Cybersecurity Tip #12 - Outsourcing your IT will lead to a more stable, secure and scalable set of systems for your Business

In order to grow your business into something that will fulfil your goals you need to devote an enormous amount of time to looking after your baby. However if you have ambitions to grow your business to a $1mil or a $2million dollar beast with some real momentum then you have to think of yourself as an asset that has to justify earning the company $500 to a $1000 per hour. SO if you find that you are wasting time on menial activities like being on hold with your ISP, troubleshooting a printer fault or installing a new Wireless Access Point then you are wasting company resources on a low value task. Furthermore as your have literally hundreds of other things your should be doing on your To-Do List you will probably stop when it starts working without taking extra steps to secure the system properly or at least  documenting what was done in a proper manner. Do your business a favour and engage with a professional services company like ourselves who will look after these things for you and take care of the security too.


Cybersecurity Tip #11 - Password scam phishing emails
There seems to be a bunch of these going round, a simple email from a known person from their email account - not spoofed - with a link to a shared document - except it's not, the link will be to a hacked website with a hidden page designed to trick you into giving up your passwords. Get your staff signed up to a Cybersecurity training program!



Thanks to Alex, a Detective of the NZ Police for giving me his time to talk about cybercrime in NZ. We talked about some really interesting topics and cases as well as how individuals or Businesses can better understand the threat, risks and how to protect themselves out there.



Cybersecurity Tip #10 - Spotting internal fraud
This is one where unfortunately I can speak from experience. There are some normally honest people who will rip you off out of opportunity, and some broken people who scam you because if they can you deserve it or will do so because they beleive their own bullshit and thus think they are entitled to what ever they can take. Most horrifically these people can also seem like the nicest most credible people who you may think could never do such a think. Take my warning and just treat everyone as capable and put controls to remove the easy opportunities for your trust to be betrayed.





This seems like a hassle but it really isn't compared to the pain of being compromised. Simply put it's too easy for your login details for your critical business systems to be compromised but if you have 2FA enabled on your Xero Account, Office 365 or Client Database then as long as the kackers aren't holding a knife to your throat they aren't going to get in.




Cybersecurity Tip #8 - USB drives are great for silently spreading an infection. * Scan yours between sites * if you don't use them in your business then block their use * NEVER PLUGIN A FOUND DRIVE! It's been done in the wild in Aussie:



Cybersecurity Tip #7 - Defense in depth

7 Essential layers for your businesses IT security - affordable for young dynamic businesses looking to scale.

1) Spam filtering 2) Next Gen Firewall 3) Web Filtering 4) AV & Antimalware 5) OS & Application updates 6) Staff education 7) an Effective BC/DR plan.



Cybersecurity Tip #6 - If you are looking to travel for business then here are some tips for you to consider:

Before you go abroad for work, 1) check in with your IT people, 2) get your phone on a roaming plan 3) put a PIN on your phone 4) encrypt your hardrive 5) if you lose it then get hold of your IT Partner to get help with either locating it, wiping the data, recovery or to help get a workaround solution in place.



Vertech Cybersecurity Tip #5 - Failing to test is testing on failure. (or in other words check your backups actually work)



Vertech Cybersecurity Tip #4 - updates and yet more frikkin updates..
Daniel says - let us keep your computers and servers up to date - it's all part of running a well behaved system and being a good netizen.



Cyber Security Tip #3 - Lock the damn doors!
Have a method of identifying visitors, Challenge wanderers, lock your critical systems away, operate a clear desk policy, lock PC's, get CCTV.




Cybersecurity Tip #2 - Passwords!

Password Management tools - eg Myglue, lastpass, roboform, keepass, 1password, etc




Cybersecurity Tip #1 - Awareness training!





Have you been Compromised already?

You may not be aware but your personal information, address, phone numbers, email address and passwords could already be circulating around the darker parts of the internet to be sold for use by Cybercriminals and identity thieves.

As Vector Privacy Compromise-109the Facebook + Cambridge Analytica incident showed and now on a local scale with Vector, Apps can be used to access private information on a massive scale.

What can be done?

  • Don't reuse the same password on different sites!!!
  • Have a look at or sign up for proactive DarkWeb monitoring for your company's domain with us and call for expert help.
  • If you have confidential client data to protect then contact your insurance broker to get Cyber Insurance as the Forensic & PR efforts Vector will be putting out will be $$$ huge!
Keep it safe and sensible,



Free routers are not REAL Firewalls!

