BluePackets

BluePackets We are an IT services provider, assisting professional, not-for-profit, and government clients. Workies!

We offer a complete range of IT services, and specialise in security (at an affordable price).

11/06/2024

Changing your IT services approach could slash your bill in half and potentially save you much more in the fallout…

IT Security isn't a singular thing you buy or have. Often we hear phrases like "We have MFA" and "We have Spam filterin...
25/03/2024

IT Security isn't a singular thing you buy or have. Often we hear phrases like "We have MFA" and "We have Spam filtering", followed by "...and we were still compromised".

Each and every IT security improvement you make helps apply a layer of defence. Sometimes intrusions make it through multiple layers. We strongly advise against relying a single barrier or system to try and stop all intrusions. This doesn't mean running multiple anti-virus products. Instead it means systematically reducing improving your security configuration. This has a twin benefit, reducing the risk of an intrusion and at the same time, helping reducing the potential impact of an intrusion if it was to happen.

Not sure where to start? Our team specialises in making incremental improvements inline with regulatory and insurance requirements. We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.

Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

11 Signs your organisation might be getting complacent with IT security:1) Compromised accountsEnd-users can often be th...
06/03/2024

11 Signs your organisation might be getting complacent with IT security:

1) Compromised accounts
End-users can often be the weakest point of security. They make mistakes. This is a numbers game. Even to the most security aware person - it only takes a momentary lapse and details can be compromised. Every organisation should have systems in place to minimise the risk. If this is a recurring problem, then it is a clear sign that security needs to be improved.

2) Unsure of the security that is in place.
Security doesn't happen by accident. Knowing what is in place is critical. How can you be confident in your systems if you don't know what is in place, and what protections are there?

3) No plan for further security improvements.
Security isn't a thing that you finish. It is always moving, evolving over time. There is always another step that can be taken. While you can't do everything at once, it is important to have a plan for what you are doing to improve security this year. Like many things in life, if you aren't moving forward you are actually going backwards.

4) Surprise when there is a security incident
No matter how secure your system is, there will be incidents. This shouldn't come as a surprise, and might indicate that a fundamental shift in security perspective is required. The world is knocking at your door. Time get on the front foot!

5) No plans of how to respond in the event of a problem
Something is going to happen, what are you going to do? You need to be prepared. Who are you going to notify for help. Who do you need to notify if 3rd party data is impacted. When do you need to notify them? How is your organisation going to continue to function?

6) Lack of cyber insurance
You have insurance for all the important parts of your business. Are you IT systems critical to you? If your systems were turned off right now and you had to start again without your data – what would the impact be? If this would have a significant impact, then it is worth having insurance to assist you.

7) Not aware of what the Essential 8 is, and how you compare to it
This is a suggested minimal/standard security requirements as advised by the Australian Federal Government. This list changes over time as the threat landscape changes. It is a great free and impartial reference point. Knowing where your organisation sits against these standards can give you valuable insights.

8) Staff are able to install software on their work computers
This is a big no-no, and is an easy avenue for infections or negative consequences. It is critical that any additional software to be installed is vetted and managed by your organisation, and not your team members.

9) IT Security is viewed purely as an expense to be avoided
Efficiency is key. Under-investment in IT security can be very expensive. A well secured and managed IT environment should bring you a “Security Dividend”. These are direct and indirect savings that can be made by having a secure and stabile environment. There are multiple layers of costs to consider:
* The interruption to your work-flow
* The cost paid to consultants to fix the issue
* Potential legal costs in the event of a data-breach
* Potential loss of future earnings due to reputation damages

With the full cost in mind, prevention will almost always be cheaper than the cure.

10) High levels of reactive support requests to fix issues
Hardware breaks, software has bugs, systems have outages, users need training. These statements are true – however – as a general statement the actual volume of troubleshooting should be minimal. If your organisation has a heavy need for IT support and assistance, there is a chance that you might benefit from proactive changes that further reduce risk.

11) No recent security reviews
You can’t know where you are going if you don’t know where you are. It can be very easy to over estimate your security posture. In a fast moving environment, an old review is almost worthless. Security needs to be reviewed and considered on a rolling (and regular!) basis.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.
Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

How are we so good at picking up compromised 365 accounts for our clients? We have a range of health and security check...
01/03/2024

How are we so good at picking up compromised 365 accounts for our clients? We have a range of health and security checks that we run on a regular basis.

