OFFICE 365 BUILT-IN SECURITY

Office 365 is a security-hardened service, designed following the Microsoft Security Development Lifecycle. Microsoft bring together the best practices from two decades of building enterprise software and managing online services to give you an integrated software-as-a-service solution.

At the service level, Office 365 uses the defense-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. In addition, Office 365 gives you enterprise-grade user and admin controls to further secure your environment.

  • 24-hour monitoring of datacenters.
  • Multi-factor authentication, including biometric scanning for datacenter access.
  • Internal datacenter network is segregated from the external network.
  • Role separation renders location of specific customer data unintelligible to the personnel that have physical access.
  • Faulty drives and hardware are demagnetized and destroyed.
  • Lockbox processes for a strictly supervised escalation process greatly limit human access to your data.
  • Servers run only processes that are whitelisted, minimizing risk from malicious code.
  • Dedicated threat management teams proactively anticipate, prevent, and mitigate malicious access.
  • Port scanning, perimeter vulnerability scanning, and intrusion detection prevent or detect any malicious access.
  • Encryption at rest protects your data on our servers.
  • Encryption in transit with SSL/TLS protects your data when it’s transmitted between you and Microsoft.
  • Threat management, security monitoring, and file/data integrity prevent or detect any tampering of data.
  • Exchange Online Protection provides advanced security and reliability against spam and malware to help protect your information and access to email.
  • Office 365 Message Encryption allows users to send encrypted email to anyone, whatever email service recipients may use.
  • Data loss prevention can be combined with Rights Management and Office 365 Message Encryption to give greater controls to your admins to apply appropriate policies to protect sensitive data.
  • S/MIME provides message security with certificate-based email access.
  • Azure Rights Management prevents file-level access without the right user credentials.
  • Multi-factor authentication protects access to the service with a second factor such as phone.
  • Data loss prevention prevents sensitive data from leaking either inside or outside the organization while providing user education and empowerment.
  • Built-in mobile device management capabilities allow you to manage access to corporate data.
  • Mobile application management within Office mobile apps powered by Intune provides granular controls to secure data contained in these apps.
  • Built in antivirus and antispam protection along with advanced threat protection safeguard against external threats.
  • Office 365 Cloud App Security provides enhanced visibility and control into your Office 365 environment.

EMPOWER YOUR TEAM TO TRANSFORM YOUR BUSINESS

Business teams today are often distributed across the world, working at various hours with a variety of devices. Employees value flexible work environments that support real-time collaboration and remote access to all the information required to get their job done. And you need peace of mind that your business data is protected wherever it goes.

Technologies designed for a cloud-first, mobile-first world can empower a modern workforce. Enable your team to share documents, edit files simultaneously, and access company networks from different devices and locations. With the right cloud solution, you can foster team connections to ensure your staff stays productive. And, you can be sure your business data and devices are safeguarded against modern threats – even outside the office.

Boost productivity across your workplace by employing integrated mobile and cloud solutions from Microsoft.

 

Work better 
together
Provide anywhere
access
Protect data 
wherever it goes
Support teamwork and communication across your business from multiple locations. Enable your team to get
things done effectively – on
any device.
Safeguard business data
from unauthorized access and modern threats.

 

How Microsoft solutions can boost productivity in your business

Collaborate in real-time across the organizationWork simultaneously on documents with a dispersed team – and store and save your work in the cloud with Office 365. It works on any device – Windows 10 Pro, Android, iOS. Enable employees to work how they wantProvide easy access to familiar Office apps on the devices your staff prefer – Windows, iOS, or Android – using cloud-based Office 365. Get better device protection and security managementSafeguard and manage Windows, Android and iOS devices – and protect your operating system, files, and thousands of SaaS apps – using Enterprise Mobility + Security.
Network across the globe – virtuallyMeet online across locations. Use HD video and voice meetings, plus transmit content on the device of your choice, with Skype for Business in Office 365. Store data cost-effectivelyEnable personalized service by accessing, sharing, and updating customer information in real-time with Dynamics 365.

 

Safeguard against security theftStrengthen identity protection with multi-factor authentication, including fingerprint and PIN, in Windows 10 Pro.
Enable rich, insight-based decision-makingGet automatic security and feature updates delivered from the cloud – without interruptions to users – with Office 365 and Windows 10 Pro. Deliver familiar, intuitiveGive your team the experiences they want – like touch, ink, or voice – across a range of compelling, productive Windows 10 Pro devices. Keep data safe and containedShield data from leaks or unsanctioned actions, such as unauthorized printing or forwarding of documents, using Windows Information Protection in Windows 10 Pro plus Rights Management Services in Office 365.