I see small businesses on a regular basis running with just whatever their ISP has provided, usually a cheap device that provides connectivity and some very basic firewall-like functions such as NAT and SPI. As far as I am concerned these are just like putting a $5 lock on the front door of your Million Dollar mansion. Here is an example why:

"MikroTik RouterOS vulnerability

CERT NZ has been informed of an active attack targeting MikroTik RouterOS devices.Microtik

Attackers are identifying these devices by scanning for public IP addresses running specific RouterOS ports and using older versions of the operating system. Once the vulnerability is exploited, malware is downloaded to the compromised devices. The device is then being used to scan for other IP addresses and spread.

CERT NZ is aware that this attack is active. We strongly recommend investigating and patching any RouterOS devices on your network as soon as possible to prevent them from being compromised."

When Vertech connects a client to the internet we insist on a substantial firewall device like the Sophos XG UTM range which can automatically Hotfix itself when vulnerabilities are found in it's firmware and that also provides additional significant security abilities such as sniffing out malware communications and synchronised security with the computer antivirus software to prevent the spread of the threats. This level of security is not expensive anymore and is absolutely affordable by SMB's - it really is just a case of being a good netizen.

To read more about the vulnerability in what is a very common device in the NZ ISP market place:

Stay Safe,




HP Laptops Keylogging problem

It's come to my attention that on a wide range of HP Laptops there are Synaptics touchpad and Conexant audio drivers (older models only) which have code which inadvertantly records keystrokes in cleartext to the local hard drive. Whilst not malicious in itself it unlocks a door which could be used by malware to gain access to confidential systems.

We recommend setting HP's support centre software to auto update your workstations in general and we will make a point of checking our clients laptops during our normal maintenance times to ensure that the driver versions for these items are not susceptible to being used this way.

Thanks to Jeff Stagg for the Heads Up!




The Wireless Krack: Relative Risks

The recently and widely announced weakness in the Wireless Security protocols in use pretty much everywhere have been alarming and caused great concern for some of our customers but let's weigh the risks.

This is an attack on the client portion of the protocol that deals with how the encryption is negotiated, Pretty much every device that uses the WPA protocol is affected. This means nearly every network enabled device and every company network everywhere regardless of make or model.Krack logo

For detailed info read more here:

That's scarily massive in scope! But lets see why I think this Krack is not as big a cause for worry as it's been displayed in the news.

1) Physical Proximity is required! - In order to implement this attack the attacker needs to be within range of your wireless network. For most this is still 30m from your wireless access point. If someone wanted to get your data this badly that they will take the risk of putting themselves in close physical proximity then they will likely find other less hazardous ways to get to your info. A Phishing scam is a 1000 times more likely to cause a breach in your security and these are launched against your staff multiple times a day every single day.

2) UPDATES! If you update regularly you are going to be fine! This is a newly discovered hack and Vendors are already distributing patches for their equipment. For our clients we select reputable vendors who I can see have already released fixes within days of the public announcement. Together with our automated patching regime for clients laptops and our regular onsite maintenances that include updating the firmware of network devices this vulnerability will quickly be addressed.

Take it easy out there and remember "loose clicks sink ships"





 Are you already exposed?

There has been a fair amount of news regarding hacks where large volumes of private identity information has been exposed to the internet. I know that that can seem remote to us but you would be suprised where your information may have ended up and not every company has been very good at informing people when they have been compromised. I'm talking about name, address, phone number, email and passwords. This info in the hands of of the malicious makes cyber crime so much easier.

Want to know if YOUR Details have been made vulnerable?
Here is a link to a site where you can get a report to see what email addresses in your organisation may be in the hands of criminals.

Do it now - change your passwords, please don't reuse the same one on every site!



There is a new, sophisticated email scam you need to watch out for. Bad guys first send emails with links to inappropriate websites to business email addresses, and then follow up with extortion threats.  It's been tested in Australia and now the USA, so NZ won't be far behind.

The email claims that a virus was installed on a porn website which recorded the victim through their webcam. “Then my software collected all your contacts from messengers, e-mails and social networks,” it says. “If I don’t receive my Bitcoins I’ll send video with you to all your contacts.”

