Bullying or harassment in the workplace? Office 365 can help you monitor and prevent it.

You must be thinking about what actually IT has to do with bullying or harassment. Well… According to the Australian Human Rights commission, “cyberbullying is bullying that is done through the use of technology. For example, using the Internet, mobile phone or a camera to hurt or embarrass someone […] It can be shared widely with a lot of people quickly, which is why it is so dangerous and hurtful.” In the modern days we currently live in, technology plays a significant role in what’s considered online violence.

Stats in Australia amongst kids, teenagers and young adults are frightening and the issue is well known. However, most people usually forget that it also happens in the corporate world in the form of racism, sexism, homophobia, just to mention a few.

How can Office 365 help you identify, prevent and block offensive language in communications?

Microsoft released a new feature to its Office 365 suite, New Supervision Offensive Language intelligent filter. The rollout has started in April 2019 and it’s planned to be completed by the end of May, world-wide.

How does it work?

The model uses a combination of machine learning, artificial intelligence, and keywords to identify inappropriate email messages as part of anti-harassment and cyberbullying monitoring requirements. Your organisation can prevent or block offensive language by creating a policy under the data loss prevention section in the Security & Compliance Center, where you can also add policies to secure your business against data leakage, and in there, develop a custom keyword dictionary of offensive terms you want to identify and monitor.

The offensive language model currently supports English keywords and monitors the body of email messages. The model monitors email for sentiment associated with the following types of language:

TypeDescription
ProfanitiesExpressions that are inappropriate and embarrass most people.
SlursExpressions that attack cultures and ethnicities.
TauntsExpressions that taunt, condemn, and ridicule.
References to handicapsExpressions that target physical or mental handicaps.
Squalid languageExpressions that target sexual interests and physical state of cleanliness.
HomophobiaExpressions that target sexual preferences.
RacismExpressions that target race and ethnicity.
ExtremismExpressions that target religion and political ideologies.
DisguiseExpressions for which the meaning or pronunciation is the same as another more offensive term.
Provocative languageExpressions that potentially cause anger or violence.
TabooExpressions that are generally not appropriate in polite societal communications.
Unrefined languageExpressions that lack polite manners and that are potentially harsh and rude.

How to enable this type of supervision policy?

If you are a Bremmar client, we will have to set it up for you as we manage our clients’ Office 365 subscriptions so just let us know and we can enable it for your business. If you are not a Bremmar client, please ask your IT Team or IT provider and they can set it up for you or guide you through the process.

What licenses are required to use Supervision?

All users monitored by supervision policies must have either a Microsoft 365 E5 license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. The advanced Compliance Add-on can be added to any Office 365 E3 Subscription. If you don’t have any of the above licenses and want to try supervision, a trial can be set up for your organisation. Please contact us more information.

What else can you do with Supervision?

The new supervision solution aims to simplify and streamline compliance tools in the workplace to help organisations meet their monitoring and compliance obligations. You can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organisation to ensure corporate policies are being met, risk management is being addressed and your business is complying with regulatory compliance.

This is a brief overview of how the Supervision solution might help with your organisation’s HR and Compliance policies and goals, however, we will dive deeper into the solution in future articles.

In the meantime, if you have any questions or would like to see how it would work in your organisation, fill in the form below or call in at 1300 991 351 and we can book a consultation and demo for you!

New Call-to-action

Book a consultation to discuss your Office 365 needs!

[gravityform id=”1″ title=”false” description=”false”]

Some of Microsoft’s most popular products are nearing the end of their supported lifecycle: MS Windows 7, Server 2008 and SQL 2008. Is your business ready?

When a critical software bug or security vulnerability impacts your business, the last thing you want to hear from your helpdesk is “Sorry, your product is no longer supported”. That’s why it’s so important to keep your software up-to-date and under support. However, this isn’t always as straightforward as it sounds.

Microsoft products typically remain under mainstream support for five years after general availability. Upon completion of those five years, the product moves into extended support for another five years, meaning that Microsoft will still release patches and security fixes for bugs or any vulnerabilities, however, only the most critical security vulnerabilities will be patched at no cost and you must pay for non-critical patches and telephone support.

