Author: Matt Sutherland

  1. Homepage
  2. Matt Sutherland
3 Habit Changes in 2020 That Have Stuck 4 Weeks Later

MyAnalytics is built into Microsoft Office 365 to provide some insight into your work habits to help you work smarter. Having fully established Ryve IT in November 2019, I felt like the new year slowdown period was a good time to sit down and think about the goals that I had for the new year. Sound familiar?

Having listened to a fantastic podcast episode by Jay Shetty – The 4-Tier Framework To Effective Goal Setting & Why You’ve Failed In The Past – I went with the idea of changing habits rather than setting new years resolutions to make a raft of changes in  2020. The habits were rather simple, and only a few to stick with:

  1. Wake up at 5AM (on work days!)
  2. Have more “Quiet Days” from MyAnalytics than not
  3. Learn something new each day

Pretty simple right? The idea is that by changing some of these habits, the goals that we wish to achieve will naturally progress by doing the things that we believe are stepping stones to reaching those milestones. Typically we set ourselves lofty goals for the new year. Losing weight, and getting fitter, reading 11ty billion books, growing our small business, etc. The trouble is, these are a flash in the pan at the start of the new year and there isn’t anything you typically can do to start working towards them.

Wake up at 5AM

This has worked wonders because I’m waking up early (which I do not like!), and if you don’t achieve something you feel its a waste. So that sets me off in the morning to try and achieve something before the rest of the house wakes. Three times per week, I try to get along to a 6AM Muay Thai class to work on that fitness thing. Other days, I’ll get a head start on the work day if I feel I’m behind, or watch some training courses online. No set things, just go with the flow of the morning which makes it feel less of a chore, and more likely to go again the next day!

Have more “Quiet Days”

Microsoft have been sending me emails for a few months now on my work habits. I typically have a hard time switching off from work, its always been that way. Receiving emails once a month with a summary of my “Wellbeing” that includes Quiet Days has gamified the process of not working during the quiet time.

Quiet days are based on the meeting, email, chat and calls activity outside your working hours as set in Outlook. ​

Again, setting a habit has resulting in changes – but they weren’t necessarily set with a specific goal in mind. Its meant more time to focus on family time at home without carrying my phone around all the time, and also increasing the time spent listening to podcasts and doing online training. Positive changes all round!

Learn something new each day

By now, this is easy. Having carved out time with waking up at 5AM and not being a slave to meetings, email and chat. This habit is also quite practical when thinking about the bigger, long term (for 2020) goals that I probably would have set. Learning new things has an ability to change your perspective on things, so this framework of habits changed allows for fluid goals based on what I have been learning.

Make sure you get your Podcasts lined up on Spotify and MyAnalytics enabled in Office 365 ASAP!

Read more
The importance of passive protection for small businesses

I’m the type of person that needs a catalyst in order to write something – a spark. A real world, practical problem that I can contribute towards a solution.

In the past few weeks, I have spoken to several small business owners or managers that are concerned about their data, customer list, or what impact a mischievous change can make to their service delivery. It has come up plenty of times over the years working in IT, being asked to investigate access to systems and data to try and understand who, what and where.

Have you ever had someone interview for a position bragging about being able to bring a client list with them?

The trouble with old school technology is – you can’t easily get that information. There are lots of third party applications that can overlay on servers and networks that will get that information, but its hugely expensive and costly to maintain. The worst part about working through this with clients is that its playing on a fear that something negative is happening within their business, taking away valuable time from what they want to be doing. Its not constructive at all and it never gives me any enjoyment to be working through this process with them.

However, with the advent of the cloud, many of these expensive and complex information and security management features are being baked in. They must. Microsoft has 120,000,000 active users on Office 365 currently, from companies with one account all the way up to tens of thousands. The Enterprise client requires much more sophisticated security and visibility on what is happening in their environment. These services are available to all small businesses also.