REDUCE YOUR LARGEST ATTACK SURFACE

Your end users are the most likely target for malware attacks. Keep your information safe with effective security awareness testing and training.

Automate defense education for your users with routine campaigns, training, follow-up, and reporting.

 

Information security is only as secure as your weakest link

Attackers relentlessly target end users with spear-phishing, spam, and socially engineered attacks. More than 90% of ransomware attacks are delivered via these types of email messages. SSDL Phish Threat emulates basic and advanced phishing attacks to help you identify areas of weakness in your organization’s security posture.

Campaign generation

Simulate phishing, credential harvesting, or malware attacks in a few clicks. We will have you up and running in no time with constantly updated and socially relevant templates.
Campaigns can be distributed broadly or targeted at specific roles in your organization like HR, Finance, and other departments.

Effective training modules

Training modules are designed to educate about specific threats such as suspicious emails, credential harvesting, password strength, and regulatory compliance. Your end
users will find them informative and engaging, while you’ll enjoy peace of mind when it comes to future real-world attacks.

Comprehensive reporting

The Phish Threat dashboard reports on results by department, and individual users, providing your entire organisation with insight into individual performance and
company-wide security posture alike.

 

To find out more about our Phish Treat solution contact us on 1300 364 722

OUTLOOK TIPS & TRICKS

Tame your inbox with Clean-up

 

Clean up a folder or a conversation

 

Overwhelmed trying to achieve Inbox Zero? Folder Clean-up can help.

From your Inbox (or any other email folder), select Home > Clean Up. You can Clean Up ConversationClean Up Folder, or Clean Up Folder & Subfolders. Outlook will automatically move redundant, read messages to the Deleted Items folder. Folder clean-up will never remove unread messages.

Why send a copy when you can send a link instead?

 

Share attachments with OneDrive.

 

Collaborating with colleagues on a report or project? Don’t send copies. Send a link instead.

The trick is to upload files to OneDrive and then send everyone a link to the files. Your recipients can collaborate on the same file at the same time, and you don’t have to scour your inbox for multiple copies.

Select Attach File>Browse web locations >OneDrive. You can tell you’re sending a link to a OneDrive file because the attachment icon will have a cloud on it.

Smarter meetings with Skype and OneNote

 

Collaborate with Skype and OneNote

 

Before sending that meeting request, make it a Skype meeting and set up a shared space for meeting notes.

Before you send the meeting request, select Skype Meeting. An online meeting link will be created automatically and inserted into the meeting request. For shared notes, select Meeting Notes. Create a new OneNote notebook or select an existing one. A link to the notebook will appear in the meeting request.

FINANCE TIPS & TRICKS

Quickly create data visualizations

 

Worksheet showing data bars created from the Quick Analysis menu

 

Use the Quick Analysis tool in Excel to easily apply conditional formatting, create charts or tables, or display sparklines next to your data.

  1. In Excel, select the data you want to visualize.
  2. Select [クイック分析] ボタン Quick Analysis in the lower-right corner of the selected data (or press Ctrl+Q).
  3. Point to the formatting options to preview them, and then select the visualization you want to create.

 

Quickly predict future values based on historical data

 

The Create Forecast Worksheet window displaying a line chart forecast for selected data

 

If you have historical time-based data, you can use it to create a forecast. A forecast can help you predict things like future sales, inventory requirements, or consumer trends.

  1. In Excel, select a series of date or time entries and the corresponding values.
  2. Select Data > Forecast > Forecast Sheet.
  3. In the Create Forecast Worksheet window, select the line chart or column chart icon.
  4. In the Forecast End box, select an end date, and then select Create.

 

Collaborate in real time on an Excel workbook

 

Screenshot of an Excel sheet, so the co-authoring notification.

 

You and your coworkers can work at the same time on the same Excel workbook. Save time and avoid countless revisions.

  1. Sign in to Office 365, select Office 365 app launcher icon > OneDrive, and then select the folder where you want to create the workbook. It’s always best to create documents online first.
  2. Select New > Excel workbook, and then select the Book box and rename the file.
  3. Select Share, add the email addresses of those you want to share with, and select Send.When other people open and edit the workbook while you’re working in it, a notification appears at the top and colored flags show where they’re working in the document.

