:00 GMT

Most of us don’t do very well when it comes to setting and remembering passwords. We also come up short regarding safe storage of our passwords.

Thankfully, there are password managers like LastPass. With a password manager, the app generates unique, complex passwords for each site or app that requires one. When you need to log in, LastPass fills in the correct information, even filling it in in other apps.

LastPass also securely stores your personal information so you can quickly fill out tedious forms, and includes mechanisms to safely share passwords with other people—even after you've departed this mortal realm.

A new pricing structure lets you create an account and sync passwords between all your devices, mobile or otherwise, for free.

Microsoft Surface Pro

Thu, 13 Jul 2017 00:00:00 GMT

Computer Culture have joined a small select group of companies to become an official Microsoft Surface Product Reseller.

We are now able to source directly:

The New Surface Pro
Surface Pro 4
Surface Laptop
Surface Book
Surface Studio

The new Surface Pro is 8.5mm thick and weighs only 786 grams. Processors options includes m3, i5 and i7, hard drive sizes ranging from 128Gb up to 1TB and memory 4Gb up to 16GB. Battery life is claimed to be 13.5 hours.

What is a Botnet?

Fri, 23 Jun 2017 00:00:00 GMT

This is a subtitle for your new post

A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attacker access to the device and its connection. The owner can control the botnet using command and control (C&C) software. Users are often unaware of a botnet infecting their system.

Infected devices are controlled remotely by cybercriminals, and are used for specific functions, so the malicious operations stay hidden to the user.

The botnet malware typically looks for vulnerable devices across the internet, rather than targeting specific individuals, companies or industries. The objective for creating a botnet is to infect as many connected devices as possible, and to use the computing power and resources of those devices for automated tasks that generally remain hidden to the users of the devices.

For example, an ad fraud botnet that infects a user's PC will take over the system's web browsers to divert fraudulent traffic to certain online advertisements. However, to stay concealed, the botnet won't take complete control of the web browsers, which would alert the user. Instead, the botnet may use a small portion of the browser's processes, often running in the background, to send a barely noticeable amount of traffic from the infected device to the targeted ads.

On its own, that fraction of bandwidth taken from an individual device won't offer much to the cybercriminals running the ad fraud campaign. However, a botnet that combines millions of devices will be able to generate a massive amount of fake traffic for ad fraud, while also avoiding detection by the individuals using the devices.

Phishing Attack Attempts

Fri, 23 Jun 2017 00:00:00 GMT

Phishing Attempt 1

This type of attack is becoming more frequent and the sender masquerades as a legitimate organisation. The email in this article was apparently from Victoria University of Wellington. It was very similar to one in a recent incident where a Christchurch company was scammed out of tens of thousands of dollars by a fake Otago University purchase order.

These can be circumvented by finding the organisation’s genuine website and calling their procurement department to verify the authenticity of the enquiry. If it’s too good to be true it usually is.

Attention: Sales/accounts
Victoria University of Wellington wish to express it's interest in your extensive line of products & services and hereby submit a request for quote for the items below;
1. WD My Passport Ultra 1TB & 2TB Portable External Hard Drive
2. Toshiba 1TB & 2TB Canvio Basics USB 3.0 Portable Hard Drive
3. Seagate Expansion 1TB & 2TB USB 3.0 External Hard Drive
APPLE PRODUCTS
1. Apple 15.4" MacBook Pro Retina Display with Touch Bar 2.7 GHz Intel Core i7 Quad-Core
2. Apple Macbook Pro (2016) Retina Display 2.8GHz Intel Core i7
3. Apple 13.3" MacBook Pro 3.1 GHz Intel Core i7
In addition to the above, you may kindly forward us your credit app and also let us know your billing procedures for 30 days payment terms.
Best Regards,
Philip Thomas
Strategic Procurement
Victoria University of Wellington
Kelburn,
Wellington 6012,
New Zealand
Phone: +64 4-472 3478
Fax: +64 4-472 3100

Phishing Attempt 2

Another common attempt is notification of expired or suspended services. Don't click on the link (you can often inspect the link by hovering the mouse cursor over the link. The best approach is to call your IT provider first.

Phishing Attempt 3

This example is in a similar style.

A Dangerous Link

Fri, 23 Jun 2017 00:00:00 GMT

A link was sent to one of our customers via an email. As this appeared to be from contact they knew they assumed it was safe. The link was to a video for them to watch.

HP Fraud Alert

Fri, 23 Jun 2017 00:00:00 GMT

Fraudulent callers are posing as HP representatives and asking HP customers for personally identifiable information. In some cases, originating phone numbers appear to be from genuine HP contact numbers.

These scam callers might request the following:

Your personal information
A return call
A fee for technical support services
Remote access to your computer or device, so they can install malware or viruses in order to charge you a removal fee

To protect yourself, if you receive one of these scam calls, hang up and do not provide any personally identifiable information.

Do not provide any confidential information, such as customer IDs, passwords, contact information, social security numbers, credit or debit card numbers, PINs, or account information.
Do not provide remote access to your computer or device.
Do not transfer funds.
Do not install any software suggested by the caller.

The security of HP customers' devices and personal information is a top priority for HP. HP does not contact customers to provide unsolicited technical support. If you believe you have been contacted by a scammer and are concerned about your personal information, run a virus scan on your computer or device, or contact your security software provider for assistance.

What to do when you are hacked

Fri, 23 Jun 2017 00:00:00 GMT

Security experts have been saying for more than a decade that it is “not if, but when” an organisation will be hacked. Therefore, the focus needs to move to “What to do when you are hacked”.

Cybercrime is big business, a huge underground economy estimated to be larger than the drug trade. Large amounts of money are then invested into developing new cyber-attacks to steal data, hijack systems and find your passwords, credit card and bank details.

Companies need to identify what their critical data is, where it is located, the impact on the company if that data is destroyed or shared, and how quickly they can recover from a breach. The response to a major hack becomes as important as the security measures taken to protect that data.

The attacks are getting more sophisticated and even security professionals fall for phishing. This highlights the need to report and alert the general public to new scams and attacks as they are detected.

The reality is that “people are the weakest link” in the security chain. Organisations need to foster an environment that allows employees to do their jobs by providing training and testing to mitigate the risk.

The New Zealand Government has set up CERT NZ to provide trusted and authoritative information and advice, while also collating a profile of the threat landscape in New Zealand.

Computer Culture is constantly updating our Cyber Security solutions to ensure that our customers have the best protection and a way back from a disaster.

Paying with your face

Thu, 22 Jun 2017 00:00:00 GMT

Face-detecting systems will soon be regularly used to authorise payments, provide access to buildings and track down criminals and terrorists.

Face recognition might transform everything from policing to the way people interact every day with banks, stores, and transportation services.

Already governments in some countries are using software to identify suspected criminals in video from surveillance cameras.

The technology has taken off in China because of the country's attitudes toward surveillance and privacy. Unlike countries such as the United States, China has a large centralised database of ID card photos.

Facial recognition has existed for decades, but only now is it accurate enough to be used in secure financial transactions. The new versions use deep learning, an artificial-intelligence technique that is especially effective for image recognition because it makes a computer zero in on the facial features that will most reliably identify a person.

A Constant Threat

Thu, 25 May 2017 00:00:00 GMT

One of our senior engineers recently changed his home Internet connection to Vodafone. While he was online reconfiguring his router (which only took 3 minutes), hackers started attacking his router!

For him it was a very graphic example of how hostile the Internet has become. Using a device on the Internet without a strong firewall is a bit like swimming in a shark pool equipped only with a pair of swimming togs.

The Four Types of Attackers

Thu, 25 May 2017 00:00:00 GMT

1. Cyber Criminals
Cyber Criminals are motivated by money, so their attacks are designed to produce profit. Some of their operations are run like a large business with a call centre, management structure and make obscene profits.

2. Hacktivists
Hacktivists only interest is to undermine your reputation or destabilize your operations. Their approach is a cyber form of vandalism.

3. State-Sponsored Attackers
State-sponsored attackers are after important information and they are not in a hurry. These organisations have highly skilled hackers and specialise in detecting vulnerabilities and exploiting these before the holes are patched. It is very difficult to defeat these attackers due to the huge resources at their disposal.

4. Inside Threats
Insider threats could be malicious, but they could also be well-meaning employees who have been manipulated.

Scammers using fake purchase orders to target NZ businesses

Thu, 25 May 2017 00:00:00 GMT

Police are warning business owners to be wary that scammers are currently using forged District Health Board invoices to swindle New Zealand businesses out of goods. This is a similar scam to one operating earlier this year, where scammers were sending out fake purchase orders.

In this latest scam, using false email addresses, scammers have been sending forged purchase orders to businesses requesting the purchase of various items.

While the domain will look like the legitimate organisation, it will differ slightly with the use of full stops, dashes, or a slight rewording of the original name.

The purchase order request the companies send the goods to a New Zealand freight company, who are then instructed by the scammers to forward the goods on to an overseas address.
Police are aware of one shipment from Christchurch that has made it out of the country and is destined for the UK and Asia, but there may have been more incidents.

This was not related to the current DHB purchase orders that have been identified.
With the co-operation of overseas domain registering companies, several domains have been shut down by Police so far, however it appears that the scammers have now registered a domain like a New Zealand DHB.

“We are currently aware of three false District Health Board purchase orders that have been sent to separate New Zealand companies requesting goods for delivery to a freight company” says Detective Sergeant Michael Cartwright, New Zealand Police Financial Crime Unit.

“We believe that all District Health Boards could be at risk of being targeted and, due to the large number of suppliers health boards have, we are concerned that this has the possibility to affect a large number of different businesses throughout New Zealand.

“Our advice to businesses is that if you receive an email that seems suspicious in terms of format, numbers, language or delivery addresses, contact the relevant organisation first to verify if it is actually from them before you send anything out.

Poor English in the initial email is a common identifying factor for the scam, and the purchase orders will often have false phone numbers and email addresses on them.

“We ask that anyone who believes they may have been a victim of this scam, or anyone who has received a suspicious sounding email, please reports it to us immediately” says Detective Sergeant Cartwright.

Anyone who believes they may have been a victim of this scam can either contact their local Police Station or report it to Crimestoppers on 0800 555 111.

Issued by Police Media Centre.

Importance of Patching

Mon, 24 Apr 2017 00:00:00 GMT

Each year we see security reports from dozens of companies about how the sky is falling – mainly because the people sponsoring the reports are in the umbrella business. However, some data in a recent Verizon Data Breach Investigations Report was of some concern. Unpatched vulnerabilities are still a huge opportunity for threat actors.

The report looked at over 100,00 incidents with only 3% recognised as actual breaches. An enormous 99.9% of the exploited vulnerabilities took advantage of a reported Common Vulnerabilities and Exposures weakness that had been patched at least a year ago.

Most crucially, the report noted that it’s not just about patching, but also about ensuring you prioritise patching of your most critical and vulnerable systems.

Samsung Operating System Vulnerability

Mon, 24 Apr 2017 00:00:00 GMT

Samsung's Tizen operating system has been found to be riddled with security vulnerabilities that allow for remote-code execution, and for the delivery of malicious code via the OS' app store.

A security researcher is preparing to reveal 40 zero-day exploits that affect Samsung's Tizen operating system. Commenting on the finds, Amihai Neiderman said Tizen “may be the worst code I've ever seen,” he continued on to slate the code by saying it looks like the handy-work of an undergraduate, rather than that of someone with an understanding of security.

While the criticisms are harsh towards Tizen, it should be made clear that no software is ever perfect and there are always exploitable bugs in every nook and cranny. Samsung will be keen to ensure that it quickly patches the OS, though, because it powers 30 million TVs and hopes to run on 10 million Samsung phones by the year's end.

Neiderman claims “It may be the worst code I've ever seen. Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software.”

So, what exactly do the exploits allow for? Firstly, there are vulnerabilities that allow a hacker to control a device remotely in what is known a remote-code execution. Another exploit allowed Neiderman to hijack the TizenStore app and deliver malicious code to a Tizen device – namely his Samsung TV.

Last month, WikiLeaks released its first Vault7 leak which showed that the CIA could hack Samsung TVs and listen to conversations even if you thought the TV was switched off; there's every chance that the CIA used one of these newly uncovered vulnerabilities. Samsung has said that it's fully committed to working with Neiderman to fix the vulnerabilities.

More on Ransomware

Fri, 21 Apr 2017 00:00:00 GMT

Author: Luana Pascu

In 2016, the number of ransomware attacks increased 300 percent from 2015, with over 4,000 attacks detected per day, according to US government statistics. Ransomware is among the worst types of infection, as it not only encrypts network data, but in the end, may cost victims all their data – even if they pay the ransom. It should be a priority for all businesses and organizations in 2017.

Ransomware is not limited to consumer networks; it’s one of the most sophisticated types of malware that targets all internet users, from private individuals to corporate networks to government agencies. Ransomware attacks on enterprises affect shareholders, employees, and customers, and could lead to permanent damage caused by loss of confidential information, negative publicity, and financial loss.

Ransomware infections are hard to remove, as the FBI has confirmed. A proper understanding of the threat landscape would help enterprises build better security strategies to prevent attacks, but that’s not enough and, in many cases, companies are still oblivious to the risks and downplay the danger. Walmart, Target, Apple, EBay, and TalkTalk are only a few of the large businesses that have suffered massive breaches and data loss because of cyberattacks and vulnerabilities.

Employees are the weakest link in an organization so, most often, hackers use social engineering to trick users into clicking on infected advertisements or URLs in emails or into downloading attachments that will infect the corporate network with ransomware. Vulnerabilities and risks in the private sector have increased because of the widespread adoption of the internet of things and BYOD.

Multi-purpose devices used for both home and work tasks are a top risk. It only takes one random click to get infected. Once the device is connected to the company network, the infection can corrupt the entire corporate infrastructure. Organizations must dive deeper into threat analysis and mitigation, instead of sticking to the basics because tech innovation has prompted hacker innovation.

So, how can enterprises safeguard their infrastructure from the latest sophisticated ransomware variants? CISOs should implement prevention methods to mitigate risks in their organizations -- it’s always cheaper to prevent ransomware attacks than to spend money on system and data recovery.

Employees are the most common entry point for hackers seeking a way into your organization, so regular security training to educate them about network security and risk detection may reduce malware infection. Quite often the malicious code is implemented on legitimate websites to trick the untrained. The workforce must learn to distinguish between authentic links and emails, and phishing scams which could lead to ransomware infections or trick them into giving away passwords and sensitive information.