This is a play on shame, the fear of tainting your professional image and using that fear to drive a poor decision.

If this type of scam email makes it through the spam filters into your inbox, do not click on any links, do not reply, and delete the message (or click on the Phish Alert button). Do not download any software to check your computer for viruses, but follow procedure to report these types of criminal emails. Remember: "Think Before You Click", it is more important than ever these days.

Educating your staff and giving them some basic Cybersecurity training is essential as a last line of defense in your business. Message me if you need help arranging this.



Cyber Security


On the Internet, we live in a neighbourhood where every bad guy on the planet lives next door. We have all seen the two massive cyber-attacks in the news of late and I must proudly say that none of Vertech’s customers fall foul of it. I was aware of other IT companies whose customers were hit and were suffering the interruption to their daily business as a result. They tended to be businesses with only ad-hoc support and minimal protections in place such as Antivirus software only.

We offer a Workstation Security Guarantee to Vertech Customers who are under our TrueCare Service plans. We are confident that if a client is protected by our four primary layers of security (Automated Security Patching, Antivirus/malware, Web Filtering and Email Scanning) and are actively managed and monitored there is a low likelihood of their systems being infected.

What’s better is if staff are also empowered to be aware of the red flags and signs of common scams so that even if all these layers are penetrated they can distinguish a legit email from the malicious. Invest in some Cybersecurity Awareness training for your people!

The last line of defense we’ve now implemented for most of our clients is an upgraded firewall system. The system is capable of sniffing your outbound internet traffic for malware communications to the Cybercriminal's command and control servers. Even if a staff member clicks on a dodgy email and gets some ransomware on their computer, it is possible to block the request for encryption keys as it passes through your network and prevents the damaging payload from taking hold.

If your business doesn’t already have protections like I have discussed in place then it’s a matter of hope and luck that you don’t get hit. When you live zero distance from every cybercriminal in the world your doors handles and windows are being rattled all day, every day. These protections are not expensive and are easily afforded by the SMB market. If you are interested in finding out what else we could be doing for your company please call me on 09 972 0367 or email



Business Reading

I’ve been thinking a lot on how I can achieve the goals I have set for myself and the business.It has become apparent that I can’t get better results by being the same person that I have always been. If you want MORE, you have to BE more. By developing your personal capabilities, you display leadership and learn how you can grow the business. There are plenty of material in this vein and if you pick up anything by the authors below you can’t go wrong. I’ve been reading and listening to several excellent Audio Books recently (either through Audible or YouTube) which I highly recommend to fellow business leaders!

  1. The Pumpkin Plan by Mike Michalowicz – A simple but powerful analogy to grow your business with less pain. You don’t need more customers, you need more of the right kind of customer. pumpkin plan
  2. Unshakeable by Tony Robbins – Deals with wealth creation in a step by step manner suitable for anyone. Wisdom distilled from the mouths of the world’s financial titans in a form even a financial simpleton like myself can implement!
  3. Secrets of Closing the Sale by Zig Ziglar – this is a classic, he sounds like an old time southern Baptist preacher but he’s got the chops. At the end of the day we are all in a sales profession and it you don’t ask for the sale then you are a professional visitor.


Don’t have time to read? I signed up for YouTube Red so I can listen to them whilst running with the dog without ads. Motivational stuff is all very nice but without action it’s pointless and what’s more it tends to wear off over time as we get consumed by the minutiae of day to day life. Keep yourself exposed to a steady stream of inspiration, seek out people who have done what you want to do and ask them how they got there, model success!




Over this weekend you would found it hard to miss the news about a new Ransomware attack based upon a vulnerability in a file sharing protocol within Microsoft Windows that affects multiple operating systems. Over 100,000 organisations have been infected so far and Europol expects that  this number will rise significantly as people return to work.

This attack spreads through an emailed zipped attachment. When it's run, the code replicates to other machines on the network, locks the person out of their computer and encrypts what files it can before issuing a ransom demand. If the demand is not paid within a specified time frame the demand is increased and if not paid after another period the files are permanently destroyed.


