All posts by admin

Two Factor Authentication

What is Two-Factor Authentication?

Ok to start with we thought we should explain the word “factor”, when we use the word “Factor” it means piece of information. So if a system requires two “factor” authentication it requires two pieces of information in order for you to access that system. An everyday example of two-factor authentication is EFTPOS: it has a PIN, and a card.

Most of the time the single factor would be a password, when you have other factors these could be a pin code, your fingerprint, or other biometric aspects such as your signature or a physical item such as a key, or a chipcard. Each additional factor makes it harder for someone to guess their way in.

Why would I implement this ..?

Some people are duped via email into typing their email username and password into webpages in order to allow them access to some sort of attachment… If a user enters their username and password into one of these “phishing” sites they will generally find that their email will be compromised and potentially used by hackers to spread all manner nasties to all of their contacts and more.

This is where 2 factor authentication comes in to save the day… If this user (the one that had entered their username and password in the Phishing page) had 2 factor authentication the “hacker” would require the other “factor” in order to access their email etc. As they would not have that, their email would still be safe and the hackers would get nothing!

How does it impact me when I am logging on ?

Once setup you won’t be bothered by your phone or by your desktop email software every time you open your email to read it.. we don’t want you getting frustrated by the process and if hackers have your phone or desktop computer you have far more serious issues to deal with..

It will only be when you access your email via a webpage or with a new device (the same way the hackers will be trying to get into your email) that the 2 factor authentication will kick in..

Why should you use it?

You’re already using it, every day, why not extend it to your personal and business data? At IT Engine, all staff are required to use two-factor authentication because we need to protect our data, our assets, and the data of our clients.

How can I implement this?

If your email is with Microsoft in office365 then this “2 factor authentication” can be setup by your IT team to be both effective and minimally intrusive.

Talk to us, chances are most of your systems have the capability to use two-factor authentication. It just needs to be turned on, and accompanied by some training to ensure a smooth transition.

Five sensible ideas for employee mobile phone use

Mobile phones can be good for business, but they also present challenges. These include security risks, inappropriate use and questions over data ownership. With a sensible policy you can mitigate the risks and reap the rewards.

Mobile management of staff is a complex area, since it combines business and personal issues. Mobile phones are highly personal devices. Studies have shown that some users would rather lose a partner than their phone! Yet phones are also useful, and sometimes essential, in the workplace.

If you provide work phones for your staff, or allow them to use their personal phones when at work, you need a clear policy on their use. Otherwise, each phone represents a huge risk and a big hole in your IT security strategy. Here are some ideas to get you started.

1. Make security a top priority. Explain the risks to your staff. Tell them what could happen if their phones are lost or compromised. Loss of company data, hacking, perhaps legal repercussions – all of these are possible. Ensure that all phones are PIN-protected at all times. Phones must not be jailbroken or rooted (hacked to run unauthorised apps). Explain that phones are powerful, portable computers that connect your central IT system to the outside world. They must be kept secure.

2. Use mobile management software. There are tools available that will let you see – and control – what users install on their phones. This is important because some apps contain malware that could compromise your entire network. Other mobile management tools allow you to locate stolen or missing phones. Remote wiping is also an option to prevent data being compromised.

3. Protect your investment. Phone cases are cheap but effective. Yes, a shiny new iPhone might be pretty to look at, but it’s not so pretty with a cracked screen! Phones are far more likely to be damaged without a case or cover to protect them. Think about insurance too: if a phone is lost or broken, who’s responsible? Who pays? This must all be decided in advance to avoid confusion.

4. Enforce phone etiquette. It’s not just about politeness, but data security too. Employees should leave meetings if they have to take a call or respond to texts. There should be restrictions on backing up personal data to work computers (30GB of iTunes content is an unnecessary network burden). Sometimes common sense is also a legal requirement – no employee should be using a phone while driving, for example.

5. Retain access to your firm’s data. If an employee leaves your company under a cloud, what happens to the data on their phone? Can you retrieve it? What if they were using their phone for company work? Who owns the data then? You need plans for these unfortunate possibilities.

Delia Gill of Wellington-based IT Engine advises companies to set out clear rules from the start. “Have a mobile phone policy, and make sure it covers all the bases,” she says. “Every employee should read it and sign that they accept its terms. Mobile phones are useful business tools, but only if they’re properly managed.”