If you’re dealing with a ransomware attack, don’t rush into paying ransom. Previous events have demonstrated chances are quite high that the hackers won’t send a decryption key to restore the data anyway, and you’d be encouraging a criminal business model. And ransom payment doesn’t mean cybercriminals will not target your business again or even demand more money.

“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom,” explains FBI Cyber Division Assistant Director James Trainor. “Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

When dealing with an infected device, the safest approach is to immediately remove it from your network and reach out to law enforcement. The goal is to keep the malware from spreading across your infrastructure so another step is to change all passwords once the infected device has been disconnected and then once again after the malware has been removed and data restored.

Hackers don’t always need to expend much effort in breaching your network because you make it easy for them from the start. Perform regular system scans and updates of all operating systems, software, and firmware, if possible, and check them for vulnerabilities. Periodically back up company data either on physical devices offline or in the cloud, and secure backups by not keeping them connected full-time to the company infrastructure. In some cases, ransomware infections have also locked cloud-based backups.

When a cyberattack is detected, thoroughly document the vulnerabilities that led to it and the measures taken to restore the system. Based on this learning and industry research, focus on implementing a security strategy to prevent future similar incidents and keep your business free from cybercrime.

Protect Your Phone

Fri, 21 Apr 2017 00:00:00 GMT

Author: Ali Dehghantanha - Lecturer in Cyber Security and Forensics, University of Salford

If you’ve ever forgotten your phone or left it at home for the day, you will have realised just how much you use it. On average, we check our mobile phones about 110 times a day. Using them for just about everything, from summoning an Uber car and paying for our latest Amazon purchases, to receiving prescriptions and even tracking shares and trading on the stock market.

Unsecured mobile phones are among the top seven major causes of security breaches and your mobile number is all a hacker needs to start the attack. Using your number, hackers can send you a text message containing a malicious link, which when clicked allows them to read your texts, listen to your calls and even track your whereabouts.

Smartphones are valuable targets for hackers – more so than laptops or personal computers. This is because they can be used as a “pivot point” to attack heavily protected environments such as banks or critical national infrastructure. Hackers can redirect their malicious traffic through your phone and store collected data on it. This means that all forensics traces would point to you as the hacker rather than the real culprit.

On top of this, most phones are open to attack 24 hours a day, seven days a week, often with only limited security features in place. Combine this lack of security with the fact that most modern phones now contain more processing power than the computers that landed Apollo 11 on the moon, and it’s not hard to see why they are a hacker’s weapon of choice.

The worst-case scenario? You could wake up one morning to the police kicking down your door, investigating a sophisticated cyberattack with all the evidence pointing to you. Regardless of how ridiculous it may seem, in the absence of any cyber-monitoring or cyber-defence solution you would have a very hard time proving that you were not guilty. And it is not just hackers you need to worry about, even the US National Security Agency and the UK’s GCHQ have secretly used innocent people’s devices to cover their malicious activities.

In my career as a cyber forensics investigator, I have not only seen many of these cases but also scenarios where hackers have been hired by organisations to deliberately frame employees by planting material such as child pornography onto their work phones. The person in question is then accused, for example, of selling secret company information to competitors and when the legal team investigates their phone, they find the child pornography. It is a scary prospect.

Keeping your phone under lock and key isn’t really an option.

Many people wrongly believe that their mobile service providers should deploy cyber-protection mechanisms for their users. But if you read the terms of service, you will clearly see that as the owner and user, it is solely your responsibility to protect yourself. Exactly in the same way that you protect your laptop when you surf the internet.

If you are reading this and you are yet to install at least an anti-virus application on your phone, stop reading immediately and install one – there are many good anti-virus applications that are completely free. You should also make sure to only install applications from well-known app markets such as Google Play or the Apple or Windows Stores. Never “jail break” or root your phone to install free apps unless you are a security expert and know what you are doing.

And it may sound like common sense, but do not click on the links you receive from unknown sources. It is also a good idea to have all your phone data encrypted and to install a logging or monitoring solution on your phone to have records of all activity. It could well turn out to be your “get out of jail free card” – just on the off chance anything was to happen.

Risks from Seldom Used Devices

Fri, 21 Apr 2017 00:00:00 GMT

Devices such as laptops and desktops which are seldom used are a risk to a customer’s security and can present a serious vulnerability in their network.

If they stay offline for a few months and then are re-introduced to the network these will not have current antivirus definitions or patches installed. The devices will be getting used immediately in their unpatched state, then often shut down again before all the patches and additional updates can be installed.

This can lead to some easily exploited vulnerabilities in your network that cyber criminals can use to do some serious damage to your business systems and infrastructure.

If you have any devices that haven’t been used for more than 2 weeks, give our friendly team a call to find out how to safely bring these back online on your network.

Removable USB Drives are no longer a recommended solution.

Mon, 20 Mar 2017 00:00:00 GMT

For a considerable period, small external USB hard drives were a favoured means of backing up a company’s valuable data. This backup method ticked the boxes by ensuring the storage device was backed up to another destination and secondly that backup was taken offsite. It was a satisfactory solution provided there was at least 3 drives, they were rotated out daily and one of the set was always offsite in a secure location.

Unfortunately, over time the short comings of this type of backup have become painfully apparent.

The list of problems include:
• USB Drives failing due to constant handling and transporting
• Drive not changed due to designated person being on leave or off sick
• Staff become forgetful or complacent and drive changes do not occur daily
• Error reports generated by the backup software being ignored

One of the inherent problems with this backup system is that if the current backup and the source are at the same location and a disaster occurred later in the day the amount of work lost can be up to 2 days. In this scenario, the last backup is going to be at least 24 hours old and still onsite with the person who was responsible for taking it home that evening.

We know of a company where one of the backup drives had failed and they were down to only two in rotation. On the day of the February earthquake, the server was in the office, the first backup drive was plugged into the server ready for the end of day back up, and the second drive was in the manager’s briefcase ready to be taken off site that evening. When the quake struck everyone quickly evacuated the building leaving the server and all the backups in the building. Fortunately, the company was able to get back into the building and rescue the backup. In doing so they avoided a disastrous data loss and learnt a very powerful lesson.

It is for all of the above reasons that Computer Culture no longer recommends this type of backup. With the value of company data and rapid growth of cybercrime, a robust backup system is now an essential part of an organisations IT.

An offsite backup solution which is proactively managed and monitored has become the favoured solution of many of our customers. Please call us If you wish to make the move away from the rotated drive backup system.

How to tell if email is fake, spoofed, or spam

Mon, 20 Mar 2017 00:00:00 GMT

By now, you’ve heard about phishing – fraudulent emails that masquerade as communications from a legitimate source. These emails trick unsuspecting readers into giving up personal information or compromise their machines with spyware or viruses. Thankfully, email filtering and security has improved a great deal over the past few years. Unfortunately, no matter how effective the security, some phishing emails will always make it to the inbox – that’s where you come in. Here are some tips to help you identify a phishing or spoofing email.

Don’t trust the name
A favourite phishing tactic is to spoof the display name of an email. It’s easy to set the display name of an email to anything – you can do it yourself in Outlook or Gmail. Spoofing involves simply setting the display name or “from” field of outgoing messages to show a name or address other than the actual one from which the message is sent. When this simplistic method is used, you can tell where the mail originated by checking the mail header.

You can’t trust the header
It’s not just the display name that can be spoofed, but also the email header. Emails are built on some very old technology (in internet terms): SMTP, or Simple Mail Transport Protocol. When you send an email, it goes to a SMTP server first, then the message is relayed from SMTP server to SMTP server across the internet. When the message arrives at its penultimate destination, the email is stored in the recipient’s (e.g. in their Office 365 Mailbox). Finally, the message is fetched by an email client so the recipient can read it. While this may seem complicated, the important thing to remember is that SMTP just passes along what it was given. Clever fraudsters can fool the SMTP server into sending along an email that isn’t legitimate.

While there are several, technical ways to figure out if this is the case, the simplest method is to see where the “reply to” section of the full header will lead you to. If it indicates that your reply would be redirected to an address that’s different from the sender’s address, then you have good cause to be suspicious.

Hover before you click
Clicking links in emails is inherently risky – you don’t know where a button, link or video will actually send you. But, if you hover your mouse over any links embedded in the body of the email, you can see the raw link. If it looks strange, don’t click it – there’s a good chance the email is fraudulent.

Remember the basics
If an email has spelling mistakes, requests personal information, or is written in threatening language, you should be suspicious. If you did not initiate contact with the sender, be wary and think where they could have found your contact details.

Trust your instincts
Given today’s e-mail infrastructure, there’s not much that can be done to prevent spoofing. Companies and organisations can tighten up their mail servers. This just makes it a little more difficult for criminals, not impossible.

Appearances can be deceiving. Just because an email has convincing logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be sceptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it. If something looks off, there's probably a good reason why. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.

Source: Hewlett Packard Enterprise

Embedded devices at risk from Windows Trojan

Mon, 20 Mar 2017 00:00:00 GMT

Attackers have started to use Windows and Android malware to hack into embedded devices, dispelling the widely held belief that if such devices are not directly exposed to the Internet they're less vulnerable.

Researchers from Russian antivirus vendor Doctor Web have recently come across a Windows Trojan program that was designed to gain access to embedded devices using brute-force methods and to install the Mirai malware on them.

Mirai is a malware program for Linux-based internet-of-things devices, such as routers, IP cameras, digital video recorders and others. It's used primarily to launch distributed denial-of-service (DDoS) attacks and spreads over Telnet by using factory device credentials.

Chicks or Chicks?

Mon, 20 Mar 2017 00:00:00 GMT

At Computer Culture we are constantly refining our web filtering settings to ensure we strike a happy balance between keeping out the malicious content and allowing legitimate use.

We don’t always get it right and below is an example of an overly protective filter which thought that the user viewing a link to “new chicks” was a bit dodgy. However, this sort of harmless block is always a great reminder to know that you’re being protected!

The process of screening out rogue and undesirable websites is an essential part of a security solution so we can afford to have the odd false positive.

Smart Spinach

Mon, 20 Mar 2017 00:00:00 GMT

Spinach is no longer just a superfood: by embedding leaves with carbon nanotubes, MIT engineers have transformed spinach plants into sensors that can detect explosives and wirelessly relay that information to a handheld device similar to a smartphone.

This is one of the first demonstrations of engineering electronic systems into plants, an approach that the researchers call “plant nanobionics.”

“The goal of plant nanobionics is to introduce nanoparticles into the plant to give it non-native functions,” says Michael Strano, the Carbon P. Dubbs Professor of Chemical Engineering at MIT and the leader of the research team.

Microsoft Windows 10 Support

Tue, 21 Feb 2017 00:00:00 GMT

If you have steadfastly refused to update your Windows 10 PC to a new build since launch, Microsoft has given you another 2 months reprieve to still get patches and bug fixes.

Build 1507 of the OS was to exit support on the 26th March, but Microsoft has now announced on Technet that version 1507 will continue to be serviced until May 2017.

Currently Microsoft plans to only support the two latest versions of Windows 10, and expect most users to remain current with the latest version of the OS via automatic updates, a practice which has been criticised but which means that more than 75% of Windows 10 users are on the latest public version of the OS.

Privacy Awareness

Tue, 21 Feb 2017 00:00:00 GMT

Every year on January 28th, the world celebrates Data Privacy Day. But keeping data safe and out of the wrong hands isn’t a once-a-year task. Today, keeping your data private is a daily task—one that involves an understanding of new data protection regulations and cyber security best practices. Here are nine predictions to help you understand what data privacy and security will look like in 2017.

Privacy and security will clash. There will be a major clash between privacy and security, as advances are made on both fronts from various legislative actions. On the one hand, countries are working to expand their surveillance of data communications and streamline law enforcement access to computers and data. For example, Britain’s new Investigatory Powers Act (Snooper’s Charter) will require ISPs to keep logs of all websites visited by UK citizens for 12 months and which websites were visited but not the pages and not the full browsing history. It also allows police authorities and intelligence officers to see users’ Internet records as part of their targeted and filtered investigations without a warrant.
On the other hand, data protection laws, such as the EU GDPR, which will go into effect on May 25, 2018, will restrict how businesses collect, store and use personal data and institute enforcement mechanisms to ensure businesses are reporting on data breaches in a timely manner to governing bodies. For example, businesses will be required to notify supervisory authorities of a data breach within 72 hours.
Second-hand electronics will cause headaches for many businesses. The rise in second-hand electronics will become a data recovery nightmare for both businesses and end users. An independent analysis of used drives and mobile devices from online sites like Amazon, eBay, Gazelle and Craigslist have shown this to be true with large amounts of sensitive personal data and corporate data recovered, including customer lists, Salesforce records, spreadsheets with sales information, company emails, social security numbers, financial details, photos, videos and so much more. This calls into question certain ‘reliable’ methods many businesses and people are using to supposedly ‘delete’ data. But many of these methods (i.e. quick format, basic delete, factory reset) are not actually effective and leave a treasure trove of data exposed to hackers.
Companies will leave data behind. Companies that go out of business – or shut down part of their operations/physical locations – need to add secure data removal into their ‘close down’ procedures. If they don’t, hackers could easily discover sensitive, confidential corporate data that’s been left behind in online backups, orphaned data stores, servers and virtual machines.
The Internet of Things will expand. IoT will create a morass of personal and corporate data on millions of connected devices. The only way to ensure all that connected data doesn’t fall into the wrong hands is to create a system of processes and tools that make it easy to manage, protect and securely erase all data on-demand. The important piece here will be in providing proof that the connected data has been removed and cannot resurface at any given point in the future.
Hackers will turn recent proof of concept exploits into attacks. This will allow them to mine poorly wiped virtual machines. Essentially, they’ll be able to steal credentials and other critical data. Organizations need to ensure they know where their data resides, especially when it comes to the cloud. Processes must be put in place to ensure that virtual machines are permanently and verifiably erased when they are no longer needed.
Ransomware, spear phishing and direct attacks will be a triple threat. The triple scourge of ransomware, spear phishing against corporate treasury functions and direct attacks on central banks will continue to drive investments in new security technology. On the endpoint, new technologies that use machine learning are being deployed to catch malware without needing signatures. Learning and training systems are being deployed to reduce the number of successful spear phishing attacks. Central banks are, in turn, beefing up their own cybersecurity practices and requiring partners to do so too.
Quantum computing research will continue. Nations will continue to make large investments in quantum computing research with the goal of being the first to engineer a major breakthrough. The winner in this new arms race will have a short-term edge (and leverage) in the world of technology. On the one hand, this will create a crisis for all cryptography since quantum computing is theorized to be extremely effective at breaking even the largest key. On the other hand, it will create an opportunity for post-quantum crypto start-ups. New methods of encryption will be proposed that are impervious to cracking with quantum computers.
Denial of Service attacks will be broken. In 2017, all records for large distributed Denial of Service attacks will be broken. Every organisation that depends on connectivity for communicating with their customers or providing a service should have a plan in place for dealing with DDos attacks. This means redundant systems for computing, DNS and connectivity, and a recovery plan. Look for single points of failure because the attackers will find them.
Where data is stored will matter more. The geographical preferences for where data is hosted will increase. For example, companies may want to host data in the UK or elsewhere. This will then require businesses to migrate data, which in turn, will trigger the need to permanently erase data from old locations. And this will need to be done on a large-scale basis for big companies – and will require specific processes to ensure the data migration project was done properly and that ‘old’ data was properly removed.

