Six cybersecurity best practices for your small to medium business

09/04/2018 |

Cybersecurity can be a big problem for small to medium businesses (SMBs). In fact, SMBs account for 43 percent of all cybercrime targets.

And as SMBs increasingly rely on the online world for their day-to-day activities, the potential for systems to be compromised or a loss or breach of data continues to increase. The good news is that business owners can substantially reduce the risk of cyber-attacks by exercising good cyber hygiene.

Here are six cybersecurity best practices for your small to medium business:

Number 1: Take stock of your hardware and software

By documenting these, you will find it easier to hone in on vulnerabilities. For example, unused hardware should be securely wiped and disposed of properly. Likewise, software and apps need to be updated regularly or uninstalled.

Number 2: Educate employees

Your employees are at the frontline of your business. As such, it is critical that they are aware of and sufficiently trained on your company’s network security policies.

Number 3: Enforce using safe passwords

According to the Verizon 2016 Data Breach Investigations Report, 63 percent of data breaches happened due to lost, stolen or weak passwords. Strong passwords consist of upper- and lowercase letters, numbers and symbols. All passwords should be changed every 60 to 90 days.

Number 4: Use multi-factor authentication (MFA)

MFA adds an extra layer of security on top of passwords, providing an additional barrier for an attacker to breach. This is typically done by generating a one-time token (or code) that is sent to the authorised user to enter when logging in.

Number 5: Regularly backup all data

While it’s important to prevent as many attacks as possible, it is still possible to be breached regardless of your precautions. Be sure to also back up all data stored on the cloud.

Number 6: Install anti-virus software

It is essential to have an anti-virus tool installed on all devices and the network, particularly to help protect against phishing attacks.

Conclusion

Securing your business, its data and infrastructure, isn’t a one-off effort – it requires an ongoing commitment to good cyber hygiene practices.

Please call Simon or one of our team today on +61 2 9409 7000 to find out more.

Uncategorized

Three steps to strengthen your cyber security posture

09/04/2018 |

Cyber threats abound in the digital age, and organisations – large and small – must prepare for the fire.

Attacks are not only becoming more frequent and sophisticated, they are also wreaking greater havoc on companies, governments and critical infrastructure – a trend that’s certain to continue over the years to come. Building and maintaining a strong cyber posture is paramount in preparing for the next generation of attacks, and doing this requires the right people and processes, as well as tools and technologies.

The following three steps will help your organisation evolve beyond tactical and short-term cyber security solutions, and focus on more effective, longer-term strategies.

Number 1: Increase awareness

Management needs to take proactive steps to increase their cybersecurity awareness and not only acknowledge the risks, but lead and own actions and decisions. Cybersecurity must also be recognised as everyone’s responsibility rather than that of the IT department alone.

Number 2: Know what’s at risk

Data is one of the most valuable assets of any business. In a breach, internal and confidential data, as well as customers’ data could be leaked, modified or stolen. Detail severity levels and the required responses for each.

Number 3: Deploy cutting-edge cyber solutions

Businesses and government agencies need affordable access to the most advanced, comprehensive and adaptive cloud-based cyber security solutions if they are to mitigate zero-day cyber threats.

At FirstWave, we have developed and deployed machine learning and API technologies that automate, accelerate and optimise cloud-security delivery, threat protection and security management to more than 300 small to medium businesses, as well as enterprise and government customers.

Conclusion

The severity, scope, and cost of a security breach increases with every hour it remains unresolved. And while there is no silver bullet that is guaranteed to stop attacks, your organisation can take effective steps that minimise the damage. Planning and preparation are key to reducing the impact of cyber exploits on your business and its customers so please call us today on +61 2 9409 7000.

Uncategorized

Leveraging The opCharts API With Python Scripts

08/30/2018 |

A potential customer approached us and asked if they could use Python to request from the opCharts API.

You can get yourself up to speed with the API in this community WIKI guide.

The answer was very quick, yes, but then an example was required. Chris Gatlin, an APAC support engineer, wrote a terrific example of how to achieve this that will be outlined below.

For this example, we’ll build an HTML Network Status web page via a CGI script. This page will be comprised of tables; the first table will summarize group status while the subsequent tables will provide node level details for each group.