This situation was made more complex when Microsoft started releasing Service Packs, which are basically Windows updates that make the Operating System (OS) more reliable. When a Service Pack was released, the mainstream support period for the unpatched OS would end two years after the release of the Service Pack, while the patched OS would retain its original 5-year mainstream support period. Service packs are no longer an offering. Windows 10 and the new Server 2016 are now based on feature update versions and the lifecycle is much shorter than 5 years.

To further complicate matters, Microsoft also offers a Modern Lifecycle Policy support model, which means the product will be supported indefinitely if you pay for Software Assurance (SA). However, Microsoft charges a premium price for this service and can terminate this support policy with only 12 months’ notice.

To help guide you through this policy maze, we’ve identified the three high priority Microsoft products that will go end-of-life in 2019 and 2020, along with the support and security implications you face if you become unsupported and the steps you should take to ensure your business is not disrupted.

1. Microsoft Windows 7 (or any version of Windows before Windows 10)

Support for Windows 7 (released in October 2009) ends on 14th January 2020. After this date, technical assistance and security updates will no longer be available. If you continue to use Windows 7 after support has ended you will be vulnerable to malware and security threats. This is particularly relevant in light of the Notifiable Data Breach scheme (Australia’s new cyber-security laws).

If you’re still running Windows 7, then it’s likely your PC is old and outdated, meaning upgrading to a new computer would be the most sensible solution. A new PC with Windows 10 will be faster, more powerful and more secure.

With the increasing number of attacks documented in Australia per year and the severity of the consequences, this is considered a basic security measure and it just doesn’t make sense to keep an outdated Operating System that will expose your business to threats. If you are a Bremmar client, your Client Information Systems Manager will be in contact to discuss the possible options for your business and guide you in the right direction so you are prepared before the cut-over date and can avoid any possible risks.

2. Microsoft Windows Server 2008 (on-premise and cloud)

Support for MS Windows Server 2008 (released in February 2008) ends on 14th January 2020. After this date, Microsoft will no longer accept warranty claims, provide bug fixes and security patches, or offer any type of technical assistance. If you’re running a business, this leaves your data vulnerable to hackers and cyber-criminals.

Your available options are to either pay for Microsoft premium support, which is not the most cost-efficient solution in the long run, or upgrade to a new operating system. You might also consider updating your infrastructure to benefit from the powerful new virtualisation features available in the latest Windows Server 2016 operating system.

For Bremmar clients, the optimum approach will be evaluated on a case-by-case basis depending on your business infrastructure. Your Bremmar Information Systems Manager (ISM) will be in touch to discuss your options and help you determine the best way to proceed. Planning and implementing these changes can be a lengthy and complex process, so we recommend allocating at least six months to allow for unexpected delays and challenges.

3. Microsoft SQL Server 2008 and SQL Server 2008 R2

Mainstream support for SQL Server 2008 (released in June 2008) ended on 8th July 2014, and extended support for SQL Server 2008 R2 will end on 9th July 2019. After this date, Microsoft will release no further patches or security updates for any version of SQL Server 2008 or 2008 R2, which means you may no longer comply with data protection and cyber-security regulations.

Upgrading your SQL Server will ensure that your product remains fully supported and you will also benefit from a range of product enhancements, bug fixes and security improvements that come with the latest software version.

For Bremmar clients, the best upgrade path will be assessed on a case-by-case basis depending on your business infrastructure and applications. For example, ConnectWise may be incompatible with SQL Server 2008 after the extended support period ends. Your Bremmar ISM will be in touch to discuss possible options and help you determine the best way forward.

Premium Support

While it’s not an approach we recommend due to the high cost, Microsoft does also offer a Premium Assurance plan for Windows Server and SQL Server. This support offering provides patches for critical bugs for a six-year period following the end of extended support, meaning Windows Server 2008 R2 can be supported until 2026 and SQL Server 2008 can be supported until 2025. The fee for Premium Assurance can be up to 12% of your current licence costs, depending on when you place the order.

Conclusion

As we approach the second half of 2018, it’s essential to prioritise these critical Microsoft upgrades to ensure your business data remains secure and compliant in the years ahead. Some of these updates can be lengthy and complex, so your business should start preparing for them now and avoid any last minute, rushed decisions.