See the original article here .

HP Notebook Battery Safety Recall and Replacement Program

Tue, 21 Feb 2017 00:00:00 GMT

Program expanded in January 2017. It is essential to recheck your battery, even if you did so previously and were informed that it was not affected.

If you have already received a replacement battery, you are not affected by this expansion.

In January 2017, in cooperation with various government regulatory agencies, HP announced an expansion of its ongoing worldwide voluntary safety recall and replacement program for certain notebook computer batteries, which was announced in June 2016. The program has been expanded to include additional batteries that were shipped with the same notebook products. These batteries have the potential to overheat, posing a fire and burn hazard to customers.

Because these batteries pose a fire and burn hazard, it is essential to recheck your battery, even if you did so previously and were informed that it was not affected. However, if you have already received a replacement battery, this expansion does not affect you.

The affected batteries were shipped with specific HP, Compaq, HP ProBook, HP ENVY, Compaq Presario, and HP Pavilion notebook computers sold worldwide from March 2013 through October 2016, and/or were sold as accessories or spares, or provided as replacements through Support.

Customers should cease use of affected batteries immediately. Customers may continue to use their notebook computer without the battery installed, by connecting the notebook to external power. HP’s primary concern is for the safety of our customers. HP is proactively notifying customers, and will provide a replacement battery for each verified, eligible battery, at no cost. For customers with 10 or more potentially affected batteries, HP has put in place a process to assist with the validation and ordering process. For details please refer to the FAQs tab on this website.
Getting Started

Note: Not all batteries in all HP, Compaq, HP ProBook, HP ENVY, Compaq Presario, and HP Pavilion Notebook Computers are affected.

Click here to find out if your battery is affected.

Bank Email Scam

Tue, 21 Feb 2017 00:00:00 GMT

Of the many methods, scammers seem to use the bank scam email approach on a frequent basis.

Always treat any communication from the bank with skepticism and keep in mind:

Your bank
will NEVER ask you for your Internet banking password or your card PIN.
will NEVER ask you to download any software onto your computer
will NEVER ask you to grant the bank remote access to your computer

If you are not sure, ask for the caller’s details and call you bank to verify the caller

Never give out your personal or financial details
Don’t click on links in emails even if they seem legitimate
Always ensure there is a security symbol in your browser.

See some further information on this on ANZ's website here .

Amazon Echo

Tue, 21 Feb 2017 00:00:00 GMT

Alexa, a cloud-based speech recognition software from Amazon and the brain of its black cylindrical loudspeaker Echo, has been a big hit around the world – except for the younger ones, who take it for granted. Children will grow up alongside it, just as Alexa will evolve, as the AI powering it learns to answer more and more questions, and perhaps one day even converses freely with people.

For further information on the advancements to speech recognition, visit the original BBC article here .

Google PhotoScan

Tue, 21 Feb 2017 00:00:00 GMT

PhotoScan is a new scanner app from Google Photos that lets you scan and save your favourite printed photos using your phone's camera. Picture perfect and glare free....

Create enhanced digital scans, wherever your photos are.

This is a great app if you are out somewhere and there is, say a old black and white photo of one of your ancestors. The app guides you through a process of photographing the picture in segments then seamlessly joining it up to reproduce the original photo.

The Risk from the Internet of Things

Fri, 20 Jan 2017 00:00:00 GMT

The Internet of Things has experienced a huge surge in growth and popularity thanks to its main stream exposure due to the likes of smart TV's, Internet fridges, smart grids, and smart homes.

With the inclusion of anything from urban transport to medical devices to household appliances, the Internet of Things has become a large part of our lives. These unusual "smart objects" or "smart devices", that have never been capable of inter-networking on a global scale before, have for the most part made our lives easier. However as with all new developments, it's also brought its own fair share of risks. Cyber criminals have more ways than ever before to make money off the unaware, underprepared or uneducated.

Unsecured Devices
More often than not, the security functionality embedded within the IoT device is largely insufficient, due to a lack of local resources or capacity. A good example of this are car manufacturer’s like Land Rover; having to recall vehicles for instance, because their on-board computers had security weaknesses that allowed criminals to easily steal them, or in extreme cases, even control them remotely. Ultimately however, security will need to be built into IoT products by the vendors. Cheap, ubiquitous, and insecure IoT devices are ultimately the cyber criminal’s best friend.
Weak Entry Points
IoT devices that are poorly secured on networks; with known or easily guessed passwords and passcodes are the ideal point of entry for cyber criminals. It’s even better if the device happens to be a router or network control device, as the criminals can modify the firewall and network services to their nefarious ends. Even so called “risk-free” endpoints, such as Internet fridges, have potential exploits because of susceptible functions such as sending emails. To help combat this, IoT devices need to be protected, by locking down admin rights and changing default passwords by adding in as much complexity as possible. It may also pay to segregate IoT devices to a firewalled and possibly non-routable network.
Surveillance Hijacking
Have you got a PC or laptop with a webcam? Cyber criminals can potentially use your computer’s camera to see into your home or office, and even listen in if they can get access to your device’s microphone. This breach isn’t just limited to visual and audio access however – a compromised IoT device on your network can passively and actively learn about the rest of your network. Due to their common operating system, hackers have a good chance of installing common malware to learn all they can about you or your company. This again reinforces the fact that all your IoT devices need to be locked down, and not just the central control point. Regular security sweeps should be done to check for unusual behavior, and be prepared to reset devices back to their factory settings. Where possible it would pay to isolate your IoT devices from your main network.
Hijacked for Criminal Activity
IoT in the health care sector presents an exciting opportunity, not just for passively collecting patient observations, but also controlling medical devices in real time, in response to collected observations. Imagine a heart monitor for instance, that constantly sends heart data to a system that analyses it, along with blood oxygen levels etc. It then decides to modify one of the control units – maybe to deliver a drug to the patient. In the wrong hands, this setup could result in death. Accessing other IoT devices can offer cyber criminals a lot of control over your life, especially keyless entry systems for your home, garage, gate, or car that can be cloned to give the criminal physical access. It’s essential for users to choose IoT products with proven security credentials. Greater security will likely cost more than the weaker IoT devices.
Unknown Network Use
Do you know how much of your home or business infrastructure is IoT connected? Recently an independent security organisation scanned the 900 MHz bandwidth used by IoT wireless devices and much to their client’s astonishment, found that their HVAC system was IoT-connected. The client didn’t know this and wasn’t responsible for its security. The HVAC devices were also identified to have default passwords and very little in the way of security. If a hacker had gained access to these devices, they could have caused a potentially devastating amount of damage to the business. This is a good lesson for all of us, businesses need to scan for IoT devices on their network constantly. Ultimately, company’s need to know what is normal before they can know isn’t normal, and take necessary actions to correct it.
Convenience and Price over Security
Security can fall by the wayside if IoT vendors are trying to provide an Apple-like experience of simplicity and convenience, or attempting to compete based on price. Plug-and-play without configuration should not be possible – some configuration by the consumer is needed so they can at least program the IoT device with a passcode or password that only they know. If you just plug a device into your network without any configuration, then you have more than likely created an opportunity for a cybercriminal. Consumers need to be more technology-savvy and vote with their wallets – only buying products that are offering sufficient levels of security. Industry standards don’t exist for IoT device security, and many products are not interoperable using differing technologies. Therefore, the best way for consumers to become IoT-security savvy is to educate themselves by talking to industry professionals like Computer Culture.
You can’t secure insecure IoT Devices
Some IoT devices, especially those that offer plug-and-play installation, can be difficult, sometimes impossible, to configure – especially devices that are embedded and need special diagnostic equipment to interface with them. In this instance, the user needs to check whether (and how) the IoT device is configurable and securable. If it’s not, they need to think twice about purchasing it due to the inherent risks of adding an insecure IoT device to their network. The fact that the device can be a household device, such as a fridge, is unimportant. Security research has shown that hackers can use Internet fridges to send spam and learn about the rest of the network its connected to, for a future criminal act.
Forgotten IoT Devices
People can sometimes forget about older or unused devices, and some of these will likely be IoT-enabled. These devices might not be monitored or maintained but are likely to remain on the network. These devices have the potential to become a risk over time as security exploits are left unpatched. Once an attacker finds such a device, they will find a way to hijack it. These devices need to be repurposed or disposed of in an appropriate and secure manner.

If your concerned about your IoT devices and want to know what you can do to help mitigate these issues, come talk to one of our friendly team.

Mobile Devices Etiquette

Fri, 20 Jan 2017 00:00:00 GMT

Many of us have become very dependent on our mobile phones and unfortunately along the way, a lot of us have developed some bad habits.
How often do you see someone crossing the road while texting or talking on their phones?
Walk through a busy mall and you are constantly dodging the same people, their heads down and not watching where they are going. If you sit down for a coffee, it almost seems as though every second person has their smart phone out. I always wonder if couples are texting each other across the table, rather than having to engage in conversation.
Attend a function and invariably several phones will start ringing in the middle of a presentation.

We all need to look at our own behaviour and dependence on the phone.

I recently received some good advice from my son. He said we should treat our phone as if it was a handgun. In private you can take out and admire and play with it, but in public it should stay out of sight. The good thing about smart phones is you can turn off the sound or even more radical, sometimes you could turn the phone off completely.
Most of us are not that important that we need to be available every minute of the day.

New Technology

Fri, 20 Jan 2017 00:00:00 GMT

IoT and Smart Home Tech.
We will see much more integration and development in the Internet of Things and Smart Homes area with Amazon, Google and Apple getting involved.

AR and VR.
We will see significant developments in the augmented reality (AR) and virtual reality (VR) technology with companies producing software and apps.

Machine Learning.
Machines and systems using a type of artificial intelligence will become much better at recommending products based on prior purchase history to gradually improving the user experience.

Automation.
Advanced technology will enable the automation of previously human-exclusive tasks.

Physical-Digital Integrations.
We will see more use of our smartphones to find and pay digitally then collect the goods from a physical location

Everything On-Demand.
To satisfy our desire to have everything on demand through our smartphones, we will see many more of the ‘Uber’ type apps

Selfie Drone

Sun, 18 Dec 2016 00:00:00 GMT

Lastly something fun for Christmas. We haven’t tried one of these ourselves, but they look like fun.

JJRC have released a foldable G-sensor Mini remote controlled selfie drone for under $60.

It has altitude hold, WiFi for smartphone remote control, 720P video and selfie camera, 6 axis gyro plus 3D flips and rolls.

See a video of it in action here .

Must Have Apps

Sun, 18 Dec 2016 00:00:00 GMT

We all have our favourite phone apps and we have been featuring a number in our past newsletters. Some users just use their smart phones for making calls, texts, taking photos and the occasional visit to Facebook.
Here is a list of some of the apps that our staff use to get more out of their smart phones.

• AA Smartfuel
• Air NZ
• Bank App
• CellarTracker
• Dropbox
• Evernote
• Entertainment
• Facebook
• Fly Buys
• Google Drive
• Here WeGo
• iTunes
• Kerbside Collection
• LinkedIn
• MetService
• Netflix
• Office Lens
• OneDrive
• OneNote
• Shazam
• Skype
• Sky TV
• SkyGo
• Snap Send Solve
• Spotify
• SoundHound
• Stocard
• Stuff
• Trade Me
• TradeMe Property
• Twitter
• YouTube
• Viber
• Uber
• Wunderlist

Charity Donation

Sun, 18 Dec 2016 00:00:00 GMT

Computer Culture, in partnership with the McPhail Foundation Charitable Trust and Ford Baker Valuation have recently donated computers to pupils from Bamford Primary School.

Generally the computers we donate are for underprivileged school children that don’t have access to computers at home.

We still need a small number of LCD screens to enable us to complete this worthwhile project so if you have any good quality surplus LCD monitors, we would gladly come and pick these up.

Cybercrime

Sun, 18 Dec 2016 00:00:00 GMT

When most of us think of hackers, we conjure up images of a spotty teenager sitting in a darkened room trawling the Internet on their laptop. Cybercrime, however is a massive and highly organised industry. It is now larger than the international drug trade with larger sums of money being made. Last estimate put it at $445 billion a year.

Although you rely on your IT company to provide advice on how to make your network secure and to ensure that systems are managed and software constantly patched, organisations must take some responsibility and internal precautions.

Sophisticated protection can be undone by careless employees. A great analogy is trying to protect your home from the bad guys. You can believe that you are safe when you have reinforced concrete walls, bars on the windows, triple locks on the doors, a clever alarm system and CCTV surveillance cameras. This protection is completely undermined when the bad guy walks up and rings the front door bell and a member of your family opens the door and invites him in.

In other words, a company’s employees can be weakest link in the effort to thwart cybercrime. Few now fall for the scam where they offer you a share of $20 million dollars which has been left by someone in Nigeria. But cybercriminals are always one step ahead of the security firms and their methods are becoming very sophisticated.
Here is some brief advice that may save some grief:
Start with strong passwords and change them on a regular basis.
Don’t click on links before inspecting the internet address
Don’t open attachments unless you are 100% confident that these are genuine (an executable file can be dressed up to look like a PDF)
Most of all be incredibly distrustful.