So, back to the problem. How do you know when someone is stealing information? Often the type of person that really wants to get this information will do what they need to. Take photos of a computer screen or documents, send emails to their personal account with company IP, or taking data on a USB key, etc.
There are methods to prevent this data loss, but the most critical aspect is that they are passive. They are invisible to the end user until its too late. Whether it be auditing that happens behind the scenes that they are not aware of, or data encryption that unlocks automatically every time they open the information (without them knowing).
If you put a road block in front of someone, they will find a way around it. If they don’t know the block is there, they aren’t able to engineer a workaround.

Information is power – that is why you want to protect your data.

Doing so passively allows you to collect data on what that person is doing so you get a true understanding of what is happening.

Most business owners and managers would identify with the web browsing conundrum – do you block Social Media sites on the business network, or allow it and monitor who is stealing time? If you block, they will probably just use their smartphone!

Read more
Accessing shared mailboxes on mobile devices without a license

It has long been a pain point amongst small business users of Office 365 – accessing a Shared Mailbox (which has no licensing fee) from a mobile device. There are workarounds that involve using IMAP or adding an Exchange Online Plan 1 license, but that adds complexity or cost.

Microsoft 365 Roadmap items 32571 and 32572 enable Outlook users on the mobile device to add a shared mailbox without the cost and complexity!

It was such an awesome discovery that was quite timely, having discussed with two clients during the week to move to a one to one Office 365 identity relationship (no shared Office 365 accounts!).

In one instance, a shared info@ account needs to be accessible on a mobile device between two people, which is why they use it as their primary account. Having to add an additional Exchange Online Plan 1 license was a possible solution, but even though its only a small cost – it does cause some friction.

It makes it so much easier moving forward to help move small business customers to using an identity driven security configuration on Office 365 with enhancements like this.

If you’re not using Outlook for iOS or Outlook for Android – I highly recommend you switch over from the native mail app on your phone to take advantage of this, and other security related features that you may want to use in the future.

Read more
6 Ways You Can Protect Yourself From Cyber-Crime

Living in the digital age means that our personal information is more vulnerable than ever.  According to a recent analysis, 86% of people use passwords that have already been cracked.

This also has a significant impact on business.  A recent report shows that 54% of firms had their network or data compromised in 2018.  So, if your firm hasn’t been involved in attack then it’s likely to be your turn soon.  Recovering from a cyber-attack can be incredibly costly, with the average cost estimated at $5 million.  What’s the most harrowing of all is that 60% of small businesses can experience a major cybercrime incident, go out of business shortly after.

Prevention is always better than a cure.  So here are 6 key ways that you can protect yourself from cyber-crime.

1. Create a secure password!

This is a case where size really does matter.  Password length is the biggest factor impacting password strength.  We recommend a minimum of 18 characters, but more is better.

Despite popular opinion (and many websites forcing you into it), the use of special characters, numbers and different cases does little to increase the strength of a password.  The best way to create a secure (and memorable) password is to use a familiar phrase that you can turn into a secure password. For example:

 “The quick brown fox jumps over the lazy dog”

Turn this into a password such as “Tqbfjotld” and you have a more secure password that should be relatively easy to remember. Adding additional numbers or characters may also help, the longer the better!

2. Setup Multi-factor authentication

Most services allow the use of multifactor authentication in some form and is now considered more important than a strong password. Multifactor is often one of:

  • Something you know (such as a password)
  • Something you have (such as a onetime token generator like Google Authentication or setting up SMS tokens)
  • Something you are (such as a fingerprint, facial recognition or other biometric method)

You should have at least two of these factors for every account that you own.  Have you heard in the news recently about people who are having their mobile phone number ported to a new provider and their bank accounts being cleared out? This is not just a problem in business, it could impact anyone.

3. Check whether your password is already in the hands of hackers

If you use the internet at all then there’s a high chance your username or password information has been compromised.  Many major websites have undergone security breaches over recent years including the likes of LinkedIn, Dropbox, Instagram, Snapchat, and Adobe.