If you don’t have a mobile phone policy, ask your IT provider for help in creating one. The sooner you act, the better.

The Difference’s between Window 10 s and Windows 10 Pro worth noting

You may or may not have heard about Microsoft’s game changing new entry into the operating system market. The introduction of Windows10s could signal a major step forward in speed and security and help the push the removal of physical servers required for the running of corporate networks.
This will also help businesses move to a greater cloud environment where staff could work from anywhere in the event of a disaster.

Microsoft says “Windows 10 S was inspired by students and teachers and it’s the best Windows ever for schools. It’s also a great choice for any Windows customer looking for consistent performance and advanced security. By limiting apps to those in the Windows Store, Windows 10 S is ideal for people who have everything they need in the Windows Store and prefer the peace of mind that comes with removing the risk of downloading apps from other places”.

However it does address some other issues as well (namely locking down the ability to download anything that Microsoft has not approved, so that it is less susceptible to virus’s and ransomware).

Here are some quick differences for you to consider.

  • You can only install 64Bit software on a Windows 10 S (W10S) device
  • You cannot connect a W10S device to a on premise domain, this could affect some businesses trying to use the device. However it will connect to an Office365 domain (Azure AD) (we will write another blog on this)
  • You can only download apps that are on the Windows store, this of course includes the likes of Office but you won’t be able to load unapproved software. This is a major step forward for Microsoft because it means that this version of software is going to be far less susceptible to virus’s and ransomware (very relevant with the Wannacry scare that we just had)
  • If you are a business that only uses the likes of Office and is totally cloud based then this is a very good device for you to look at.
  • If you do purchase a W10S device with the intention of upgrading it to Windows Pro, don’t hesitate to ask us to check the hardware requirements of Windows Pro first.

Over all we think this is a good step forward for Microsoft, and if you are a smaller business or Not for Profit that needs to keep their costs down (and has simple IT requirements) then this could be the device for you. At the moment Microsoft have the Surface Laptop coming out (start at $1700 NZ) with W10S however there will be more devices from other players coming out soon… Watch this space.

Link to Microsoft windows10s FAQ:

Link to the NZ Microsoft Store:–Surface_Laptop-052317-MSNZ

Why you need a data protection policy

It’s easier than ever to share data and files in the workplace. That’s a huge benefit, but it also raises some issues. Here’s how to handle them.

Understanding the value of your data

All data has value, even if it’s not immediately apparent. But some types of data are more valuable than others. We can break this down into two main types:

Your business data. This is valuable because it contains sensitive information that helps you stay competitive. That includes financial or accounting details, client contacts, project information, intellectual property (IP), staff salaries and so on. If it leaked out then you may lose your competitive edge – and maybe more.

Client data. You might be entrusted with sensitive information about your clients. This could include their IP, some of their financial information, expansion plans and other ‘secret’ data. If this leaked out you may find yourself on the wrong end of a lawsuit, and highly embarrassed too.

Data leaks have seriously damaged many businesses over the years, some of them terminally. Often law-enforcement agencies get involved, for criminal prosecutions.

But there are other risks too. Ransomware is increasingly common. This involves company data being encrypted by hackers’ malware, then a ransom being demanded for the decryption key. Many companies pay up rather than lose their valuable data, but it’s a big price to pay for poor data security.

To help prevent all of this happening to your company, it’s important to have an effective data protection policy.

How are your staff sharing files?

Sharing files and collaborating on projects are vital for many businesses’ operations. But there’s a right way and a wrong way to do it. The right way is to have a secure internal system through which your staff can work freely – but which nobody outside the company can access.

According to Delia Gill, Managing Director of Wellington-based solutions provider IT Engine, there are plenty of examples of companies getting it wrong. “One company allowed each staff member to set up their own personal Dropbox account. This worked until a key employee resigned… taking his password with him.”

It’s important to keep control of accounts within the company. That way, when an employee leaves, you’ll still have access to the data.

Using free online storage accounts is unwise anyway, unless they’re properly incorporated into your IT system. They are often unencrypted, which means that anyone can access your data if they know where to look.

Password planning

Passwords are the gatekeepers to all your data. They need to be strong and secure, and also changed regularly.