  1. Patch your computer systems

    • Our clients who come under one of our TrueCare or HomeCare workstation security plans we've confirmed already  had their software patched back in March for this vulnerability so would be already protected from this attack!
  2. Keep your Software Up-to-Date

    • Whilst Windows 7 through 10 have been patched older systems such as Windows XP no longer receive updates and will still be vulnerabile to this attack. Have you got any machines on your network that need replacing?
  3. Backup your systems regularly

    • If in a worst case scenario you do fall victim it's better to restore your files from a recent good backup if you have one , rather than lining the pockets of these Criminal Organisations. Is your backup viable? Is it monitored and stored offsite? Do you get alerts if it fails?
  4. Install Smart Firewalls

    • If you are using a free router from your ISP then it won't have the intelligence to spot malware traffic passing through it. Vertech recommends Cyberoam Unified Threat Management Appliances to act as the perimeter guard dog for the organisation. They are able to spot attacks within your network and block the malicious traffic to limit the extent of the damage. What are you using in your company?
  5. Train your Staff

    • Even with all the technical defenses we can provide at the end of the day your last line of defense is your staff. Hopefully you give them a little more than the 2-Step on-the-job training of "Good Luck and Hang In There"! We can take the hassle out of CyberSecurity Awareness Training for your team and give you stats on how vigilant they are. It's a small investment compared to cost of a security incident I assure you. Give me a ring 09 972 0364 or drop me a line and ask about KnowBe4 training to get a free SIMULATED attack to see how your staff would fare.

If your would like to learn more about what needs to be done to keep your business safe from cybercrime register for my next FREE Educational Webinar here:

Good luck and keep safe!




Being a life long learner

One of the things I like about being in IT is the ever present opportunity to learn new skills and technologies. But technology isn't just limited to electronics, there is plenty of software upgrades for the lump of fatty tissue between our ears and this guy is gold.

I forced my teenage kids to listen to this today! They grudgingly appreciated that I did it out of love for them. I know what questions I'll be posing myself each day. Some have come straight from the Pumpkin Plan.

  • What am I grateful for in my life?
  • What is something that I am really happy with?
  • What can I do today be a better Husband & Dad?
  • How can I improve the profitability of my company?
  • Is there something I can do to streamline our systems & processes today?
  • What could we do to improve the IT systems of our Top Clients?
Something to ponder on, what questions could you ask yourself everyday that could massively impact your state of mind and your business?



Picture this:


“You’re in the departure hall, the flight home is not boarding for another 30 mins. As you place your laptop bag down you spot a shiny new flash drive under the bench. Naturally being an intelligent, curious person anticipating a boring wait till your flight is called you slide your work laptop out and plug the USB drive in to have a look to see what it contains. Who knows? Perhaps you might be able to find out who it belongs to so you can do the right thing and pop in in the post to the unlucky person who dropped it?

Poster16During the post incident analysis of the security breach that encrypted the contents of your business’s network drive it was found that your machine was the source of the attack. The IT team managed to restore the server back to normal without resorting to paying the Ransom. Only half a day’s productivity for 30 staff was lost. Sadly, your only copy of the family holiday snaps under My Documents were permanently lost.”

I am sure you’ve worked out now that it is your employees who are the weak link in your IT Security and the costs can be significant. Social engineering is the number one security threat to any organization. The alarming growth in sophisticated cyberattacks makes this problem only worse, as cybercriminals go for the low-hanging fruit: employees. Numerous reports and white papers show organizations are exposed to massive increases in the number of cyberattacks over the past five years.

At Vertech IT Services we constantly work to close gaps and increasing the robustness of our client’s networks but we’ve realised that we need a way to massively & efficiently provide ongoing awareness training programs to the dynamic SMB sector with the least disruption to their business. We’ve found that solution in the company KnowBe4.comKB4-Authorized-Partner-227

Click here to learn more and access a free Best Practices Whitepaper and to learn how you too can provide Cybersecurity Awareness training to your people.






HaaS. In case you haven’t heard enough acronyms in the IT industry, let me give you one more: HaaS, or “hardware as a service.” Simply, HaaS is an option to “rent” hardware on a low monthly basis instead of purchasing it outright. This eliminates the hefty cash drain for a network upgrade and allows you to pay for hardware as a service. It also puts the burden of repair and replacement on the shoulders of your IT company (us) to keep your equipment up and running. 

With our HaaS offering we'll wrap the computer in our TrueCare Fundamentals Service Option and Gold Workstation Security Package with options for Flat Rate support you will have a guaranteed superior IT experience for your business.