When websites are hacked into, cyber criminals collect the usernames and the passwords of members and add these to their database.  According to some sources, this list contains 773 million unique email addresses and 21 million unique passwords.  Cyber criminals may exploit these stolen credentials themselves or sell them for big money on the dark web, either way, it’s not a pretty picture.

So what can you do?  Security expert, Troy Hunt, has created a free online service which lets you type in your email address or password(s) and learn whether data has been breached (exposed to people that should not be able to view it).  The website is called have i been pwned? and we highly recommend you pay a visit.

One of the staff at Ryve did this test themselves and one of the passwords they had been using had been breached a whopping 48 times.  We advised them to change this password on any website where it was still in use and to stop using it going forward.

4. Setup notifications for when your username or password become compromised

Troy Hunt’s cyber security website also allows you to enter your email address and be notified of any future breaches of your login information.  We recommend you doing this with all the email accounts you use at both work and home so that you can change your password as soon as a breach occurs, and prevent something more sinister from happening. If you want to cover all your business email accounts, we can assist in setting up a service that monitors your business domain (e.g. ryve.com.au).

5. Don’t allow your web browser to remember all your passwords

We know it saves time but if you’re using chrome and your Google account gets hacked ALL your passwords are visible.  To repair the situation, you will then have to reset your password on all the websites in question.

In the case of Firefox or Safari passwords are saved in your browser settings under security, so if someone has access to the device, they can open all the passwords without a login.  The key point to remember here is that hackers don’t require physical access to your device to get hold of this data.  They can also access this information remote access plugins, trojan’s or malware which you may inadvertently install on your computer whilst browsing the internet.  If you want to save time remembering passwords, then encrypted password management systems (discussed above) are a much better way to go.

6. Setup a password management system

If you’re like many people it’s become so difficult to remember all your passwords that you now have them all written down on a piece of paper which sits in the top drawer of your desk, or you have a word file that sits on your computer.  You’re aware of the shortcomings of this method but you don’t have time to deal with the problem.

This is where password management systems come into play.  The good ones are set up with multiple layers of encryption so they can’t be hacked.  In a future blog, we’ll discuss the pros and cons of some the various password management systems on offer, so you can make an informed choice over which one to implement.

Concluding thoughts..

So whether you’re an individual concerned about protecting your identity online or a business owner concerned about the long jeopardy of your company are a good place to start. In future articles will delve deeper into what you can do at a business level to prevent your business from becoming victim to a cyber attack.

Read more
IT security for the modern small business

The reputation of any organisation can be ruined very quickly, with the advent of the internet accelerating communication on all fronts. Every organisation is now more at risk than ever as we all begin to react to one of the fastest growing industries world wide – cyber-crime. Knowledge or IP loss is one of the scariest because control is lost once data has been released. We see the recognition of the severity of such a problem with the legislative responses such as General Data Protection Regulation (GDRP) in Europe, and the amendments made in the Australian Privacy Act in 2018 to included Notifiable Data Breach scheme (NDB) laws. There is a consensus that, worldwide, the treatment of personal information is extremely poor.

Data and information are extremely powerful and more than ever, we are using data to drive decision making. Knowledge is power, after all. Knowledge in the wrong hands is extremely powerful for cyber criminals, allowing a higher possibility of exploitation for gain.

Technology is moving very quickly, those that lag in the evolution of how we use technology are most exposed. What worked three years ago is no longer good enough. Ransomware, phishing, and targeted attacks  are a business for some and they are extremely well versed in social engineering and convincing those less tech-inclined individuals to provide credentials and sensitive information.

The modern workplace demands a higher level of security than ever before. Security needs to be inherent in any solution that is implemented to prevent knowledge loss.

If you’re not asking about the security of a solution and drilling into this as much as the functionality of a solution, you are putting your business at risk and will suffer somehow, at some point. The trouble is, the cost of keeping the lights on is rising everywhere – cost of living, wages, petrol, and technology just to name a few. How do you continue to ensure your data is secure?