Managers need to be careful here. They must respect their employees’ autonomy and privacy, but also need to access leavers’ accounts if necessary. A good data protection policy will incorporate this balance.

BYOD – but keep it secure

BYOD (bring your own device) allows employees to use their own laptops, phones and tablets. If done properly this can save costs and boost productivity.

But if done badly it’s a recipe for disaster. Unsecured devices could be hacked or could infect your IT system with malware. So before going down the BYOD route, talk to your IT provider for advice.

Working from home

Flexible working can increase productivity but, like BYOD, it can also increase risk. No sensitive data should be stored on employees’ home devices, and all logins should be through highly secure channels.

Good anti-malware tools are essential, as are regular updates and security patches. In fact it’s often more practical for you to provide secure laptops for your employees than to let them use their own.

Securing mobile devices

At the very least, every work phone must be PIN-secured so that its data can’t be accessed if it’s lost. Restricting the type of apps installed on work phones is also wise, since many apps have been shown to contain spyware or malware.

“Do a spot-check,” says Delia Gill. “Every so often ask for someone’s work phone and check that it’s secure. If not, that’s a serious breach of security, for you and for your clients.”

Mobile devices are particularly vulnerable to hacking, theft and loss. For this reason they must be properly secured at all times.

Educating your staff

One of the most important features of a data protection policy is educational. Many new employees will have no idea about the risks involved when sharing data.

Hacking is now big business, and professional hacking teams will target companies both through conventional hacking methods and by email or even phone call.

By explaining the serious nature of the risks, you can change your staff from targets to protectors, actively looking after your firm’s data.

A policy to keep your business safe

Without a data protection policy your business is flying blind. No policy means no management, no oversight, no real understanding of the risks. So when – not if – problems occur, without a data protection policy you’ll have no plan for dealing with them.

So make sure your employees are aware of the risks and following best practices. Talk to your IT provider about drafting a data protection policy for your company. With their help you can keep your data – and that of your clients – safe and secure.

Helping your IT provider to help you – five top tips

It’s good to know that your IT provider is there to help you if things go wrong. But did you also

know that you can help them to solve your problems faster?

Communication is at the heart of IT, and that includes communicating with your IT provider.

According to Delia Gill, Managing Director of Wellington-based IT provider IT Engine, little things

can make a big difference. Here are five ways in which you can help your IT provider to help you.

1. Provide at least two months’ notice of an office move

There’s a lot to do when a business moves to new premises. From cabling to ISP

notification, fibre connection to server configuration, it takes time to do it right. Two weeks is

not enough!

2. Let your IT provider know before your website team makes any changes

According to Delia Gill, this is often overlooked. If your web-dev team makes some

configuration changes behind the scenes, that could affect more than just the website’s

design. It could take your site offline and even prevent email access. Make sure your web-

dev team talks to your IT provider before they start work.

3. Adding new multifunction printers (to photocopiers)

Modern multifunction printers are highly capable devices – but they need network access to

work properly. The time to talk to your IT provider about this is a week or so in advance of a

new printer being installed. Don’t wait until the printer company technician is on-site and

saying, “I need to reconfigure your network…”

4. Changing ISP

The choice of Internet Service Provider for your business is yours to make. But if you

decide to change – say from Spark to Vodafone or vice-versa – check with your IT provider

first. A lot depends on how internet traffic is routed into and out of your company. Keep

downtime to a minimum by talking to your IT provider before you make the switch.

5. Adding and removing staff

Obviously it’s vital that you tell your IT provider well in advance of a new person starting

work. They will need their own email address and other accounts, which can take a little

time to set up.

But according to Delia, removing staff is the big one. “What happens when staff leave?” she

asks. “What happens to their out-of- office messages? Where are their documents stored –

are they on that laptop that you’re about to wipe? Do you have their iTunes password?

Have they removed their account from all Apple devices? If not done properly, that

expensive work iPhone could end up being bricked.”

It’s also wise to ensure their incoming email is being forwarded to someone else – not

going into a black hole. And just in case things turn nasty, be sure to recover all deleted

items in Exchange and elsewhere. It pays to be prepared.

If you don’t already have a policy to deal with all of this, now is a good time to create one. Just ask

your friendly IT provider – they’re here to help.