You do end up paying more in the long run (as you would if you leased a car or bought a house on payments), but the results and the ease on cash flow makes this a better option for some people.
Daniel Watson





Virtual Disaster Recovery Testing

Time and time again I have done a new customer audit and discovered that their Backup Tape/Drive that they have been diligently rotating for months contains either nothing at all or backup files so old as to be next to useless. 

Vertech has been countering this with our flat-rate Max Backup cloud DR service and we are now happy to announce that we can provide a regular Virtual Disaster Recovery Testing Service.

Currently if Vertech is visiting your site for a regular maintenance visit the Second thing we do (The First is making sure the server isn't about to burst into flames) is a test restore of files and folders to confirm the backup data chain is intact. Now Vertech upgrade this testing to provide a regular full restore of your Servers into Microsoft Azure hosting platform to confirm that the Servers will actually Boot up! 

Previously doing a full DR restore of servers was an time-consuming and expensive manual service. We are now able to automate much of the donkey work to be able to offer this peace of mind at a much better rate. Further more this test restore can be used as the basis for a Fast full site recovery option should the office go up in a puff of smoke!

If your business needs a reality check on your Backup and DR then give me a call on +64 9 9720364 or email me and I'll be happy to come out and provide a free consultation.

Daniel Watson


Ransomware emails & Staff Training

We've been seeing a steady stream of emails with increasing levels of sophistication targeting clients. Because of the serious risks associated with ransomware we've proactively enabled a new feature on the Vertech Mail Security platform across the board. 

  • From now on, all zipped attachments, executable files and macro enabled documents will be treated as Spam (but able to be manually released from Quarantine).

  • All Scripting type files will be treated as Malware.

If your business may has legitimate email traffic with those types of attachments then please notify our Service Desk here so we can tailor your company email security policy to suit.

NBPlease be careful about making your whitelist entries too generic. eg a subject line of "RE: " in your list of allowed subject is inviting trouble!

Following on from last month's successful Cybersecurity Seminar with Zeald, I am now providing onsite staff group training sessions on:

  • What the threats are

  • How to spot them

  • How to stay safe on the internet. 

Whilst we can put in place some very clever technology to defend your systems, your staff are the last line of defense and also the weak link.



We now offer Staff CyberSecurity training sessions! 

  • Short & to the point

  • Group sessions from $199

  • Give them the knowledge to protect themselves and your business.

Click here for book a session 



Security and Success: How to survive and thrive online


If you are concerned about your security online, then this seminar is for you. The Security and Success: How to survive and thrive online seminar is a primer on cyber security threats for the harried business owner. We will cover various threats to the online user, the effects of these threats and how to mitigate the risks these threats pose to the average Kiwi business. 

Vertech has partnered with Zeald to provide this Seminar at no charge on the 13th of April 2016. The 2-hour seminar will answer your questions about online security and best-practice for your website. Please arrive at 9.30 for registration. The seminar begins at 10am, finishing at midday with a short break for light refreshments. 

register Now-733


Productivity Tip #3


If you have ever torn your hair out trying to get multiple busy people to agree on a single meeting time or 

have spent more time firing emails back and forth than the meeting itself then this might be the thing for you. Microsoft Garage have released a handy free tool for Office 365 and Outlook called FindTime. 

This nifty add-in creates a simple poll of acceptable times that you select and sends this to all parties. They can then vote on preferred possible time slots allowing everyone to reach a consensus as to the meeting schedule. This works for people Both inside and outside of your organisation and greatly simplifies the process! Watch my video below to find out how to install and work with it:Video Tip: Simplify Scheduling using FindTime


New Insurance exemption clauses

This morning I opened the mail and noted that our business insurance (ASB)  had some new clauses with respect to damage caused

exclusion clause-887


to electronic data. Gone is the old clause relating to the Y2K issue (that was a laugh) and in its place is an exclusion for "loss of or 

damage to electronic data from any cause whatsoever including but not limited to, a computer virus"

I guess this means that the insurance industry is seeing a significant amount of claims from this cause and are seeking to eliminate this risk to their profits.

Prevention is better than the cure but always have a good backup plan. Your business insurance may not save the day.

Daniel Watson


Productive Habits


Every couple of months I take a Friday off from the business to attend a business coaching workshop as part of the Velocity program delivered by the marvelous people at The Breakthrough Co.