Just to show you how dangerous the Internet is, there are 5 new malware programs discovered every second.

The Microsoft Surface Studio

Tue, 22 Nov 2016 00:00:00 GMT

Arriving early 2017.

The Surface Studio is designed for the creative process. The 28” PixelSense™ Display gives you a huge canvas for all kinds of work. Use it upright, or draw on it like a drafting table.

Surface Studio, with its strikingly large and incredibly thin 28” PixelSense™ touch screen Display with a 4500 x 3000 resolution, lets you visualise ideas as you paint, edit, and design. Then watch those ideas leap off the screen with 13.5 million pixels of true-to-life colour and clarity.

This stunning desktop computer is available in either i5 or i7 CPU options, 1 or 2TB hard drive versions and can take up to 32GB of memory.

Check out the video of it in action here .

See the friendly sales team for more info.

Android Phone Risk

Tue, 22 Nov 2016 00:00:00 GMT

Within the past week a serious security breach has been discovered with some models of Android phones manufactured in China. It appears that these phones have had a back door created which sends call logs and text messages from that phone back to servers in China.

This breach now appears to be more serious with a rootkit found in the Ragentek firmware which is used in certain phones, which could affect up to 3 million phones. The manufacturers include Doogee, Leagoo and Infinix, however other models sourced directly from China could also be involved

Our advice is to only purchase smart phones from a trusted New Zealand provider.

Office 365 Changes

Tue, 22 Nov 2016 00:00:00 GMT

Until now, Microsoft Access was only included in the Office 365 ProPlus, E3 and E5 plans. Microsoft today announced that they are including Microsoft Access in the Office 365 Business and Business Premium plans so that small and mid-size businesses can get access to this great database management solution.

Microsoft Access will be automatically installed for Office 365 Business and Business Premium customers as part of their next regular Office client update, rolling out between December 1, 2016 and January 30, 2017. Customers who have updates set to the Deferred Channel will receive this update in June 2017.

Follow this link to see all the improvements in Office 365.

Keep your computers clean

Fri, 28 Oct 2016 00:00:00 GMT

A couple of weeks ago we had a customer's desktop PC in for a service and it presented us with a timely reminder just how quickly dust builds up in a computer system. This is compounded if the system is in a dusty environment and runs continuously.

The particles in the air in Christchurch are from dust off the cultivated plains and the ongoing demolition and construction work.

It is hard to prevent dust from intruding in to a server or workstations as these devices need air to keep the processor and power supply cooled.

A regular clean will keep this under control and reduce the risk of overheating due to the dust build up. In extreme cases, too much dust build up has caused fires.

Computer Culture can carry out this cleaning maintenance over the Christmas break which reduces the risk of system malfunction and a potential office fire!!

End of mainstream support

Fri, 28 Oct 2016 00:00:00 GMT

For those of you using a Windows 7 machine, Microsoft has ended mainstream support for this operating system.

There is no need to panic as your system will still work and receive security updates. Mainstream support mainly refers to free phone and online support, as well as non-security updates, which are offered for five years after the release of an OS or two years after its successor hits the market.

Microsoft won't end security updates for your Windows 7 PC until January 2020. By that time, Microsoft hopes you will have upgraded to the latest version of its operating system.

The cost of downtime

Fri, 28 Oct 2016 00:00:00 GMT

Since the disruptions caused by the earthquakes, a lot of Christchurch companies have a better idea of the true cost to their businesses when they can’t trade.

Many overlook the fact that the cost of an employee is much higher than the hourly rate he or she is paid.

If we add to that the cost of lost sales and fixed costs such as insurance and rates then it all gets a bit scary.

One of our clients calculated their downtime at $3,000 per hour. At that rate, losses start to mount up quickly.

Computer Culture’s role is to help you put in place systems which will enable a company to get back up and running in the shortest time possible, therefore reducing the downtime cost.

The Computer Culture Way

Fri, 28 Oct 2016 00:00:00 GMT

Since its inception, Computer Culture has strived to develop a culture where the team and customers are genuinely cared for and only the best solutions are provided.

Our processes are continually reviewed and enhanced to enable us to deliver on our promises.

Our vision, what we stand for and our culture are reflected in our Core Values:

We care about people
We provide the best solutions
We build Computer Culture to deliver excellence

How to avoid Ransomware

Fri, 28 Oct 2016 00:00:00 GMT

Make sure you have a good understanding of your computer network, what the key assets are, and their locations and how these are protected
Keep all your software up to date, including operating systems and applications
Back up all data to a secure, offsite location. ("air gapped")
Segment your network: Do not have all your data on one shared location accessible by everyone in the company.
Implement staff training on safe cyber security practices
Have a communication strategy so that you can quickly inform all the staff if a virus reaches the company network.
Get your IT company to perform penetration testing to find any vulnerabilities.
Arrange cyber cover through your insurance broker
Talk to your IT Provider

Safeguard your property and valuables with SNAP

Fri, 28 Oct 2016 00:00:00 GMT

SNAP is an initiative of the New Zealand Police, aiming to prevent burglary, and make it harder for criminals to sell stolen goods in New Zealand.

They have developed a free asset registration website. Where you can add your valuable property along with the serial numbers.

The SNAP Asset List Tool is secured using the high-security New Zealand Government igovt logon service. Your asset list can only be accessed by you.

See here for more information.

How to track your vehicle on the cheap using your smartphone

Fri, 28 Oct 2016 00:00:00 GMT

Lost your car and can’t remember where you parked? It happens to the best of us: wandering aimlessly through parking lots, clicking the panic button on your key chain to get your headlights to illuminate. Now there is a cheap solution to one of life’s most annoying problems.
You don’t need some high-end radio transponder to keep tabs on your car because now there is an easier, much cheaper solution.
Standalone GPS and radio triangulation units can cost hundreds. And that’s not counting the installation and (frequently hefty) activation and monthly fees associated with whatever service you do choose. For most of us, it’s overkill. The good news is that some of life’s biggest problems seem to be disappearing because of new technology. If you frequently forget where you parked your car, there is a tiny gadget and app that could be what you’re looking for.
Trackr is a small and discreet device the size of a coin that is revolutionizing the way people track their vehicles using their smartphones.

Microsoft Windows 10 Anniversary Update

Tue, 20 Sep 2016 00:00:00 GMT

Microsoft often sends out important updates for their operating system and they’ve recently released the Windows 10 Anniversary Update, packed full of features requested by their customers.
This is an automatic download but if you don’t have it yet and want to manually download it, click here .

A PC in your pocket

Tue, 20 Sep 2016 00:00:00 GMT

One of our team attended the preview last week of the new HP Elite X3 Windows 10 Phone. This is HP’s latest venture in to the phone space, but they see this more as a tiny computer with phone capabilities.
The Elite X3, once back in the office, can be slotted into a small dock which has a monitor, keyboard and mouse connected. The phone then becomes a desktop PC allowing the user to run the phones applications on the big screen.

There is also a “laptop” option which is basically just a screen, keyboard and battery which once the phone is connected behaves like a laptop. This laptop device can be left in the glove-box of a car without concerns of losing data as the applications and data are held on the phone.

This is a powerful and small device which will be ideal for users who need mobility and want to cut down on the number of devices they use.

Dropbox Password Change

Tue, 20 Sep 2016 00:00:00 GMT

Sometime during 2012 a large number of the free Dropbox accounts had the login and password details hacked. There was considerable publicity at the time and users were urged to change their passwords.

Unfortunately, it does appear that many people didn't react to this warning as they may have either missed the publicity or just plain forgot.

Dropbox has recently asked users that haven't changed their password since, to now do so.

Personal Hydroelectric Generator for your device

Tue, 20 Sep 2016 00:00:00 GMT

Hydropower was used by farmers in ancient Greece to grind grain and today is used in iconic locations like Nevada with the Hoover Dam. But a start up in South Korea have revealed a hydropower device called the eStream, which converts running water into electricity, so you can charge your phone and other USB devices. The eStream is about the size of a water bottle with a turbine that rotates underwater and generates electricity that gets stored in a built in battery. This takes about 4.5 hours to charge fully. A full battery can charge up to 3 smart phones, cameras or other USB devices. Click here to see the eStream in action.

20 Amazing features in Office 365

Tue, 20 Sep 2016 00:00:00 GMT

Office 365 is Microsoft's subscription based model for providing their software to users. The service consists of a number of different products and services, and all of Office 365's components can be managed and configured through an online portal.

Let PowerPoint design your presentation
Drop an image into your presentation and a new feature called PowerPoint Designer will automatically give you choices on the best way to display it. This lets you create a professional presentation faster, with less hassle.

Use PowerPoint 'Morph' to make the stuff on your slide automatically move
PowerPoint has a new transition called Morph.
Simply duplicate a slide, move stuff around on the second slide and when you play the slideshow, your objects will move from where they are to where you placed them. No animation or programming needed.

Use the 'tell me' box to get help
Tell Me lets you ask Office how to do something using regular language, similar to how you might search in Google.
You can ask it to show you how to 'insert a photo' or 'add pic' or even just type 'picture' and it will help you what you’re looking for.

Do Bing searches from within documents
No need to fire up a browser to look something up on the Web.
Just right click on a word, then click 'Smart lookup' and a Bing search will pop up in a window inside your document.

Find your most important emails with the Focused Inbox
Similar to how Gmail offers its uses 'Priority inbox' where it shows you what it thinks are your 'Important emails,' Outlook offers the 'Focused inbox.'
It looks at how you organise your mail and puts the messages it thinks are most important into a 'Focused' folder, with the others moving into an 'Other' folder.

Use 'ink' on the iPad Pro
With the new iPad Pro, Office apps support 'ink' just like they do on all Windows tablets.
Choices include pens, highlighters, an easy-to-use thickness control, and a new colour wheel. Using the Apple Pencil, you can also draw and mark-up documents.

Try some Outlook add-ins Find them on the Office Store.
Starbucks - With the Starbucks add-in for Outlook, you can send Starbucks e-gifts within Outlook and schedule meetings at nearby Starbucks locations instead of a conference room.
PayPal - Access your PayPal account to send money to others through email with the PayPal add-in for Outlook. This is available for Office 365, but the add-in can also be used by Outlook 2013 users.
Uber - With the Uber Outlook Add-on, you can set up an Uber ride reminder for any calendar event. Once you set up the Uber reminder, it sends it to your phone at the appointed time with the destination already set. Swipe the notification to confirm your Uber ride.
Boomerang - Boomerang will schedule emails to send at a later time, remind you to follow up if you don't get a response and add a calendar assistant that lets you schedule meetings and share your availability right from Outlook.
Delve - If your company is using the Enterprise edition of Office 365 and is storing documents in OneDrive for Business, or Microsoft's onsite app SharePoint, then you have access to Delve.
Delve is a search tool that automatically shows you the popular documents and other important content in your company. You can also use it to see what co-workers are working on by clicking on their names.

Set up a joint project-management planner for your work group
Microsoft just rolled out a new feature called Microsoft Planner to all the folks with an education or business edition of Office 365. It's like a joint to-do list on steroids for a work group.
With Planner, teams can assign and collaborate on tasks, set due dates, update statuses, share files and a dashboard keeps everyone in the loop.
When it becomes available, Planner will appear in the Office 365 app launcher.

Set up a work group for your teammates with Office 365 Groups
By setting up your team as an Office 365 Group, the team gets a shared Outlook inbox, OneDrive for Business folder, and a plan in Office 365 Planner.
If your version of Office supports groups, you can set up the group via the web version of Outlook or through OneDrive for Business.

Add a poll to your online presentation
Microsoft Sway is Microsoft's online presentation software, an alternative to PowerPoint, that makes it easy to add internet photos, videos, material from your computer, or your Microsoft cloud to your presentation
You can also add a live poll to it, with PollEverywhere.com. Create the poll and embed it into Sway.

Use GigJam to share just parts of documents
A new sharing app called GigJam that you download to your phone, let's you temporarily show and share bits and pieces of an Office 365 file with others.
Send a bit of text to one person to review, and a photo to another person.

Have multiple people edit the same document at the same time
Everyone can edit a document at the same time in Word, PowerPoint or Excel.
You can see the changes as they make them and who is doing the editing.

Skype with co-workers while working on a document
If you are collaborating with others on a document and it's stored in OneDrive for Business, you can click a 'Chat' button to chat with everyone working in the document over Skype.

Turn rows of data into a map
For those with business editions of Office 365, Excel includes a feature called the Power Map.
It helps convert rows of data into images. And if that data is geographic in nature, Power Map will put it on a 3D map.
If your version of Excel supports Power Map, you'll find the button under Insert/Map.

Let Excel reformat your data
You know how powerful Excel's Fill Down 'Control -D' command is?
With a feature called 'Flash Fill' Excel sees what you are doing and does the rest of it for you.
For example, say you’re changing the formatting of a list of people's names from being spread across two columns (first name, last name) into a single column. When you type the second reformatted name, Excel displays the whole list, reformatted. Just click to accept it.
This feature isn't brand new (Office 2013 users have it) but it is currently only available for Windows users, not Mac users.

Scan your whiteboard or meeting notes and make them readable
The free Office Lens app for iOS and Android turns your phone's camera into a scanner.
Take a picture of a whiteboard or document and it reads it and puts into Microsoft's note app, OneNote.

Strengthen Passwords

Tue, 20 Sep 2016 00:00:00 GMT

Passwords are a continual problem.

We rely so much on them to secure our company systems, our secrets, our customers’ private information, and yet we typically leave it in the hands of our staff to choose their passwords safely.

That’s why passwords like “123456”, “qwerty”, “abc123”, “letmein”, “qazwsx”, “iloveyou”, “trustno1” and, yes, even “password” are so common.

Those are obviously all terrible passwords and yet they’re horrendously typical choices for users.
However, most users balk at the idea of coming up with a unique, nonsensical jumble of characters to secure their accounts.

One thing you can do to try to reduce the chances of users choosing poor passwords, is to build appropriate rules that are required to be met for a password to be deemed acceptable.

The US National Institute of Standards and Technology (NIST) have taken on this challenge, and are developing proposed improvements to password requirements. The hope is that the proposed guidelines will be adopted as a template by organisations and developers outside of the US government.

According to NIST, these are some of the things you can do to improve your passwords;

Minimum length - NIST says passwords should be a minimum of eight characters long. Note that that’s not a definite minimum, more sensitive accounts may require a larger minimum length for passwords.