This example will utilize the following modules:

We also need to define the following variables:

Protocol (HTTP or https)
Server Address
Username
Password

#!/usr/bin/python3

import urllib.request, http.cookiejar, json

PROTOCOL = 'https'

SERVER = 'demo.opmantek.com'

USERNAME = 'nmis'

with open('/var/www/opChartsApi.conf', 'r') as confFile:

USERPASS = confFile.read().strip()

Note: the password is hidden inside the conFile, which is why we read from it.

The next step involves configuring the URL handling;

CJ = http.cookiejar.CookieJar()

OPENER = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(CJ))

loginUrl = (PROTOCOL + '://' + SERVER + '/omk/opCharts/login')

loginDict = {'username' : USERNAME , 'password' : USERPASS}

DATA = urllib.parse.urlencode(loginDict).encode("utf-8")

REQUEST = urllib.request.Request(loginUrl, DATA)

OPENER.open(REQUEST)

Once you have access the next step is to query opCharts for the node status;

nodeData = OPENER.open(PROTOCOL + '://' + SERVER + '/omk/opCharts/nodes.json')

nodeDecoded = nodeData.read().decode()

nodeList = json.loads(nodeDecoded)

Once we have the data, we need to repurpose it into a logical data structure;

groupStatus = { }

for n in nodeList:

if n['group'] not in groupStatus:

groupStatus[n['group']] = {'up' : 0, 'down' : 0}

groupStatus[n['group']]['nodes'] = {}

if n['nodedown'] == 'true':

groupStatus[n['group']]['down'] += 1

else:

groupStatus[n['group']]['up'] += 1

groupStatus[n['group']]['nodes'][n['name']] =

{'name' : n['name'],

'location' : n['location'],

'type' : n['nodeType'],

'net' : n['netType'],

'role' : n['roleType'],

'status' : n['nodestatus']

}

Now to build and display the tables;

print('Content-type: text/html\n\n')

print(‘<html><style>’)

print(‘table, th, td { border: 1px solid black; border-collapse: collapse;}</style>’)

print(‘<head><title>Opmantek Network Status</title></head><body><strong>Opmantek Network Status</strong><br><br>’)

print(‘<table><tr><th>Group</th><th>Nodes Up</th><th>Nodes Down</th></tr>’)

for k in sorted(groupStatus):

print(‘<tr><td>’ + k + ‘</td><td>&nbsp’ + str(groupStatus[k][‘up’]) + ‘</td><td>&nbsp’ + str(groupStatus[k][‘down’]) + ‘</td></tr>’)

print(‘</table><br><br>’)

for k in sorted(groupStatus):

print(‘<strong>Group: ‘ + k + ‘</strong><br>’)

print(‘<table><tr><th>Node</th><th>Location</th><th>Type</th><th>Net</th><th>Role</th><th>Status</th></tr>’)

for g in sorted(groupStatus[k][‘nodes’]):

print(

‘<tr><td>’ + groupStatus[k][‘nodes’][g][‘name’] + ‘</td>

<td>&nbsp’ + groupStatus[k][‘nodes’][g][‘location’] + ‘&nbsp</td>

<td>&nbsp’ + groupStatus[k][‘nodes’][g][‘type’] + ‘&nbsp</td>

<td>&nbsp’ + groupStatus[k][‘nodes’][g][‘net’] + ‘&nbsp</td>

<td>&nbsp’ + groupStatus[k][‘nodes’][g][‘role’] + ‘&nbsp</td>

<td>&nbsp’ + groupStatus[k][‘nodes’][g][‘status’] + ‘&nbsp</td>’)

print(‘</table><br><br>’)

print('</html>')

After accomplishing all of that, you will get a page that will look similar to the following;

There are a lot of possibilities when you engage with opCharts’ API. What novel ways have you used it?

Uncategorized

Gartner, Inc.: Opmantek Well-Aligned To Meet The Needs Of Midsize Enterprise

08/24/2018 |

Opmantek is a leading provider of powerful and competitively priced network management software and the current ICT Australian Exporter of the Year. While offering solutions which can scale to meet the needs of the world’s largest and most complex networks, including the world’s largest Telcos, Opmantek was most recently recognized by research institute Gartner, Inc. as also well-aligned to meet the needs of a midsize enterprise.

In the August 2018 report, ‘Midmarket Context: Magic Quadrant for Network Performance Monitoring and Diagnostics,’ Gartner, Inc. positioned Opmantek to be optimal for midsize enterprise seeking a consolidated Network Performance Monitoring and Diagnostics tool and network automation from a single vendor. Opmantek was the only one of 16 vendors recognized by Gartner in the report to have this capability.