To discuss your options, call Bremmar today on 1300-991-351 or email help@bremmar.com.au.

sign up to security information

The mystery behind turning it off and back on again

If you’ve ever contacted IT support to report a problem with your computer, then there’s a good chance you’ve heard that question many times. It’s become a bit of a cliché, even forming the basis of the popular British sitcom ‘The IT Crowd’, but the truth is that turning it off and back on again really does solve many IT problems.

Yes, we all know that frustrating feeling when the support technician asks you to power down your device and restart it, but there’s a very good reason for the request. They don’t say it just to annoy you – they’re simply trying to rule out some of the most common causes of PC problems.

The truth is, a reboot should be the first thing you attempt if you’re experiencing problems such as applications running slowly, overheating, minor bugs, or printer, network and Wi-Fi connection issues. We even recommend to try it before you contact your support desk as it can save your business some money spent on IT support!

So why does it work so effectively?

      1- Well, after your computer has been running for a long period of time, you’ve probably opened and closed dozens of applications. It’s likely your browser has visited hundreds of websites, and perhaps you’ve also installed or removed some software.

     2- Each of these tasks consumes background resources and leaves behind remnants of the process in your computer’s long-term and short-term memory. This leads to memory fragmentation and eventually clogs up your hard disk and RAM with unnecessary data.

      3- After a while, your system starts to slow down, programs don’t run efficiently, and you experience glitches and error messages. If this continues for long enough, your active applications can no longer find sufficient free memory to operate properly and your computer will begin to freeze, lag, or crash altogether.

     4- When you restart your PC, all of this extraneous data is deleted, and your computer reinitialises with a cleaner, faster, more efficient operating system.  The memory is cleared and any previously frozen tasks or locked files are unlocked. And this logic also applies to other digital devices like smartphones, tablets, Wi-Fi routers, and even your television.

Reboot every device – phones, PCs and tablets.

For desktop computers, there’s normally a shutdown or restart menu option you can use to reboot the system. For tablets and smartphones, you’ll typically have to hold down one or more buttons on the device for several seconds. And for other consumer electronics such as TVs and routers, you may have to physically disconnect and reconnect the power supply. These are all variations of ‘turning it off and back on again’.

So next time you’re experiencing issues with your computer, you know what to do. In fact, it’s a good idea to restart your PC at least once a week as a preventative measure to keep everything running smoothly.

Bremmar works hard to help businesses grow and achieve a competitive advantage through IT. If you would like to know how Bremmar Managed Services could help your business simply contact us today on 1300 991 351 or email help@bremmar.com.au

 

Cyber-attacks to rise in 2018: A quick guide to help you protect your organisation.

A recent report from Deloitte shows that Australian institutions face the highest risk of cybercrime in the Asia Pacific region. Ironically, the reason why we are heavily targeted is because our IT infrastructure is so well developed. The prevalence of interconnected systems and devices increases the risk of organisations being affected by cyber-attack. Countries with advanced technology infrastructure such as Japan, Korea and Australia are nine times more vulnerable than other economies.

A lack of dedicated cyber-security specialists is also to blame. Individuals with the right skills and experience are expensive and hard to find. This allows cyber-criminals to more easily use social engineering tactics to exploit inadequate internal controls and trick employees into revealing sensitive information.

Be aware of social engineering – The art of deception

Social engineering involves using social interactions to build trust with an individual in order to gather information. With a basic understanding of your corporate structure, along with information gained from social media, hackers can easily engineer targeted, personalised attacks on specific employees. This can also lead to identity theft, where an attacker uses that personal information to commit fraud.

Identifying social engineering attacks

There are countless types and variations of social engineering. However, some are more common and targeted to the corporate space. Keep an eye out for:

1 – Email from someone you know – Your boss, a colleague or a friend: The hacker manages to get access to a person’s email password and gains control of the email account sending malicious emails to all contacts. As most people have the same passwords for many accounts, most hackers also get access to a person’s social network.

2 – A Business Email Compromise (BEC) attack: This is a common form of social engineering whereby cyber-criminals impersonate a senior business leader such as the CEO, attempting to persuade an employee or business partner to transfer money or reveal sensitive information. These attacks are highly focused and targeted to specific employees, which makes them hard to recognise and helps them to slip through spam filters.