 

Securely share files with colleagues

 

Screenshot of Outlook message compose screen, with Change Permissions selected on attached file.

 

Email a link to an Excel workbook stored in SharePoint or OneDrive for Business to ensure that everyone is viewing and working in the same file.

  1. While composing a message in Outlook, select Message > Include > Attach File on the Ribbon.
  2. Select the file you want to share from the list, or select Browse Web Locations and browse to the file. Then select Insert.
  3. If the file is on SharePoint or OneDrive for Business, select Share as OneDrive link in the How do you want to attach this file? box.
  4. Select the attachment arrow, select Change Permissions, and then select the permission level for the message recipients.

MICROSOFT TEAMS

      

 

Microsoft Teams brings together the full breadth and depth of Office 365, to provide a true chat-based hub for teamwork and give businesses the opportunity to create a more open, fluid, and digital environment. Microsoft Teams is built on existing Microsoft technologies woven together by Office 365 Groups.

Out of the box, Teams leverages identities stored in Azure Active Directory (Azure AD) and integrates with the other services within Office 365, to create a SharePoint online site and an Exchange Online group mailbox for each team created.

The Teams persistent chat capability is provided by a chat service that interacts with the Office 365 substrate, surfacing many of the built-in Office 365 capabilities, such as archiving and eDiscovery to the data being exchanged in Teams.

Teams also provides a calling and meetings experience that is built on the next generation cloud-based infrastructure that is also used by Skype and Skype for Business. These technology investments include Azure-based cloud services for media processing and signaling, H.264 video codec, SILK and Opus audio codec, network resiliency, telemetry, and quality diagnostics.

To extend Teams capabilities, use Connectors, Tabs, and Bots – available as apps, to bring external information, content, and intelligent bot interactions to Teams.

Microsoft Teams and Office 365

Different groups have various needs, based on their functional role and workstyle. Office 365 is designed for the unique workstyle of every group and includes purpose-built, integrated applications, including:

  • Outlook for enterprise-grade email, now with groups functionality
  • SharePoint for sites and portals, intelligent content services, business process automation and enterprise search
  • Yammer for driving company-wide connections
  • Skype for Business as the backbone for enterprise voice and video
  • And now, Microsoft Teams, the new chat-based workspace in Office 365

 

To find out more give us a call 1300 364 722

GLOBAL DATA PROTECTION REGULATION: WHAT IS IT AND WHY SHOULD YOU CARE?

Any business with a customer or client base will be holding data about those people. Whether it’s a big CRM system with thousands of files recording everything from date of birth to how many kids someone has and in depth financial information, or a local shop with a Mailchimp list of first name and email address. The GDPR was put in to place by the EU to protect people’s private information and comes into play as of May 2018. It’s essentially the rules that business’ need to follow in regards to the rights of those whose data you have, and the processes incase a breach does occur. The law relates to data belonging to people from within the EU, and applies to Australian businesses that are holding this data. In essence if you are a selling to a global customer base, you need to listen up.

The GDPR rules in a nutshell:

  1. You must make authorities aware of a breach within 72 hours of it occurring, if it is likely to “result in a risk for the rights and freedoms of individuals”, and notify the clients within 30 days.
  2. Clients can ask about their data. They have a right to know what you’re holding and how it’s being used, and why. If they want a copy of the data then you’re obligated to provide that, at no cost.
  3. Consent for you to collect data can be revoked. At any time, a person can ask you to delete all files and stop using them.
  4. Once your client receives their data, they can pass it onto whomever else they like.
  5. By law, you must have a system that is designed around privacy.

Things to note about GDPR:

  1. If you’re dealing with any businesses in the EU, be particularly mindful of the above. They take GDPR very seriously.
  2. Small businesses in Australia may be exempt from some of the rules. Having said that, it’s still smart to follow them. Cover yourself and your clients.
  3. Data protection isn’t a simple process. Get the help of a professional IT consultant to advise you on what systems to put into place.

The implication of not complying with GDPR rules can be hefty fines at the least. The bottom line here is every business needs top notch security put in place for all their IT systems.

PRODUCT REVIEW: THE CYGNETT CHARGEUP PRO POWERBANK

With the workforce being so mobile today we all know that you can get power banks for your mobiles and tablets, but did you know that you can now get a device to charge your laptop on the go as well? We were recently asked by Cygnett to complete some testing of their ChargeUp Pro USB-C 20,000mAh power bank with a number of new laptop devices.