Small and medium organisations need to run lean to remain competitive, their operational costs need to be efficient and streamlined so they can spend as much of their budget on delivering the services that drive the business. We understand this; however, we also understand the cyber security risks currently prevalent to many small and medium businesses and how to prevent them- as the best solution is prevention. Sometimes, data cannot be salvaged after an attack.

Read more
11 Ways Cyber Criminals Can Attack

Protect yourself by being aware

Online and cyber security is a massive issue currently and will likely increase into the future. The changes to the Australian Privacy Act to included Notifiable Data Breach scheme (NDB) laws and General Data Protection Regulation (GDRP) are two examples of a legislative response by government. If you’re an Australian business – you’re a target. If it hasn’t happened already, statistically at some point, you will be impacted by a malicious attack. It could be ransomware, phishing or a virus. At Ryve, our professional IT team ,often see organisations reacting to an incident which, at the end of the day, costs them significantly more than implementing proactive security measures.

Whilst this blog post may not convince you that a compelling event is imminent, it may help you understand that being a cyber criminal is a JOB for some people. Yes, you read that right, a job. No doubt it carries the same sort of characteristics as your given profession. Think about that for a moment, and take in the fact that someone out there is as skilled as you are in your field, at trying to exploit your people and technology for money. Cyber criminal activity is serious enough for the government to legislate on it.

Phishing is by far the biggest risk around recently. Hopefully, you have the time to read this blog and find it informative – although if you’re as busy as I am, just read the next sentence – the “TL;DR:” version.

Unless you are expecting the content you have received, in the context that you have received it, from the contact you received it from – it is probably malicious. It’s okay to trust, but you must verify.

Like most iterations of viruses, exploitation of software vulnerabilities and other malware; these cyber criminals and organisations are always working on new ways to achieve their goals. As such, there is a lot of different techniques and methods that we commonly see, although the following are most common and it’s worth being aware of them.

1. Spear Phishing

An extremely targeted method of attack that is often researched and personalised by the cybercriminal to appear as genuine content and trick the person. The most common method that we have seen of spear phishing is an impersonation of a CEO/CFO sending an email to the accounts person requesting an urgent bank transfer. The other is asking to purchase iTunes gift vouchers, scratch the codes and send a photo.

2. Email & Spam

Emails and Spam are becoming less effective due to filtering technology;. however, they can be so successful due to the ability to automate the delivery of malicious content to so many individuals with relative ease. Often content is from an official source such as Australia Post, the Australian Federal Police or utility companies suggesting that you have a package, a fine or an outstanding account.

3. Phishing Websites

It takes minimal effort to spin up a web server full of dodgy code to make a phishing website. Often this code can be fed through from emails appearing to be an official source. Another method is a web-based man ‘in the middle’ type of attack that occurs between the original, genuine site and the phishing website[R1] . Often they will collect information as the user continues to fill it in, or will prompt you to log in – continually failing your attempts to obtain a number of your passwords.

4. Deceptive Website Links

Often when you receive an email, it may have a link to a website.  The text of the link can be configured differently to the actual link that opens when you click on it – sending you to an unexpected site. If in doubt – hover over the link text and make sure it matches. Pay particular attention to the domain (e.g. www.ryve.com.au).

5. Malvertising

When you visit a website, it will often load content from a lot of different sources. This could be harmless (but annoying) advertisements, or other additional content (think embedded YouTube videos). These sites can sometimes inadvertently be impacted by dodgy advertising running scripts, or even vulnerabilities from Adobe PDF or Flash embedded content.

6. Keyloggers

Keyloggers are less frequent due to the complexity of getting it onto a machine, although it’s often delivered via malware and keyloggers essentially log every keystroke that you make on the keyboard, and send the information back to a central store. So if you got to log in to your email, it could track the web URL, the username and password being entered.

7. Trojan

Trojans horse malware will allow unauthorised access to your machine or user account to collect more details before being transmitted to the cybercriminals. Often the malware is delivered through a series of misleading actions or other malware.