Last Friday's topic revolved around Habits, how to utilise what we know about habits to encourage productive activity which we can use to develop our businesses and to quarantine the bad habits that suck our energy.

As most people know email is a critical business communication tool vital to the operation of businesses everywhere however as this brilliant comic from The Oatmeal illustrates, it needs careful containment so as to not distract you from your mission. Click the image to view.

My email is a monster

Quick Tips for controlling your Email Monster.




Vertech MAV changes, Vertech Price rise and Windows 10

Fuji-Xerox Printers Special

Purchase selected Fuji Xerox printers and receive up to $150 Cash Back
Offer available til 31st October 2015

Purchase this black and white laser printer for $239 ex GST and with the promotion you can get $75 cash back. Click the image for specifications.

Vertech's Managed Printer Service: Unbeatable value & Convenience.

Vertech's MPS agent monitors your printer to check for faults and consumables levels. When levels get low a replacement Toner cartridge is automatically dispatched. If there is a fault with the printer then a Xerox tech will get in touch and resolve the problem under warranty. For the printer above for example we bill you $5 per month plus a monthly usage fee of just $0.0285 per page!

We can provide this service from this simple black and white lasers through to large colour A3 multi-functions and can provide leasing arrangements to suit your business.

Email us now to put in your order or if you would like pricing on other models;

Vertech MAV Service:

The current underlying software for our Managed Anti-Virus service is Vipre Business which was previously one of the best performers in the market; however nothing is forever and recent industry product test have shown that there are better products available.

As part of our commitment to ensure that our clients receive the best protection we can offer we will be progressively migrating your agents to the new platform based upon Bitdefender.

Bitdefender’s antimalware technology ranks consistently as the best available on the market and is currently the top-rated business antivirus software on independent review site AV-TEST.

There will be no cost for initiating the crossgrade nor is there any price change for the monthly workstation package (part of our Silver and Gold plans) and it should be seamless apart from a reboot to complete the installation. If required; we will contact you to check when the servers can best be rebooted.

If you are not currently utilising our MAV (Silver or Gold Workstation Packages and Silver and Gold Server Packages) and If you would like any further information on the advantages of moving your existing AV to Bitdefender, please drop us a line

Windows 10 Upgrade?
You may have seen the Windows 10 Logo in your system tray appear in the last month and you may be wondering if you should upgrade to Windows 10.

At Vertech we take a cautious approach to new operating systems. Whilst there are some of us who love to have the latest and greatest new thing most businesses prefer to reduce the number of suprises in their daily operations.

This new Windows operating system does look and feel very slick and will be quite familiar to anyone who was happy with Windows & Pro. You may experience a speed improvement over windows 7 or 8 on an older PC. The Windows 10 OS is the same across all platforms and thus is the way forward from Microsoft. They are providing free upgrade rights from Windows 7 for one year so there is no rush.

Our recommendations for Windows 10:

  • Beware that if you have older accessories or printers as finding drivers may be an issue.

  • Whilst it does feel familiar and is an improvement upon Windows 8.1 there will be some training required and this may affect productivity

  • It does take several hours and approx 5GB of download to complete, you certainly don't want to kick off the upgrade on a whim first thing in the morning.

  • If you are at all unsure give us a ring and let us help you out.

Vertech Price Rises:
We will be standardising our ad-hoc support rates to $130/hr from 1 Oct 2015 for those clients who are not under a current existing support agreement.
The good news is that we are not raising our Pre-purchased and Onsite Maintenance Hour rates ($115/hr). Dan will be endeavoring to meet with all clients over the coming months to discuss past average support usage and how you might save on support costs by moving from ad-hoc to pre-paid hours.

As of 01/10/2015 the following Rates will apply:

  • Vertech Remote support up to 10 minutes: No charge

  • Vertech Remote support for more than 10 minutes: $130.00 per hour Minimum of 15 minutes, billed in 15 Minute increments

  • Vertech On site visit: $130.00 per hour Minimum of 30 minutes

  • Site Visit Fee - Greater Auckland Area: $65 per visit

  • Site Visit Fee - Outside of Auckland: Travel time at $130/hourOr travel expenses by negotiation

  • Vertech Pre-booked Engineering hours and Maintenance Support either Remote or Onsite: $115.00 per hour

  • Site Visit Fee Pre-booked onsite Maintenance Support: $55.00 per visit

  • Vertech IT Consultancy Support: $170.00 per hour



Why it's the Perfect Time for a Security Intervention

The following article is taken from Dan Kaplan's excellent post at Trustwave here.