Here are some of the impressive features from this unit:

Size and design

The unit is available in two colours: black and teal. It’s a sleek exterior design and well-rounded edges.

It feels like a quality product with its protective soft touch shell.

Laptop charging

The device is able to deliver 45 Watt to a compatible power delivery complaint laptop.

These compatible laptops include MacBook Pro, HP X360, Dell XPS13, Lenovo Yoga and HP Gen5 ProBook just to name a few.

Not just for your laptop

This unit also supports your everyday devices via its 2 USB-A ports. Plus it can charge these devices quickly, with up to 27W for phones.

Get your phone, tablet and laptop all charged before that meeting, road trip or flight.

 

This unit has been designed to charge up compatible laptops for the person on the go, which we found worked well across a great range of products. It’s a must have for anyone that is planning a holiday, especially with kids. We found that as a result of the unit’s large capacity we were able to get a very impressive amount of phone and tablet recharges from a single cycle. The unit was given a solid workout over a weekend and the team was extremely impressed with its versatility. A perfect Christmas present for the tech junkie or businessperson!

 

For more information or to purchase a unit check out www.cygnett.com

ONE OF AUSTRALIA’S RICHEST MEN LOST $1 MILLION FROM A PREVENTABLE EMAIL SCAM.

Phishing: what is it and how can you prevent it?

 

Cybercrime can hit anyone, just ask John Kahibetzer the founder of Twynam Agricultural group, who is on the Forbes list of 50 richest Australians. Unlike may more complex cybercrime attacks that involve hacking, ransomware or spyware, Mr Kahibetzer was the victim of robbery via simple deception. Based on reports of the case, here is a summary of what happened: 

Mr Kahlbetzer’s assistant received an email instructing her to transfer $1 million to the bank account of Mr David Aldridge which appeared to have come from the millionaire. Apparently, this was a “reasonably normal” request from the Mr Kahlbetzer to his assistant and as such she immediately made the funds transfer.  

In court, Mr Kahlbetzer’s assistant admitted that with hindsight, that the email was not written in “perfect English” but she hadn’t considered this to be an issue as it appeared that Mr Kahlbetzer may have been emailing whilst in a rush. 

Perhaps if Mr Kahlbetzer’s assistant had noticed that the email was not written in “perfect english” at the time, she may have also noticed that there was an irregularity in Mr Kahlbetzer’s email address. Mr Aldridge had simply created an email address that was almost identical to Mr Kahlbertzer’s actual email address. He then sent the email to the assistant requesting the funds transfer and the rest is now trying to be resolved in the courts. 

This type of cybercrime, also known as ‘whaling’, targets high value individuals such as CEO’s. Using simple, plain text emails with no attachments or links, allows these types of emails to get through traditional antivirus and spam solutions used by most businesses. This is why cybercriminals are increasingly using these types of attacks, added to the fact that the skills required to pull it off are very basic and the potential rewards can be very high.  

Cybercrime is a real business threat to every single Australian business and if you are not being proactive then the likelihood that you will be impacted is high. Minimizing your business risk starts with you and your team. Awareness at the front line is key to any security strategy. Creating awareness within your team, as well as ongoing training and testing helps to minimize attacks such as the one suffered by Mr Kahlbertzer. Get in touch to find out just how easy it is to help secure your business. 

NOTIFIABLE DATA BREACH: WHAT YOU NEED TO KNOW AS AN AUSTRALIAN BUSINESS

Two new data laws have been introduced, set to roll out early this year, which directly effect business owners. You can read about the first one over here if you missed it.

Number two is the Notifiable Data Breach regulations, coming in to effect this February.

What is NDB?

It’s a set of changes to the Privacy laws highlighting that companies need to understand how they store, transmit, secure and use data on their networks. Companies need to notify the appropriate authorities of data breaches within strict time frames of them being discovered. If a company fails to do so, they can face monetary penalties of up to $1.8m and $360,000 for individuals. The law covers who must comply, which data breaches must be notified, how to assess them and how to notify people about breaches correctly.

It applies to all companies in Australia, with some small exemptions made for those turning over less than $3 million.

These laws are stringent and complying with them needs to be a business priority. Is your network secure? Do you know how your data is stored? Would you realise if there’s been a breach? What does a breach even mean? We’ve been working with clients to ensure their systems are ready for when the laws come into place. Don’t risk it- get on top of these regulations if you haven’t done so already!

 

If you need a hand getting your head around all the changes and how they will impact your business, give us a call.