Maximum length - If there has to be a maximum length limit for a password at all, it should be no less than 64 characters. Adopting a maximum length limit of no less than 64 characters encourages users to choose a memorable pass phrase rather than a password.

No banned characters - NIST says that all characters should be allowed in a password. You can even use UNICODE characters if you wish, which will no doubt please those addicted to their emojis.

No common passwords allowed - Applications and websites should check proposed passwords against a dictionary of commonly-used and known bad passwords. No more “password123”, “il0veyou”, or “baseball”.

No password hints - The problem with password hints is that they weaken authentication. “Rhymes with farce-word”. If you don’t allow users to store a password hint, there is no chance that it will be accessed (and abused) by an unauthorised party.

No periodic password changes unless evidence of compromise - Many think it’s a good idea to regularly change your passwords, but evidence suggests that it leads to poorer password choices by users. Of course, if there is a good reason to change a password then the password should be changed.

NIST’s password requirement proposals still require final approval, but the hope is that they will pass sooner rather than later.

And if other organisations outside the US federal government adopt the guidelines for their own password requirements that has to be a good thing for the security of all of us.

Backup Essentials

Fri, 19 Aug 2016 00:00:00 GMT

Backups are so important, hence why we bring them up a lot! Recent cyberattacks have proved how critical having a recent reliable backup is.

Here are the 5 most important features that make up a good backup solution:

The backup is automated - Less human interaction is best. Set and forget
Backups are run on a schedule - Minimum of one per day, however we prefer 15 minute incremental backups
The backups are stored offsite - A copy of the backup is either copied to an offsite location or taken offsite
Backup jobs are monitored and reported - This ensures you know your backups are working
Test restores are regularly carried out - Gives you piece of mind to know you can restore the data if and when required

New Zealand Post Scam

Fri, 19 Aug 2016 00:00:00 GMT

Security scams are big business these days. New Zealand Post has issued a warning about a scam email alerting people they have a parcel waiting for them.

The subject line and content of the email message typically describe a parcel or package not being delivered, due to nobody being home. Recipients are then asked to click on the link to “print the package info” to take with them to claim the parcel.

It says NZ Post will keep the package for a number of days, and then you will start being charged a fee for them to keep it for every hour thereafter. Details seem to vary, some emails have differing days and differing money amounts per hour.

NZ Post are aware of the scam email. “This is a phishing email designed to gather personal information from customers. Our advice to anyone who receives this email is to delete it, and not to click on the link contained in the email.”

General tips for recognising this and other scam emails:

If you weren’t expecting a parcel, then that should make you wary
It is very rare anyone will ever ask you to enter personal details into a website and if you are asked, you should check and investigate further before doing so.
Never go to an important website using a link, such as your bank. Instead manually browse to the address of the website by yourself.
Banks will never ask for pin numbers or passwords
Never send personal sensitive information or credit card numbers via email.
If you think an email seems like a scam, then it probably is! Never click a link in it.
Look for spelling and grammar mistakes
If in doubt, pick up the phone and call the company using the number you find yourself. Don’t call any numbers listed in the email you have received.

HP Battery Issue

Thu, 21 Jul 2016 00:00:00 GMT

HP last week announced a worldwide voluntary safety recall and replacement program for certain notebook computer batteries. The affected batteries were shipped with specific HP, Compaq, HP ProBook, HP ENVY, Compaq Presario, and HP Pavilion laptops sold worldwide from March 2013 through August 2015.

These batteries have the potential to overheat, posing a fire and burn hazard. It is extremely important for customers to check whether their batteries are affected, and to cease use of affected batteries immediately.

Not all batteries in all HP, Compaq, HP ProBook, HP ENVY, Compaq Presario, and HP Pavilion Notebook Computers are affected. To check whether your HP laptop is affected, download this utility from HP .

4 Reasons to upgrade your workstations and laptops

Thu, 21 Jul 2016 00:00:00 GMT

Reduce repair costs
Computers older than 4 years old, on average cost 1.5 times more in repair costs than newer computers.

Improve Performance
Compared with 5-year-old computers, new Windows 10 devices can have performance increase of up to 2.5 times with up to 3 times the battery life.

Better Security
Modern computers can protect against botnets and rootkits which will prevent malware taking over the computer’s boot process.

Increased productivity
Computers older than 4 years can result in more than twice the amount in lost productivity by the user.

Protecting your Privacy from Google

Thu, 21 Jul 2016 00:00:00 GMT

Google have provided a new tool, "My Activity" which can help you protect your privacy online and delete your history.

Google probably knows you better than your closest friends and family. With every search you make or YouTube video you watch, the search giant is quietly collecting information for a personalised profile it uses to serve you targeted ads.

My Activity is basically a timeline that shows you what Google has saved about your online activities going back as far as they have been tracking you.

You can find it by going to myactivity.google.com. You will need to sign in with your Google account and password.

Once you have logged in you should see a long chronological list of things you’ve done using Google’s services – the searches you’ve made, videos you’ve watched on YouTube, and so on (assuming you haven’t already used Google’s privacy controls to block the collection of certain information).

Yup! If you don’t want Google remembering that ‘plantar warts’ search or when you binge watched videos of a cat in a shark costume riding a robotic vacuum, it’s pretty simple to erase.

First, you need to find the record you want to delete, which is made easy with the search bar at the top of the page.

Once you’ve found the shameful bit of your online past in the timeline, you can open a little menu by clicking on the three vertical dots on the right side of the record. Select the delete option on that menu, and voila – Google will forget it.

You can also delete things in bulk by clicking on the three dot menu at the top of the timeline, choose ‘‘Delete activity by’’ and selecting a date range to erase on the next page. If you want an entirely blank slate, opt for the ‘‘All Time’’ option.

How to stop Google tracking your data

You can ‘‘pause’’ Google’s data collection whenever you want.

Go to myaccount.google.com/activitycontrols. From there, you can tell Google to stop saving information about things such as your searches, location history, and YouTube watching habits.

But if looking back through your My Activity timeline has you a little paranoid, it’s probably also worth running through Google’s Privacy Checkup.

That feature, which can be found at myaccount.google.com/privacycheckup, uses a simple interface to not only help you manage what data is being saved by Google, but also things like what information about you may be public through services like Google+.

Is there a downside to erasing my history?

Well, there’s definitely one for Google: The search giant makes the vast majority of its money from distributing targeting ads, which is made easier by the trove of data that they have about users’ online activities.

But that means that limiting the data they save will probably result in you seeing ads that are less relevant to your interests.

And beyond ads, Google uses the information to help personalise their products to users’ preferences, which can mean a more convenient online experience.

For instance, Google has said that letting it save your search history can mean that it returns results quicker and letting it hold on to location history can help it suggest better commute options in its Maps product.

Ransomware - heading your way in macro enabled Word documents

Thu, 21 Jul 2016 00:00:00 GMT

Recently we heard about a file containing a malicious macro (this is a small program, that once run expands into something larger) that Microsoft have flagged under a family of Trojan viruses that have been targeting MS Office software for several years.

The problem was, there wasn’t an immediate, obvious identification that this file was actually malicious. It’s a Word file that contains seven VBA (Visual Basic for Applications – the programming language used within Office to develop Macros) modules and a VBA user form with a few buttons.

These modules appeared to be legitimate programs powered with a macro; no malicious code found there … However, after further investigation Microsoft noticed some anomalies within the macro. These anomalies cause the macro to connect to a URL and download a Locky ransomware payload.

This means the Locky virus will be downloaded to your PC if macros are enabled when opening the Word file in question.

We strongly suggest that to help prevent Office-targeting macro-based malware from infecting your system, you only enable macros if you wrote the macro yourself, or completely trust and know the person who wrote it.

As always, if you’re unsure about your system’s susceptibility to these attacks, or you would like some assistance preventing or dealing with this, please give us a call.

Atom Memory

Thu, 21 Jul 2016 00:00:00 GMT

Ever since the first practical computers came on the market in the 1950's, scientists and engineers have been seeking ever more compact data storage technologies, which have gone from giant drums to tiny chips. Now scientists at the Kavli Institute of Nanoscience at the Delft University of Technology (TUDelft) have developed a memory technology that achieves the ultimate physical limit by using individual atoms to represent a single bit of data.

True Ransomware Story

Fri, 17 Jun 2016 00:00:00 GMT

It only takes a moments inattention to change a normal day into an unimaginable nightmare. In this particular case, although we are still yet to verify, we are assuming an employee opened an attachment in an email which started a chain of events which had a serious impact on the company’s ability to trade.

The innocent looking email opened contained the file locking Trojan which quickly locked up the file system and prevented access to the data.

Normally we would be able to recover the damaged system by restoring the latest backup. Sadly, in this case, it transpired that the unmanaged backup had stopped working several weeks ago which took away that solution.

Due to the daily cost of the disruption a decision was made to pay the ransom, but unfortunately, this wasn’t a straight forward as one would expect. The criminal(s) behind the ransom demand, would only accept payment in Bitcoins (Bitcoin is a digital asset and a payment system, transacted online).

Under normal circumstances, setting up a Bitcoin account takes several days. Computer Culture managed to shorten the process by using a trader that accepted payment via a Smart Eftpos money machine. We had 1 hour to withdraw the cash (compounded by BNZ being down during that timeframe) and deposit the cash at the designated machine.

To shorten the story, the unlock code was sent and the majority of the data was recovered. Paying a ransom was a last resort and an action we found abhorrent. So serious is that treat that in the UK, companies are purchasing large amounts of Bitcoins to reduce the downtime in the event of a ransom attack. Prevention though is better than trying to find a cure and that is what we focus on at Computer Culture.

There are powerful lessons to be learnt from this experience.
1) Organisations need a level of security to reduce the chances of an intrusion and enable early detection.
2) Organisations need a robust and comprehensive backup system
3) These processes need to be proactively managed and reviewed.
4) There needs to be polices, procedure and staff training to mitigate the risk
5) Consider taking our Cyber Insurance (we can recommend some companies)

If you feel your site does not meet this criteria, please contact us urgently and we will help you through the process.

Protecting Your Domain Name

Fri, 17 Jun 2016 00:00:00 GMT

Contributed by Hugh Burns

Your domain name is critical to your business, both as your online brand, and also as something that controls many aspects of your day to day business operations including:

Email delivery - ensuring you get your email
Network functions - for example allowing remote access for workers
Website - ensuring your public website is up and running
Communications - for example VoIP phone systems, Skype etc

What many companies don’t realise is that they actually have no “ownership” of their own domain, and we’ll cover that issue in this article.

There are three important bits of information associated with every domain:

Registrant
Admin Contact
Technical Contact

The Registrant is the person or entity that registered the domain, and effectively owns it.
The Admin Contact is the person or entity that the registrant trusts to handle issues or answer questions about any non-technical aspect of the domain management.
The Technical Contact is the person or entity that the registrant trusts to handle any technical aspect about the configuration of the domain, for example your IT provider.

Unfortunately, what we often see is companies registering domains on behalf of other companies, and not setting these details up correctly. For example a business may get a website designed, and the company that hosts the website registers the domain on behalf of their client, and specifies themselves as the domain owner, and not the business they are registering the domain on behalf of. Remember the Registrant is the owner. If you’re not listed as the Registrant, you don’t own your own domain! If you get into a dispute with the company listed as the Registrant, the results can be disastrous. In extreme cases they could shut off email and other critical functions.

So how can I tell if my domain details are correct?

You can do what’s called a “WHO IS” lookup, which shows the information above. There are many websites that can do this for you, but here is one example: https://www.whois.net/
Enter your domain name (without www or anything else in front, e.g. computerculture.co.nz) which will return the Registrant, Admin Contact, and Technical Contact.

Our best practice recommendation is as follows:

Registrant – this should be the name of your company, not another company, and not an individual
Admin Contact – this should be the name of an individual within your company that can answer questions about the domain management.
Technical Contact – this should be someone who can handle the technical aspects of the domain, for example an internal IT person or your IT support company like us.

Please take the time to review your domain registration details. Its such a critical aspect of your business that often gets overlooked, and can have big consequences if not correct. Sometimes it can just be a timewaster trying to complete tasks like changes to email systems or websites if these details aren’t accurate.

If you would like any help with looking this information up, please let us know, or if you’ve had a look and are not happy with the current registration details, please also let us know and we can assist you with getting it sorted.

Don't Click on that e-mail

Fri, 17 Jun 2016 00:00:00 GMT

Lancom is the original source of this article here .

We often share information about malware and the danger of being targeted through the internet. However, the reality is that despite the abundance of information available warning of these issues, the emails of more and more businesses are being compromised. Email-borne risks include viruses, scams, phishing attacks and more. Knowing how to protect yourself against these attacks is challenging because hackers are dynamic and smart about how and who they target, making it difficult to know what is and isn’t legitimate.

In this article we help you to help yourself by pointing out a few common email threats and how you can identify them.

Suspicious looking emails – how to spot them

Emails are still one of the biggest vectors for malware and, though you’ve likely heard this before, every day private and commercial networks get compromised because - people open emails that they shouldn’t!
So, what should you look for?

Emails that come from known senders with attachments and links that don’t conform to an expected norm, such as format, greetings, content (one example would be getting emails from yourself!)
Emails from unknown senders
Emails that addresses you in an unusual way (e.g. Dear Priscilab)
Emails that have no greetings or introduction at all
Emails that suggest that you have an issue that the sender will fix
Emails that ask you to sign up to a website
When they seem too good to be true such as "you won a prize" type of emails - that's probably because they are!
Emails from unknown senders that have an “invoice” or “credit note” attached.

If you notice any of these unusual things, the message is pretty simple: do not open, do not respond, do not forward.

Curiosity killed the cat! Don’t click!

If any of these things pop up on your inbox, the message is simple: delete them immediately. Whatever you do, DON’T click on any links, open attachments or follow instructions to win a prize unless you are sure that the email is legitimate. If in doubt – DELETE!
Curiosity killed the cat, they say, but it can also kill your computer and the network. Hackers cleverly try to pique your interest – don’t fall for it. That ‘invoice’ or ‘tax refund’ that you open can make your life very difficult.