8. Phishing via Search Engines

Website rankings are designed to try and weed out these sites, but it is possible to structure a website so that it climbs search engine rankings to mislead users. It could be slightly different website links that have pages that look very similar. The most common ones will be targeting popular search terms for maximum impact.

9. Vishing

Vishing is the telephone equivalent of phishing, where scammers call on your home or mobile phone. This has become increasingly popular in recent times, with examples of Telstra calling and saying they will cut off internet connections and asking people to verify their identity. Microsoft technical support is another common one. A rather amusing revenge video against a vishing scam on YouTube from “Nicole Mayhem” is a good watch.

10. Smishing

SMS based phishing, often containing a link that we may innocently click on which launches an attack on our mobile phones. Malware is designed to then infiltrate vulnerabilities on mobile devices for various reasons.

11. Ransomware

Ransomware can be delivered by a number of the previously mentioned attacks and encrypts all your personal and network data to demand a monetary sum to decrypt your data. These attacks are becoming more sophisticated, some even being manually run by hackers with backups being paused or deleted prior.

There are plenty more different methods and techniques, but these are some of the common ones. We hope you find this information useful, and should you want to check, upgrade or have your IT security managed by RYVE, contact us today.

Read more
Five IT Tips for Small Business

Running a small business can be busy and often keeping complex tasks simple is quite challenging. Yet technology keeps evolving and when harnessed right, it can be of great benefit and efficiency- or a headache. Being aware of the following five tips for small businesses can help add efficiency to your organisation.

The profile of people in your organisation is changing

The next generation is coming through, and they work very differently to the one before it, and the one before that. We will start to see several different people who come into your business that have been born with modern technology. If you don’t ensure you are keeping pace, you might lock yourself away from some of the best talent. But that also leads into;

Provide the tools, or they will get their own.

If you don’t provide people with the tools that they need or want, they will get their own. Whilst this is certainly not malicious, it is a very real risk of knowledge loss for your organisation. You need to have a technology stack that enables people to work the way they want and make sure they understand why those tools are in place.

Security is a shared responsibility

If you’re not confident with your security, there is some work to be done. Your staff need to understand the impact of a knowledge loss, and their part to play. Communication is a key, and training must be a continuous improvement process to provide the best level of protection.

IT is NOT responsible for your security. However, they must be involved across all aspects at an operational level to provide strategic direction and drive the outcomes. If you don’t have this, find it. Fast.

Choose a technology vendor, and stick with them

Chose Microsoft, chose Google-whatever suits your situation. Look at their stack, it is surprising what solutions they have already, with more being added at a rapid rate. Look at the innovation that they are providing and the level of integration. Integration is important to ensuring security when data is moving. If you need something new – make sure that you give preference to the integrated solution (either from that vendor, or ensuring they natively integrate). The middleware and “not quite a fit” solutions are often the most expensive. If you’re unsure which is best for you, contact us and we can advise depending on your needs.

Often, it’s better to change the process

You’ve identified a problem and found a technology solution to resolve it- will it give you the best outcome? Challenge why you have that problem objectively and you may find that it’s easier to change the people or process than the technology. Always implement based on best practice.

Keep your IT current

You must be up to date. Staying still is moving backwards. The longer you spend behind the technology status quo, the risk snowballs quickly. If you’re not up to date, a security incident will occur that will cost you more as a reaction to the incident than it will to become up to date. Being strategic in staying current allows you to make controlled decisions and manage your investment for greater impact.

Each of these points are designed to keep it simple. Simple saves money, and when you’re running a small business – keeping things simple is critical. For help managing your IT system solutions contact Ryve today.

Read more

Check out our amazing newsletter!

* Personal information will be encrypted

About Us

Ryve has been providing technology services to Residential and Commercial customers since 2002. We are committed to delivering value to our clients, on every job, every time. We take the extra steps to exceed your expectations.

Connect with us

© Copyright 2020 Ryve. Designed by Zelesco Consulting.