Opmantek’s award-winning suite of tools, including the two open-source products, NMIS and Open-AudIT, and commercial add-on modules, work together to holistically address all areas required to manage IT infrastructure. Notably, opEvents allows organizations of any size to automate event remediation and intelligently analyze event data, ensuring the root causes of issues are identified and dealt with in a convenient and timely manner.

With over 130,000 organizations now trusting Opmantek’s solutions to enable their IT professionals to identify and address any issue, request a demo today to see how our solutions align to meet the needs of organizations of all sizes, including yours.

Uncategorized

How to protect businesses and individuals from increasingly sophisticated phishing scams

08/23/2018 |

Businesses, government organisations and individuals are being subjected to increasingly sophisticated phishing scams. These scams – designed to trick victims into disclosing sensitive information such as bank account numbers, passwords and credit card details – use a range of techniques to achieve their malicious aims.

Email is a key channel – along with phone calls and text messages – for phishing scams. Many early phishing emails were easy to detect due to poor grammar and spelling and email sender addresses that bore no relation to the person or business the message claimed to be from. However, in recent years, scammers have appropriated logos, graphics and text from legitimate organisations – including major telecommunications companies, banks, electricity providers and government organisations – and used more authentic-looking email addresses.

Government security advisory service Stay Smart Online recently provided an example of a convincing email phishing scam. The email hijacks legitimate branding from Medicare and the MyGov website to solicit information such as login details, user security questions and answers and bank account details.

The groups and individuals behind phishing scams are becoming increasingly adept at using social engineering techniques to extract information from users. These techniques may be used in attack types called ‘spear phishing’ or ‘whaling’. The Australian Competition and Consumer Commission describes these attacks as targeting ‘businesses using information specific to the business that has been obtained elsewhere’. Scammers typically misrepresent themselves as business executives to convince other people within the business to disclose sensitive or financial information.

So how can businesses and government organisations minimise the risk phishing presents to their operations and to their people in business and personal contexts? A key step is to educate people about the threat presented by phishing scams. Businesses should also implement processes for the handling and disclosure of sensitive or financial information that address the risks presented by spear phishing or whaling. Finally, they should deploy sophisticated filters as part of a comprehensive email security platform to minimise the risk of scam emails entering the business environment.

If you would like to learn more, please contact Roger at info@firstwave.com.au

Uncategorized

AI And Health: What Does The Future Hold?

08/23/2018 |

Artificial Intelligence (AI) is no longer just the fantasy of sci-fi movies, the future has arrived in full force!

In relation to healthcare, AI is playing an important role in saving the industry time and money, while improving patient outcomes. AI technology is helping clinicians and insurers to become more productive and back-end processes to become more efficient. According to the Harvard Business Review, when it comes to the top ten promising AI health applications, there could be up to $150 billion in annual savings for U.S. health care by 2026.

Sounds good, right? But what does AI in health really mean?

Four key AI applications for health you should know about are:

Robot-Assisted Surgery

Robots are already being used to assist operations on humans with great accuracy, and this trend is expected to take off in coming years. According to the Harvard Business Review, technological advancements in robotic solutions for surgery could result in $40billion in annual savings for U.S. healthcare by 2026.

Virtual Nursing Assistants

It is predicted AI-powered nurse assistants could save $20 billion annually in the U.S by saving 20% of the time nurses spend on patient maintenance tasks. This means robots instead of people will be the ones asking patients questions about their health, assessing symptoms and directing them to the best option for care.

Administrative Workflow

In the past nurses have spent over half their workday on activities which have nothing to do with patient care. AI-based technologies, such as voice-to-text transcription, are predicted to be able to improve administrative workflows and eliminate time-consuming non-patient-care activities. The Harvard Business Review consider the application of AI to administrative workflow could result in great savings in U.S healthcare, with an estimated potential annual value of $18 billion.

Fraud Detection

Finally, the ability for AI technologies to detect fraudulent activities is predicted by the Harvard Business Review to result in $17 billions of annual saving in the U.S., due to an increase in the speed and accuracy of the claims assessment process.

While AI in healthcare is still in its early days, there is a growing number of different applications for AI technology in the industry. As AI becomes more common in health-related activities, healthcare organization and insurers will be able to deliver better value services. The focus will be on better care, as new technologies replace older in areas including, but in no way limited to, surgery, nursing, administration and the processing of claims.

Uncategorized

newer

older