Some examples to help you help yourself

There are plenty of examples of the threats; this March 2016, the Department of Internal Affairs was notified about a spam Netflix email circulating the country, advising members to update their payment methods.
Earlier, in February, an email purportedly from ‘Microsoft’ congratulated recipients for winning an internal promotion. Hint: it wasn’t Microsoft sending the email and the promotion never existed.
These and plenty more examples can be found on the DIA’s website . You can also report spam/phishing emails on the DIA’s site here .

Err on the side of caution

The final note is a simple one: rather err on the side of caution than open something which looks tempting only to find it is a virus, phishing attack or other malware. DELETE should be the default action for any emails which look even slightly dodgy. That’s a far safer course of action than opening it up and opening yourself to compromise.

Earpiece that lets you understand languages!

Fri, 17 Jun 2016 00:00:00 GMT

Waverly Labs have created a simple wearable earpiece called Pilot, which claims to make translation effortless and instantaneous. After a slight pause, the earpiece allows the wearer to hear a basic translation of multiple languages into their native tongue. It is designed for the international traveller and Waverly Labs looks to make it function completely offline. A companion mobile app is used to download language packs and toggle the language within the earpiece, but translation doesn't require an internet connection to work. The Pilot is running a pre-order campaign, but unfortunately won't ship until mid-2017.

When a Staff Member Leaves

Mon, 23 May 2016 00:00:00 GMT

Contributed by Steve Shaw

When it comes to people's digital lives, entanglement is pretty much the norm nowadays. Ask almost anyone what's installed on their computer, phone, or digital device and you'll find a combination of work and personal information. We're always online and always connected whether it's to our friends, our family, our co-workers, our clients, or our suppliers. The lines between each piece of this information has become blurred. Now we're simply connected people.

For many, the digital push has started with their work. There's a much better ROI for an organisation than an individual when it comes to cutting-edge digital devices. As such, the devices we become familiar with and embed our digital lives into aren’t actually ours, but the organisation we work for. Likewise, for those whose first email account was provided by work, it easily becomes the default or only account that’s used – both for personal and work relationships.

So what happens when, for better or worse, someone moves on from and out of their native digital environment? Keeping good relationships is an essential part of any organisation, so maintaining a healthy link to an organisation after someone moves on can be key. How then can an organisation or individual prepare for a healthy breakup, digitally speaking?

Like most processes, the first step is always information gathering. What exactly would be lost if someone were removed from your organisations technological infrastructure? Phone numbers and email addresses of friends? A digital music collection? Personal emails? Family photos? Access to an email address linked to bank accounts? Losing any or all of the above could easily sour a relationship.

Once you’ve established just what’s going to be lost, you can then move forward. For each individual there will likely be a need to migrate data. From an organisation, however, the greatest need is to put in place policies and procedures that will set you up for when the inevitable need to disentangle occurs.

If you’re concerned about any of these points, talk to one of our friendly team members for assistance with the data migration.

Free Windows 10 upgrade ends soon

Mon, 23 May 2016 00:00:00 GMT

The free Windows 10 upgrade expires 29 July 2016.

Microsoft’s Statement:
“We are excited to offer a free upgrade to Windows 10 for qualified new or existing Windows 7, Windows 8.1 and Windows Phone 8.1 devices that upgrade in the first year. Once a Windows device is upgraded to Windows 10, we will continue to keep it current via Windows Update for the supported lifetime of the device – at no cost.”

Please call us if you have any concerns relating to upgrading or would like us to assist you with the upgrade.

Important MYOB News

Mon, 23 May 2016 00:00:00 GMT

MYOB have released new information stating they will be ending support on MYOB products still running on technologies, such as Windows 7, that Microsoft has ended mainstream support for.

It’s important to consider upgrading, as running outdated software no longer covered by mainstream support introduces an element of risk into your business. When Microsoft ceases mainstream support for a product, it ceases to fix anything other than security issues.
By continuing to use old technologies you also limit yourself to old programming and components up to a static point in time. In other words, using software that has been on the market for approximately six years means you aren’t able to take advantage of the improvements made in that time.
Considering your IT plays a large part in the operating effectiveness of your business, updating your technology to get the latest features makes good business sense.

If you have any of the following applications in your business practice, you’ll find that MYOB will only be providing limited support for any of their software packages being used in conjunction with them.
- Windows 7 (all versions)

- Microsoft Office 2010 (all versions)

- Windows Server 2008 (all versions), including SBS 2011 (which is built on Server 2008 R2)

- Microsoft SQL Server 2008 R2, excluding MYOB AO clients with SQL 2008 R2 Express

You’ll need to look into making a plan for change however, as MYOB won’t be providing support beyond the 31st December 2016. This gives MYOB users some time to upgrade their IT infrastructure if required.

Feel free to talk to one of our friendly sales team to create a plan of action and ensure you’ll be operating on MYOB supported technologies in 2017 and beyond.

QuickTime Support Ends

Mon, 23 May 2016 00:00:00 GMT

It seems Apple has ended support for QuickTime on Windows and there are two major vulnerabilities found.

These vulnerabilities will allow a remote attacker to execute arbitrary code on Windows PC's running Quicktime.

Head over to the US CERT website, here , to see the full details.

Computer Culture's advice is to uninstall this program from all your Windows devices.

Researchers Accidentally Create Longer Lasting Battery

Mon, 23 May 2016 00:00:00 GMT

When it comes to working in a lab, accidents aren't usually a good thing. But due to an unexpected result, which led chemists to a system that could make batteries last up to 400 times longer than the best performing batteries. The accident part is that the researchers still aren't sure how the system works. Instead of lithium, the new batteries store electricity in gold nanowires that are thinner than a human hair. But an addition of an electrolyte gel to the nanowires as well as coating it with manganese oxide made the big difference. The testing cycle showed the new system could withstand 200,000 charge cycles over 3 months and only lose 5 percent of its capacity.
Unfortunately, this system is not a battery yet and there is no guarantee the efficiency will be maintained when it's scaled up to a device.

A self refilling water bottle!

Mon, 23 May 2016 00:00:00 GMT

Fontus have created a self-filling water bottle that lets you go on an adventure without worrying about finding a water supply or carrying heavy loads of water. There are 2 models, one that straps on your bike and relies on air to pass through a dual-chambered solar powered Peltier element that condenses air into water. And the other is a standalone bottle that uses a solar panel to power a fan that pulls humid air through a filter into a condensation chamber. With an IP54 rating it means the filters protect against dust and low pressure jets of water.

ReFlex Bendable Smartphone

Mon, 23 May 2016 00:00:00 GMT

Queen’s University have developed a prototype of a bendable smartphone named ReFlex. LG have already created a flexible screen in the past, but they have yet to use it on a device. ReFlex was made to revolutionise the way we communicate with a smartphone. Bending the ReFlex will make the pages flip in an eBook, making you feel like your reading an actual book. The bending also works on games & apps.

Neighbourly App

Fri, 22 Apr 2016 00:00:00 GMT

What is Neighbourly?
Neighbourly allows you to stay connected with your neighbours and community using a private neighbourhood website. It's a free service that is designed to make your neighbourhood a safer and better place to live.
Members of Neighbourly use the website to interact on topics such as local events, after school activities, crime and safety, council issues, local services or even lost pets.
Neighbourly also offers a crime prevention service for members within its communities. Members are kept informed of any suspicious activity and can also inform each other instantly of any urgent crime or safety updates via SMS text message.
Once you have signed up as a member with Neighbourly you can do things like:

- Plan a street party

- Alert your community to a spate of vehicle break-ins

- Share a photo of a visiting dog to locate owner

- Discuss what impact Local Council plans will have on the neighbourhood

- Recommend a trustworthy local mechanic

- Ask when the roadworks down by the local park will be complete

- Grab the contact details of a good local babysitter

- Find out which cafe in the area has the best Eggs Benedict

- Share sporting cancellations and updates

- Sell an unused sofa

- Let neighbours know mail has been stolen

- Ask if anyone can loan a ladder for an hour

- Organise a neighbourhood watch group

- Ask for times of the walking school bus

- Discuss local charities and how to get involved

The Unhealthy Rise of Ransomware

Fri, 22 Apr 2016 00:00:00 GMT

According to data and media global Bloomberg, the number of known Ransomware attacks has now surpassed five million, with just a single infection causing more than $325 million worth of damage in one instance. Ransomware locks the files on your computer and refuses to hand over the key until you’ve paid the demanded sum, or “ransom”.

Ransomware has bigger implications for some industries than they might first realise. Not only does it impact day-to-day business while they can’t access their data or IT systems, but it can also cause some bigger affects down the line. Sensitive data that needs to be accessed regularly or whenever requested is the main point that should ring the alarm bells.

Unfortunately for the healthcare sector, the hackers have realised they’re a big juicy target. We’ve seen reported incidents of multiple hospitals in the US being infected with ransomware and having to resort to extreme measures to resume functionality. The fact that prominent medical facilities are giving in to the demands of cyber crooks because they had no contingency plan, is a sobering thought. This has also been reflected internationally, as Germany has also seen its share of ransomware attacks on hospitals. One hospital even having to resort to pen, paper and fax due to a sophisticated attack that brought their IT to a crawl.
The global healthcare industry’s being targeted as it ticks all the boxes for ransomware attackers. Those targeting the industry have realised it sits on a goldmine of sensitive information that’s so indispensable for its users, that they’ll pay almost anything to get it back. To make matters worse, healthcare is bound by regulations around medical records always being available, the fines for not having this data accessible would well outweigh any ransom for the data itself.

Its mere existence in the cybersphere should highlight the importance of security training and awareness. Simply knowing this malicious software is increasingly being used in phishing plots and web exploits can help prevent employees from putting their organisations in danger.
Like any other form of malware, the ransom-based variety looks to exploit outdated web browsers and plugins like Adobe Flash and Java. It also aims at unsuspecting users opening infected attachments harboured in spam emails.
While it continues to evolve and change, the best way to combat ransomware with maximum effectiveness is still as simple as prevention. Avoid any emails, links and plugins that you don’t recognise, and ensure you have regular backups of data that can be rolled back to should your systems become infected.

Talk to us about how we can help implement some contingency plans for your business.

Important Changes to OneDrive

Fri, 22 Apr 2016 00:00:00 GMT

We wish to inform you about some upcoming changes to Microsoft’s OneDrive that may affect our customers. The amount of storage that comes with the free version of OneDrive will decrease from 15GB to 5GB. Microsoft is also discontinuing the 15GB camera roll bonus. These changes take effect on 13 July 2016.

We strongly recommend that users delete data and photos to ensure that they are under the new limit before this date. To ease this transition, users can claim a free one-year subscription to Office 365 Personal. This subscription includes 1 TB of OneDrive storage. Alternatively, additional storage can be purchased.
Please call us before July to discuss your cloud storage options.

Automatic Windows 10 Upgrade

Fri, 22 Apr 2016 00:00:00 GMT

It appears that some users are getting Windows 10 installed automatically if they had reserved their copy of Windows 10 previously. If they didn’t reserve Windows 10 it will not be installed automatically.

The upgrade is now a “Recommended” update, so if you reserved it you should get a pop up like this one:

It will tell you that a time has been scheduled for the upgrade to happen. If you click the link to change the upgrade schedule, you can re-schedule or cancel the install, otherwise it will go ahead and install at the time it says.

If you don’t like or don’t want Windows 10 you have 31 days to roll back to the previous version of windows which is fairly painful painless.

Changing your Internet provider?

Tue, 22 Mar 2016 00:00:00 GMT

If you are considering changing your ISP (Internet Service Provider) please talk to us first. We can either guide you through the process to get the best result or organise the changeover for you. We are seeing more incidents where companies that attempted to manage the process themselves ended up with less than desirable outcomes. The worst being one company having no internet connectivity for a week.
Common problems include incorrect internal and external network settings or delays or problems with the physical install.
A call to us first could save you some grief down the track.

Major websites at risk from banner ads

Tue, 22 Mar 2016 00:00:00 GMT

We already know that ransomware has become a growing threat to users around the world. Just last week, Mac users saw their first such attack on Apple's operating system. By encrypting a user’s local files and holding them ransom for payment in the hundreds of dollars, the perpetrators have become increasingly sophisticated in their methods to extract money. The software is so difficult to deal with that the FBI advises people and businesses to just pay up to unlock their files.

Now, according to Trend Micro, the past 24 hours have seen a rash of new crypto-ransomware spreading through popular websites. The attack, dubbed Angler Exploit Kit, is taking advantage of vulnerabilities in Adobe Flash and Microsoft Silverlight, among others, to feed the malware through compromised ad networks.

Malwarebytes is reporting that the “malvertising” is hitting the BBC, MSN, nfl.com, The New York Times, my.xfinity.com and many others in the form of clickable banners. The anti-malware company provided lots of detail around the exploit, reporting a number of suspicious domains through which the ads are apparently served.

Google’s ad network was compromised in this attack, according to MalwareBytes. Last year, Google reported to have made progress in filtering ad injectors and malicious sources across the ad networks it manages. However, it would appear that the ad network still has work to do.

Fake Websites and Captcha Codes

Tue, 22 Mar 2016 00:00:00 GMT

Up until recently one of the major security firms have seen 101 fake websites and the list is still growing.
These sites ask you to enter a code, supposedly to prove you are not a robot.
Their advice is:
Do not to enter Captcha codes to any penalty or police related websites.
Be especially careful about anything purporting to be a traffic infringement or the AFP (use you telephone to confirm any such email).

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart".

Locky Ransomware

Tue, 22 Mar 2016 00:00:00 GMT

"Locky" feels like quite a cheery-sounding name, but it's also the nickname of a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky.

Of course, it doesn’t just rename your files, it scrambles them first, and – as you may already know about ransomware – only the bad guys have the decryption key and will happily sell it to you.

The most common way that Locky arrives is as follows:
You receive an email containing an attached document such as Troj/DocDl-BCF.
When you open the document it looks like gobbledegook.
At the top of the document it advises you to enable macros “if the data encoding is incorrect.”

DO NOT Enable Macros! Use SHIFT + DELETE to send the email into oblivion.

Windows 10 for Smartphones

Tue, 22 Mar 2016 00:00:00 GMT

Windows 10 Mobile has now been released after months of waiting. The OS is available to selected Windows Phone 8.1 devices, including the Lumia 1520, 930, 640, 640XL, 730, 735, 830, 532, 535, 540, 635 1GB, 636 1GB, 638 1GB, 430, 435, BLU Win HD w510u, BLU Win HD LTE x150q, and the MCJ Madosma Q501.