This messages will trigger:

  • Curiosity: As the link comes from a known source, it’s very likely that the reader will get curious and will just click on the link. The result? The reader is now infected will with malware and the hacker will probably get gain access to the reader’s contacts to keep spreading the virus malware.
  • Trust: When a friend or a colleague sends you a photo or a document, the first reaction is to open it, even if the reader has no idea what the file is about. Same as above, by doing it so, the computer will be infected and the malware or virus propagated to the reader’s contacts.

Attackers are being very successful with these methods as emails seem legit legitimate and from known sources. In my opinion, these emails are hard to spot and can easily get you while you are in a rush and don’t have time to verify the information. The general rule of thumb is, if you were not expecting an email from a colleague or friend with a link or downloadable material, check before clicking!

3 – Phishing: This is another common form of cyber-attack. It occurs when criminals use a fraudulent website, email, SMS and or social media to obtain sensitive personal information, such as passwords and financial data. The fraudulent site or messages looks legitimate and victims usually fall into this trap as the messages appear to come from a respected organisation like PayPal or Westpac.

Most data breaches come from phishing and is the most exploited form of social engineering.

These messages usually will present the reader with a scenario, such as:

  • The message will present the reader with a problem and will require the person to “verify” some sort of information by clicking on the displayed link and providing information in their form. The link and forms usually look legit and most likely, will have a warning for the person to act soon, that’s how hackers get readers to act on impulse.
  • The reader will receive a message asking for help or support for charity and humanitarian causes, such as natural disasters. With so many political and religious issues around the world, charitable work has become more popular and hackers are taking advantage of peoples’ goodwill.
  • Prize or winner message from a lottery or a dead an inheritance from a relative. The message on the email will request either the reader’s bank details to transfer the money to, or the reader’s personal information, such as your Tax file number, to prove who they are. The result is straightforward if the reader follows the hacker’s instruction, the reader’s identity will be stolen and subsequently, their bank account emptied compromised.

Don’t become a victim

Automatic email filters can identify and block some of these suspicious emails, but as hackers grow more sophisticated their emails become harder to spot. Even the best email filters will let some messages through. That’s why it’s essential for employees to be able to qualify the legitimacy of emails – for example, CBA will never send an email from a Hotmail address, or ask someone to provide their password via email.

Some of the basics of business security…

  • Attachments to emails from an unknown contact should never be opened, especially if they are executable files. These files often contain malware – malicious software designed to damage your operating system, steal documents information, or install keyloggers that track every keystroke and take snapshots of your desktop.
  • In doubt, contact your IT support as hackers can even spoof the sender details, making a message appear as if it comes from a known contact. For this reason, unexpected requests for funding or financial information should also be treated with caution.
  • Develop a comprehensive security policy that addresses both people and technology. Employee education is paramount, and cyber-security training should be compulsory for all staff members. Train your teams and reward their efforts when they successfully block or identify cyber-attacks, as this will encourage them to become security advocates.
  • Update, update, update! It’s no easy task to properly configure firewalls and email filters for maximum security, keep computers, software and applications updated, however, this is key for the ongoing protection of your business. Make sure your business has a dedicated IT security engineer or an IT provider to keep your IT system on track.
  • Perform regular backups. We highly recommend external backups to the cloud in the case your business gets infected and you temporarily lose access to files and documents.
  • Conduct tests. Humans need to be trained, so if your business has already established a security policy and staff training, make sure you test the level of security within your business. Become a hacker for a day and send random emails to see if there are any gaps. Don’t forget to praise those that block any sort of attack.
  • Ongoing training and communication. Pretty much every week there’s a new virus or new attempt to target corporations. Make sure your business is on top of it with occasional security training and regular notifications to all staff members when a virus is doing the rounds.
  • Slow down. Hackers are targeting impulsive responses with messages of urgency or people that are time poor. An email probably won’t deal with a life-death situation, so it can wait. Take a deep breath and go back to any emails you are unsure about after 10 minutes.

In today’s competitive environment, sourcing a dedicated IT security engineer can be difficult and expensive. It’s no easy task to keep everything up and running properly as well as keeping all systems updated. It’s even harder to create, enforce and develop an internal culture where security is one of the top priorities.

If your resources are limited and you want to make sure your business is protected against the increasing number of cyber-attacks in Australia, it might be a good idea to outsource your cyber-security needs to an experienced IT support provider. If you’d like to know more, then contact Bremmar today on 1300 991 351 or email help@bremmar.com.au.

is your business prepared to defend itself against cyber risks?