2014 was a year of reckoning for IT and security professionals globally. Like never before, the crushing consequences of risky business behaviour, combined with continued hacker acumen, were hung on full display, for the world to see. And evidence of the fallout was everywhere: from high-profile vulnerabilities like Heartbleed and Shellshock, to innovative malware attacks such as Backoff, to devastating data breaches that brought household brands (and countless others that you'll never read about) to their knees.
At the rate things are going, 2015 is setting up to be even direr. No doubt, awareness of the threats has catapulted security onto the boardroom agenda, but the fact remains that most organisations are operating at some level of denial - somewhere between "It won't happen to me" to "We checked the compliance boxes, so we're good to go." At a point, however, businesses that have been making - and paying for - the same mistakes for the past five years must arrive at a collective awakening.
It can - and likely will - happen to you: Experts have been claiming for some time that data breaches are a when, not if, prospect. Yet they continue to happen, and responses remain poor - 71 percent of compromise victims don't even detect the breach themselves. Incident response and readiness, therefore, must become a priority. Invest, test the plans regularly and get everybody on board with them.
Your perimeter is dead: Mobility and BYOD is king, and the whole notion of the "internet of things" is just as real for the business environment as it is for the home consumer. Increasingly devices are internet-connected, and it's critical to understand which systems are trying to connect to your network. Also, mind your outsourced suppliers. Vendor risk management is more important than ever.
How safe are your staff devices? At present 60 per cent of New Zealander's own a smartphone and or Tablet/iPad and this percentage is expected to continue to climb. However, many people don’t apply the same safety standards to smartdevices that they would to their PC at home or at work even though they store a huge amount of personal and work data. Here are some key precautions to be aware of:

  • Use a complex PIN lock and treat it like your EFTPOS PIN i.e. keep it to yourself so no one else can access your information

  • Use an antivirus app and make sure it’s up to date

  • Upload “locate and lock” apps to help you find, lock and wipe your smartphone if it is lost or stolen

  • Back up your important information like contacts, photos and documents  - there are plenty of cloud storage options that allow you to do this

  • Use approved apps – not all apps are nice! Install apps only from Google, Microsoft and Apple stores

 Only store information and files on your phone that you can afford to lose, otherwise store it somewhere else.

Advice from Daniel:Daniel Watson Managing Director

The world's gone mobile. Staying connected is cheap and it's everywhere and more people than ever want to - need to - work across a number of platforms and devices. Yet despite its benefits, working in this way can be a major security issue for employers if adequate device management isn't in place. Vertech now offers a Mobile Device Management service to take care of these issues so you can rest easy.


Additional advice from Jay:

BYOD or Guest devices should not be able to access to any of internal network resources because it can have virus on it, and spread it to the office network. The WIFI for BYOD devices should be on a segregated VLAN and can go to internet only and unable to see any of internal network to isolate BYOD devices.


Your employees are mistake-prone: As advanced as threats may be, oftentimes they are meaningless until they are welcomed inside the virtual door of a business. That deed typically is done by an unwitting employee who, for example, uses an easily crackable password or clicks on a link or attachment that they shouldn't have. Social engineering ruses, like targeted phishing attacks and blended threats, are getting better at tricking innocent users, but one can't overstate the importance of a regularly refined security awareness program that receives executive-level support.

Advice from Mital:Mital Patel Network Systems Engineer

Change passwords from time to time – employees don’t like it because they find it difficult to memorise the new password.
Customer's often request us to disable password expiry or allow simple passwords however we strongly discourage this and recommend complex passwords (a mix of numbers, letters, case & punctuation marks of at least 7 characters length) changed on a monthly -  quarterly basis.

Top Password Tips:         
* A good password doesn't have to be entirely random, you can create a memorable password out of song lyrics or three unusual words with substitutions. eg. W@l1ays = We @ll live 1n a yellow submarine or 6redPhone!
* Don't share passwords!

* When a person leaves the organisation, please contact us to remove or disable the account - we can give you options on how to retain access to that staff members data & email. We can help you document an Staff exit procedure.