Here is the procedure to upgrade your phone if your device supports the Windows 10 Mobile upgrade. If you are not confident about carrying out the upgrade yourself, or would like some advice please call our helpdesk.

1) Get Update Advisor

To check if the Windows 10 Mobile upgrade is available for your phone, you firstly need to install an app called Update Advisor app from the Windows Store on your Windows Phone 8.1 device, which you can download from here

2) Enable Windows 10 upgrade
Once you have downloaded and installed the Update Advisor, you need to open it by heading over to the All Apps list on your Windows Phone 8.1 device. After opening up the app, click on “Next” and let the app check for updates. If the app says that the Windows 10 upgrade is available, tick the Enable Windows 10 upgrade checkbox and tap on “Next”. Once the app tells you that your phone is “Ready to upgrade”, tap on “Done”

3) Get the update
After following the above two steps, you should now be able to get the Windows 10 Mobile update. To get it, open up the Settings app on your Windows Phone, scroll down and open “Phone Update” and check for updates to download the OS. Once the OS is ready to install, you will get a simple notification and be able to install the OS.

Get Your Next Car at a Vending Machine

Wed, 24 Feb 2016 00:00:00 GMT

Is it really that simple? Drop a token in the slot and your new car comes out? In Nashville, Carvana have created the world’s first automatic car vending machine. It’s a five-storey glass tower that can store up to 20 cars. All you have to do is pick up your purchased token at reception and put it in the slot to begin delivery. The cars are actually sold below their rated value and it can be a money saver, but good luck shaking the machine to get a free car out.

Check out a video of it in action here .

New Technology - Intel Optane Drives

Wed, 24 Feb 2016 00:00:00 GMT

Intel’s reinvention of the Hard Drive could give laptops to super computers a major speed boost as early as next year. Intel Optane drives, as they will be called, are based on a new way to store digital data that can operate as much as 1,000 times as fast as the flash memory technology inside hard drives, memory sticks, and mobile devices today.

The sluggish speed of data storage compared to the pace at which processors can work on data has become a significant bottleneck on the capabilities of computers. Several large computing and chip companies have invested heavily in promising new data storage technologies, but none has yet borne fruit. Intel’s Optane drives are based on a technology called 3D Xpoint, developed in collaboration with the memory chip company Micron.

Intel says the technology is affordable enough that Optane drives will be made available next year for uses ranging from large corporate data centres to lightweight laptops. Rob Crooke, a general manager on Intel’s memory project, predicted that they would improve gaming, supercomputers, and data analysis. “We expect to see breakthroughs in personalized medicine, in business analytics to allow companies, cities, and maybe countries to run more efficiently,” he said.

The flash memory chips that are the fastest way to store data today use a grid of clumps of electrons trapped on silicon to represent the 0s and 1s of digital data. A 3D Xpoint chip instead has a grid formed from metal wires layered over one another; data is stored by using electricity to change the arrangement of atoms inside material trapped at each junction of the grid. Just like flash, 3D Xpoint chips hold onto data even when powered down. They can’t currently store data as densely, but Intel says the Xpoint grids can be stacked vertically, providing a route to storing more data on one chip.

Surface Pro Power Cord Recall

Wed, 24 Feb 2016 00:00:00 GMT

Microsoft will be allowing Surface Pro users who bought earlier models of the company's tablet to exchange power cables for free due to possible overheating issues.

This recall affects the following models: Microsoft Surface Pro, Microsoft Surface Pro 2, and Microsoft Surface Pro 3 devices sold before 15 July 2015.
Over an extended period of time, damage could result if the AC power cords is wound too tightly, twisted or pinched.

Microsoft will provide one AC power cord replacement free of charge for each eligible Surface Pro device that you own. No proof of damage is required to receive a replacement AC power cord.

Click here to get your free replacement.

Make it hard to penetrate all the layers

Wed, 24 Feb 2016 00:00:00 GMT

In all likelihood you will know someone who has been a victim of a malicious piece of malware or had valuable data stolen through a well-orchestrated hack. Many organisations that suffer these and other attacks fail to take the proper precautions to prevent themselves from becoming victims. Here are some of the precautions you can take.

Patching - Most attacks, whether they be malware or hacking attempts exploit weakness or vulnerabilities in Operating Systems and 3rd party applications. Normally, when an exploit is discovered, a publisher will release a fix to block it as soon as possible. If your system is maintained by our Managed Services, these patches will be applied automatically.

Mail Filtering - No small number of threats find their way into a network as an email attachment or link. Having a robust system to scan, scrub and quarantine these threats is essential. If you are not using Office 365 for your mail, we recommend Roaring Penguin for anti-spam protection.

Web Filtering - Blocking malicious websites from being accessed can go a long way to reducing the number of threats introduced to a network.

Backups - A good backup and disaster recovery strategy should be in place to make sure that essential and business critical data is safe should the worst happen. Ideally, it should be located offsite. If you don’t already have an offsite backup solution, please call our sales team who will help you find a solution that meets your requirements.

Antivirus – We recommend our managed AV Defender to provide a strong defense against viruses.

Buying a Power Bank

Wed, 24 Feb 2016 00:00:00 GMT

Here are some important things to check for when purchasing a power bank.

Ensure the power bank is of a higher capacity than your phone's battery. Most smartphones have batteries that range from 1500 to 2500mAh. If your phone has a battery of 1800mAh and you purchase a power bank with a capacity of 5400mAh, you should get at least two charge of the phone. It is recommended that you do not to discharge the power bank completely.
Ensure that the power bank has USB connections in for both charging and discharging. Also check that the unit has the correct cable to fit your device.
Check pricing and the quality of the unit by looking for reviews on Google
Make sure it has short circuit and overcharge protection.
Check the weight and dimensions of the unit as this may restrict the ability to carry these with you.

Battery Care for Mobile Devices

Mon, 18 Jan 2016 00:00:00 GMT

Batteries are a critical part of our mobile devices, and as such they need to be cared for properly. There is still a lot of inaccurate information circulating since nickel-based batteries were replaced by lithium-based batteries. We have provided some handy tips to help you keep your batteries healthy.

1. Battery Memory/Topping Off
You may have heard something about batteries and the “memory effect.” How if you don’t “teach” your batteries their full potential by going from completely full to empty, then they will “forget” some of their capacity. This only applies to nickel-based batteries, most modern devices such as smartphones, tablets and laptops come with the lithium-based batteries. These should instead be “topped off” whenever you have the chance.
To get the most out of lithium batteries, you should always try to keep it above 50%, without charging it constantly to 100% either. If you go from 100% to 0% too often, it’s more likely to shorten the lifespan than improve it. So to summarise, to optimise the battery life, try going from around 40% to 80% between charges.

2. Hot and Cold
Heat can greatly reduce the capacity of your battery. When under load, batteries can heat up to high temperatures.
The main factor to watch out for is leaving or storing your devices in areas they can heat up externally – say in a hot car left in the sun – which will cause the battery to run down faster. Keep your device cool and avoid storing them in hot places.
On the other hand, extreme cold temperatures can also affect your battery lifespan. Don’t expose any battery to freezing temperatures if you live in a cold climate, and don’t put spare batteries in the freezer! This is a myth from the nickel based batteries era.

3. Wi-Fi, Bluetooth & GPS
There’s a common misconception that turning off these services will prolong your battery life. In most cases this isn’t true, the only time they’ll actually drain your battery is if they are being used. In other words, having Bluetooth turned on, when you aren’t connected to and using a Bluetooth device, won’t drain your battery any more than having Wi-Fi on when you’re not accessing the network.
Though they may use an immeasurable amount of energy from your battery they will not drain it over the course of a day. Dimming your screen will do more good than switching off these services.

4. 0% Batteries
Do you have a habit of infrequent charging? If possible don’t leave your batteries in a fully discharged state for a long time. If it does get to 0% then you should recharge it ASAP. If you let the battery discharge all the way and leave your device more than a week before charging, it may become incapable of holding a charge at all, dying completely.

5. Batteries will always wear out
Even by following these tips, your lithium-ion batteries will eventually wear out over time, holding less and less charge. After these have reached the maximum number of full discharge cycles rated by the manufacturer, you’ll find that the battery will only power your device for shorter periods of time. The more you use them, the more capacity they’ll lose. Even though you can make your batteries hold a long charge for longer, there’s no stopping entropy. By the time your battery has worn out it will be time to consider a device upgrade!

Microsoft Update - Windows 8

Mon, 18 Jan 2016 00:00:00 GMT

In a surprise move Microsoft have announced that the support for Windows 8 ended on the 12th of January, instructing users to upgrade to either Windows 8.1 or Windows 10. The biggest issue with no support is the security risk. Windows 8 vulnerabilities were addressed in the upgrade to Windows 8.1 and this operating system will get Microsoft’s 10 year support.

For those that are already running Windows 10:

If you are installing the latest patch for Windows 10 we would recommend that you leave this until after hours or are not requiring your device for the next couple of ours. One of the team just updated his tablet and it took more than 90 minutes.

Give us a call to talk to one of our technical team if you would like some assistance with this or need more information.

Mobile Security

Mon, 18 Jan 2016 00:00:00 GMT

An important resolution that you should carry out for the New Year ought to be setting up the security on your mobile devices. This is now critical, as so much personal and company data is now either stored on the device or the device has access to this information.

• As an absolute minimum, your phone, tablet or laptop must have a password or pin.
• It should be backed up on a regular basis.
• You should enable the “Find my Phone” and “Remote Wipe” features.
• Record your PUK Code for your SIM card somewhere safe.

Recently a friend of mine left her phone of the Interislander Ferry. Because she had enabled the “Find my Phone” feature she was able to track the phone travelling back and forth between the islands until the crew finally located it.

The cost of security breaches within..

Mon, 18 Jan 2016 00:00:00 GMT

In a recent security audit, Kaspersky found that 73 percent of companies have been affected by internal information security incidents, with the largest single cause of confidential data losses being employees - 42 percent.

Company expansion and new components add new vulnerabilities. The situation is aggravated by the fact that not all employees - especially those with no specialist IT knowledge - can keep pace with a rapidly changing IT environment. As a result, the company is exposed not only to external threats but also internal threats that come from employees.
They found that 21 percent of companies affected by internal threats lost valuable data that subsequently had an effect on their business.

In addition to data leaks, internal threats include the loss and theft of employees’ mobile devices - 19 percent of respondents confirmed that they lost a mobile device containing corporate data at least once a year.
Another important factor was related to staff fraud, where 15 percent of those surveyed encountered situations when company resources, including finances, were used by employees for their own purposes.

This survey is a timely reminder to start the year off on the right footing and have your IT company check your company’s security status and internal practices.

Data and Backups definitions

Mon, 18 Jan 2016 00:00:00 GMT

Here are definitions for some of the terms relating to data and backups

Encryption
Encryption is the process of encoding messages or information in such a way that only authorised parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor

Versioning
This is a file system which allows a computer file to exist in several versions at the same time. Most common versioning file systems keep a number of old copies of the file. This allows users to recover or view earlier versions of documents that have been since modified or partially deleted.

Archiving
Data archiving is the process of moving data that is no longer actively used to a separate storage device for long-term retention. Archive data consists of older data that is still important to the organization and may be needed for future reference, as well as data that must be retained for regulatory compliance.

Sovereignty
Data sovereignty is the concept that information which has been converted and stored in binary digital form is subject to the laws of the country in which it is located.

Legal hold
Legal hold is a stipulation requiring a company to preserve all data that may relate to a legal action involving the company. This requirement ensures that the data in question will be available for the discovery process prior to litigation.

Ransomware Criminal Apprehended

Fri, 18 Dec 2015 00:00:00 GMT

It makes disturbing news when we read that malware doubles every year and that 63% of businesses download malware. Therefore, is was great to get some good news regarding the apprehension of the person behind the CoinVault and Bitcryptor ransomware.

If you have ever been a victim of ransomware, you know the pain of having to make the decision to lose your data or possibly shell out hundreds of dollars for a chance at retrieving it. Those who have been affected by CoinVault and Bitcryptor ransomware can now rest easy as Kaspersky has obtained all relevant decryption keys, making it possible for users to retrieve their data without having to pay a single penny.

Earlier in the year, they reported that Kaspersky Lab was working with authorities to uncover decryption keys for those affected by Coinvault. Unfortunately, at the time, only a small number of keys had been recovered, making the solution hit-or-miss. But now, several months later, Kaspersky is happy to report that the joint investigation has uncovered all of the decryption keys for CoinVault and Bitcryptor ransomware. The company has made a decryption program available for free, which will allow users to decrypt their own data.

AVG can sell your browsing history to third parties

Tue, 20 Oct 2015 00:00:00 GMT

AVG - one of the world's largest computer security firms - has come under fire recently for their newly updated privacy policy. The issue in question that’s caught the eye of privacy advocates, is that they can now retain the browsing history of their users, and have the ability to sell that information on to third parties.
Their policy states the following;

"We collect non-personal data to make money from our free offerings so we can keep them free, including:
• Advertising ID associated with your device;
• Browsing and search history, including meta data;
• Internet service provider or mobile network you use to connect to our products; and
• Information regarding other applications you may have on your device and how they are used.

Sometimes browsing history or search history contains terms that might identify you. If we become aware that part of your browsing history might identify you, we will treat that portion of your history as personal data, and will anonymise this information."

Metadata is a powerful tool for identifying and tracking people, it’s what the NSA was collecting en-masse from around the world for just that purpose. As AVG classify browsing, search history and metadata as non-personal data they have the ability to share it with third parties:

Do you share my data?
Yes, though when and how we share it depends on whether it is personal data or non-personal data. AVG may share non-personal data with third parties and may publicly display aggregate or anonymous information.

Thankfully, they also state that users do have a way to opt out, by following the instructions on their website here .
The impact that this will have on AVG, who are the world’s third largest antivirus vendor, remains to be seen. As most people are used to clicking on ‘Agree’ for license agreements and privacy policies without really reading the fine print; it is unlikely many users will have any idea of their acceptance of this practice.

If you currently run AVG’s antivirus software, our tech team would be happy to provide assistance with this or similar features. Alternatively, consider switching to our managed antivirus solution, and avoid the risk altogether!

Outlook attack steals massive number of passwords

Mon, 19 Oct 2015 00:00:00 GMT

Large organisations could be at risk as researchers have uncovered advanced malware that can steal almost all of their email passwords by infecting their Outlook Web Application (OWA) mail server over an extended period of time.

Security firm Cybereason’s researchers discovered the malicious OWA module after receiving a call from an unnamed company that had more than 19,000 endpoints (an Internet-capable computer hardware device). Apparently the company had witnessed several behavioural abnormalities in its network and asked Cybereason to look for suspicious activity. Within hours, they found a suspicious file loaded into the company’s OWA server that was unsigned (not proven to be safe).

This file contained a backdoor. Because it ran on the company's server, it was able to circumvent the security protocols, and as a result, the attackers behind this threat were able to steal the passwords of anyone that accessed the server.

Cybereason also detailed the technical information behind how the hackers managed to gain a foothold into such a highly strategic asset;
"Almost by definition, OWA requires organizations to define a relatively lax set of restrictions; and in this case, OWA was configured in a way that allowed Internet-facing access to the server. This enabled the hackers to establish persistent control over the entire organization's environment without being detected for a period of several months."

This is a particularly valuable resource for attackers because it acts as an intermediary between the public Internet and a resource that’s inside a company’s firewall. Because they were using OWA to enable remote user access to Outlook, the attackers were able to access the company’s domain credentials. Although Cybereason didn’t say how widespread the attack is beyond it targeting the one company, the likelihood is that malware as detailed as this isn’t a one-off thing, so it wouldn’t be surprising to see it resurface again.

Are you worried about such an event happening to your company? Our Managed Services Solutions can help you defend against such an attack. Talk to our sales team for more info.

3 Tips for OS X El Capitan

Mon, 19 Oct 2015 00:00:00 GMT

The new version of Apple’s operating system was released at the end of last month, and if you have a modern Apple PC you’ll probably have received notification of the upgrade. This month we have chosen our favourite 3 handy tips to get the most out of OS X El Capitan, we’ve got plenty more of these so contact us if you’re interested.

Auto-hide the menu bar
It’s now possible to auto-hide the menu bar that appears at the top of your Mac’s screen to get more screen real estate.

1. Go to Settings -> General
2. Click the checkbox next to "Automatically hide and show the menu bar."
Don’t worry though, the menu bar will return if you put your cursor at the top of the screen.

Split View window resizing
Split View makes it easy and fast to put two applications side by side in full-screen view. This can be a big help if you need to copy and paste text between applications.

1. Click and hold the green full screen button in the upper left corner of an application window.
2. Release your trackpad or mouse button to put the window on the left side of your screen or drag it over to the right side if you prefer.
3. Click on one of the other app thumbnails that will appear on the opposite side of the screen to open it side by side with your first application.

Find your cursor
El Capitan comes with a fun, easy way to find your cursor. You can shake your mouse or trackpad and the cursor will magnify on your screen so you can quickly locate it.

1. Grab your mouse and shake it vigorously. Your cursor will grow in size so that you can easily locate it.
2. If you’re using a trackpad, tap and hold the surface, then move your finger back and forth as fast as you can. Your cursor will become larger until you can locate it.

For help with these tips or any other Apple questions and issues you might have, give us a call to talk to our in-house Apple expert!

Passwords are becoming obsolete

Mon, 19 Oct 2015 00:00:00 GMT

Thanks to the emerging phenomenon that is the Internet of Things, the Internet and personal security has never been under such pressure, especially with the rate of the cybercrime increasing exponentially. In the past we could rely on passwords to protect our bank accounts, computer access and other personal devices, and many people changed them infrequently.

These day’s for most of us, the number and complexity of passwords we are now forced to create, and the regularity with which they should be changed is too much for most of us to handle. As a result we resort to writing passwords down, saving them in unencrypted files, or using the same password for everything. The more technically aware use a password manager such as Steganos or Last Pass, but even these require passwords to login.

The Internet of Things is focused on connecting more and more devices to each other that generate, store and share unprecedented amounts of sensitive information. The data on all these devices requires more passwords – which creates more security risks.

Ultimately to combat the security risks, passwords are becoming obsolete. Because of this, the way people access smartphones, personal computers and many other password-protected technologies will change. The likely scenario is a decline in password use over the next few years as alternative methods, like biometrics and device authentication arrive to supplement or replace them. Biometrics includes technology such as fingerprint scanners, palm print readers, iris scanners, and finger vein and face recognition. Authentication covers techniques such as two-factor authentication, device encryption and multiple authenticators.

With the unprecedented and unstoppable proliferation of devices, data and connectivity, the move away from passwords is well underway and accelerating. People want more privacy and security than passwords are giving them and alternatives will continue to grow in favour as they become more widely used in the digital world.

Avoid Data Loss

Mon, 21 Sep 2015 00:00:00 GMT

We are still concerned at the number of companies which still do not have a comprehensive backup regime. Losing your valuable data can result in substantial costs for companies and could be the downfall for some.

Data loss can impact a business’s bottom line. If it loses customer information it may not be able to make sales or invoice customers. Reliable cash flow depends on business continuity, which in turn relies on critical and non-critical data being readily available.

As such, disaster recovery is a vital part of business continuity and should be a central pillar of a business’s strategic planning. Disaster recovery will not work properly without an appropriate backup plan. Backup and disaster recovery planning, implementation, and regular testing are essential for business survival.

Please talk to us if you if you have any concerns about the suitability of your existing backup system and disaster recovery readiness.

950 Million Android phones left vulnerable

Mon, 17 Aug 2015 00:00:00 GMT

At Computer Culture we take security very seriously and like to be proactive about it. When we encounter issues that need to be shared we will send out email alerts. Hopefully we can save you time, money and pain by addressing the risks before they become an issue!

We have been made aware of a very serious security flaw in Android phones that requires your attention.

Many of our customers use Android phones (such as Samsung Galaxy for example) and a security vulnerability has recently been discovered that effects roughly 950 million of these devices (95%). The vulnerability can allow remote access to your phone without you knowing it, with the ability to access your data, and well as devices in your phone such as your camera and microphone.

The security researcher who discovered the flaw describes this latest Android security flaw as "the worst Android vulnerabilities discovered to date", adding that "if 'Heartbleed' from the PC era sends a chill down your spine, this is much worse."

Google (who produces Android) are aware of the issue and they have released a security patch for it. The problem however is that the security update has reached very few of the devices in use. The reason for this is that Google don’t have the ability to patch Android devices directly like Microsoft can do with Windows Update, or Apple can do with their iPhones. Google releases a patch, which then goes to the phone manufacturer (e.g. Samsung, HTC, Motorola etc), who need to rebuild their Android software with their customisations, and once tested release the update. The update is then further delayed by carriers (such as Vodafone, Spark etc) who also need to approve the updates.

The end result is there are A LOT of vulnerable Android phones out there, many of which may never be patched due to their age (often phones older than 18 months stop receiving updates). While most modern Android phones should eventually be patched, there may be a long wait.

It appears the Firefox web browser on all major platforms (Android, Windows, Mac) is also affected by the same vulnerability. Mozilla, the makers of Firefox released an update to fix the issue in May, so it is also very important you update Firefox to the latest version if you use it on your computer (our Attiva managed patch service will take care of this automatically for you).

So what’s our advice? Although we are not aware that anyone is taking advantage of this exploit, it is more then likely someone will soon. We recommend you check to see if there are any updates available for your phone, and if there are, apply them immediately. If you are unsure of how to update your device please let us know and we can help.

Click here to review the research article published describing the security vulnerability and get more info.

We’re monitoring this situation closely and will keep you updated with any additional steps that can be taken to help secure your devices.

If you would like to discuss this further with us, please call our support team on 03 377 4662 or email support@computerculture.co.nz .

Please forward this email on to anyone you know that is using an Android phone.

Windows 10 launch

Wed, 22 Jul 2015 00:00:00 GMT

The release of Windows 10 on the 29th July is now getting very close. The upgrade will be available to people shortly after the 29th as Microsoft will first be rolling out the finished version to those who have been participating in the Windows Insider program and testing pre-release versions of the software (as some of our techs have been doing). Once that has rolled out the general public will then be able to upgrade to Windows 10 via Windows Update in the following days. No exact date is given, and Microsoft will be rolling it out in waves so not everyone will get it at the same time.

As a reminder all current devices running Windows 7 or Windows 8.1 are eligible for a free upgrade to Windows 10 within the first year.

We want to point out however that our customer’s environments should be assessed before jumping into the Windows 10 upgrade. It’s important that all applications your business relies on are compatible with the new operating system. While most systems should work fine (as the compatibility with Windows 8.1 is very high), we have had some software suppliers advise that their applications have issues working with Windows 10. Please talk to us if you wish to upgrade so we can assist you and help ensure business interruption is minimised.

Microsoft has announced a number of different editions of Windows 10, but there will be three main versions that most of you will see. They are:

Windows 10 Home - this is designed for use in PCs, tablets, and 2-in-1s. It includes all consumer-directed features and is the equivalent to basic Windows 8, 8.1, Windows 7 Home Basic and Home Premium.
Windows 10 Professional – This is the version most of our customers will be using. It is comparable with Windows 8 Pro, Windows 7 Professional and Ultimate and Windows Vista Business and Ultimate. It builds on the Home edition and adds features essential for businesses, and functionality-wise it is equal to Windows 8.1 Pro.
Windows 10 Mobile – designed for smart phones like Microsoft’s Lumia range. It will be a free upgrade for current Windows Phone devices. New hardware will also allow features such as continuum, which allows you to dock your phone and use it like a computer with a screen, keyboard and mouse.

There are also other editions for scenarios outside of our customer base such as large enterprise, education, and IoT Core (where a version of Windows 10 can run on low cost embedded computers like the Raspberry Pi).

AD	Administrative Domain
AMOLED	Active-Matrix Organis Light-Emitting Diode
API	Application Programming Interface
CERT	Computer Emergency Response Team
DHCP	Dynamic Host Configuration Protocol
DoS	Denial of Service
HDD	Hard Disk Drive
HDMI	High-Definition Multimedia Interface
GUI	Graphical User Interface
LAN	Local Area Network
NAS	Network-Attached Storage
OS	Operating System
PCI	Peripheral Component Interconnect
PCIe	PCI Express
PoE	Power over Ethernet
PPP	Point-to-Point Protocol
PPPoE	PPP over Ethernet
RAID	Redundant Array of Independent Disks
SATA	Serial ATA
SSD	Solid State Drive
TCP/IP	Transmission Control Protocol/Internet Protocol
VoIP	Voice over Internet Protocol
WLAN	Wireless Local Area Network

computer-culture

The Global RAM Shortage: What New Zealand business leaders need to know before your IT costs spike

WHAT IS DRIVING THE RAM SHORTAGE?

HOW WILL THIS IMPACT NEW ZEALAND BUSINESSES?

OUR ADVICE TO CEOs, CIOs AND IT Managers.

ONE: Make sure you have a plan.

TWO: Chat to your MSP or tech provider.

THREE: Know when and how you'll get cost certainty.

FOUR: Adjust your FY27 IT budget.

FIVE: Implement structured hardware lifecycle management.

THE KEY TAKEAWAY.

THE BOTTOM LINE.

Five IT questions every CEO in New Zealand should be asking their technology provider

1. How do we know that we're doing things right?

2. How quickly could we recover if we were hit by a cyber-disaster?

3. Who has access to what, and how is this controlled? ﻿

4. How are we protecting our customer data and IP?

5. When was the last time our cybersecurity was tested and validated?

Final thoughts.

Shadow IT: The hidden risk lurking in your business tech stack

What is shadow IT and why is it risky for businesses?

Shadow IT Examples.

Why does Shadow IT happen?

Why Shadow IT is risky for businesses.

Shadow IT in your business.

AI-enabled hackers: The rising cybersecurity threat businesses can't afford to ignore

What are AI-enabled hackers?

Real-world examples of AI-driving cybercrime. ﻿

Why does this matter? ﻿

How to protect your business' data and systems from AI-enabled cyberattacks. ﻿

FY2026 - the year IT takes its place at the leadership table

How is IT support currently positioned?

A mindset shift from negative cost to empowering growth

A strategic approach to IT

Good IT support empowers productivity - A real-world example

Giving IT a voice at your company

Rent Right Property Management: Easy onboarding to a new IT provider

BEFORE COMPUTER CULTURE

ONBOARDING WITH COMPUTER CULTURE

SO, HOW'S IT GOING NOW?

AND THE SERVICE, WHAT KIND OF PARTNER IS COMPUTER CULTURE?

Onboarding with Computer Culture: How we make shifting to a new IT provider easy

ONE: AN IT ASSESSMENT

TWO: TREAT ONBOARDING AS A PROJECT ﻿

THREE: A CONSISTENT POINT OF CONTACT

FOUR: THE COMPUTER CULTURE USER MANUAL

FIVE: WE'RE CANTERBURY TRUSTED

PUTTING THE FEELERS OUT?

Preparing for the Windows 10 end of life: What your business needs to know

What does end of life actually mean for Windows 10?

Why is maintaining an up-to-date operating system so important?

Upgrading to Windows 11 is easy

Upgrade sooner, rather than later

Celebrating Computer Culture's Canterbury Trusted Certification

What is 'Canterbury Trusted'?

Why is 'Canterbury Trusted' Important?

The Accreditation Process

Our Journey to Accreditation

What does the Canterbury Trusted certification mean for our team and clients?

AI in the workplace

ONE: Decide which AI tool is best for your business

TWO: Engage your team early

THREE: Figure out your business's approach to AI

FOUR: Plan out an AI implementation roadmap

FIVE: Give it some time (and then review)

Getting started

How to create a cyber security incident response plan

What is an Incident Response Plan?

Developing your own Incident Response Plan

ONE: How does our company become aware of an adverse cyber incident?

TWO: How severe is the situation?

THREE: Who will lead the company's response?

FOUR: Who needs to know about the incident?

FIVE: How will we communicate during the response?

Key Takeaways

The Importance of AI for Canterbury Businesses

Note: 0% of this blog has been created by AI – we’ve relied entirely on our AI expert, Stephen Shaw .

1. AI isn’t coming – it’s here

2. AI is different to previous technology change

3. Where to start your business’s AI journey

3. Who has access to what, and how is this controlled?

Real-world examples of AI-driving cybercrime.

Why does this matter?

How to protect your business' data and systems from AI-enabled cyberattacks.

TWO: TREAT ONBOARDING AS A PROJECT