As an example: We check for Multi-Factor-Authentication (MFA) failures from foreign locations. Why? Often account compromises come from foreign locations. When attackers first try, they will likely fail if MFA is setup. At this stage it means they have your username and password. Without the monitoring in place, our clients would be none the wiser. Attackers can then sit in the background and try regular logins - waiting for an opportunity like a MFA reset (such as when you get a new phone).

By helping our clients get ahead of the curve, we can minimse the risk of an intrusion proceeding.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.
Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

Trust by your clients in your computer security is critical in the modern era. It takes time to build trust, and it can...
28/02/2024

Trust by your clients in your computer security is critical in the modern era. It takes time to build trust, and it can be ripped away in an instant. Have you ever had one of your 365 accounts sending out junk or malicious email on your behalf? This can be a big give away that you have lost control of your 365 environment or accounts. If an attacker can send out email, it is assumed that they have access to your emails, and likely files.

How do we help our clients minimise the risk of this happening? We a holistic approach - preventative, and also reactive monitoring. Even a highly secure configuration can become compromised by human error. The reactive monitoring has been effective, typically enabling us to notify clients to the intrusion before it has a chance to escalate.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.
Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

Myth: A username and password is the only way to access your 365 environment.The answer to this almost always comes as a...
26/02/2024

Myth: A username and password is the only way to access your 365 environment.

The answer to this almost always comes as a surprise. Did you know that with a few clicks, approval can be give to 3rd party applications to access your 365 data (ie, files and email)? Often this is presented as a step to integrate with a 3rd party service for work. Sometimes it might be presented as a way to access a feature or even a game. Once a user grants permission, these permissions typically stay around forever. This means you can change your username and password, and these external companies may still have access to your data.

Why should you worry? If given access, these external programs could have permanent full access to all the data in your systems (with the same permissions as the user that granted it). This could be used in a malicious manner. Numerous times we have identified clients that have installed unknown 365 applications - software that we can't link to any official system or identifiable business.

What can we do about it? We have a solution for our clients that reports on existing 3rd party applications, and alerts when new applications are added. The bulk of applications are helpful, however it is important to find out in a timely manner when access is being added to your 365 environment.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.
Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

It feels like every day there is announcement about yet another company that has had their IT systems compromised. It m...
23/02/2024

It feels like every day there is announcement about yet another company that has had their IT systems compromised. It makes big news because these organisations often hold personal and private information on a large number of their clients.

How does this relate to the business world and your 365 environment? Unfortunately it is very common for large IT software and service providers to also be compromised. When this happens, there is a chance that your end-users might be caught up in the breach. What kind of information is released in a breach? Often key items like usernames, email addresses, and sometimes passwords. Where do these details often end up? Being traded on the so-called "Dark-Web".

Despite the best education of end-users, people will often use the same password across multiple accounts. What happens when one of these accounts is compromised above? It can often mean that the attackers effectively have the username and password for many different services (potentially including accounts in your 365 environment!).

There is a chance that usernames and passwords for some of your accounts in your 365 environment may be listed on the dark-web.

How do we help our clients? We have a system that can cross-check email addresses from their organisation against known dark-web lists. This can serve as notice that they have been involved in a data-breach, and also a chance/reminder to change their passwords.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.

Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

365 Security Spot-Quiz Question: What is the "Secure Score" of your organisation?What is this "Secure Score"? It is a ...
21/02/2024

365 Security Spot-Quiz Question: What is the "Secure Score" of your organisation?

What is this "Secure Score"? It is a number that is assigned to your MS 365 tenancy, organisation wide. Each time you improve your security of your 365 configuration, the score is re-evaluated. This typically results in your score going up.

Why is this important? Just by purchasing a 365 subscription, it doesn't mean your configuration is secure. This scoring system helps give you a benchmark to work against.

What do we often find? New clients with a very low Secure Score (typically below 20%). With suitable advice and support, we can often get this to 80-90% without having any real impact on usability. This is a massive improvement, and helps protect you and your data.

New security features are being made available on a regular basis, so your relative Secure Score can go down over time. How do we manage this?
* Our clients get a report each month, which clearly shows their secure score/
* We also have a monitoring system available that will alert if this score becomes too low over time - an extra reminder that things need to be improved.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.

Reach out to us if you organisation needs help getting on the front foot when it comes to cyber security.

Is your business running on 365? Would you know if someone is trying to break in to one of the accounts in your organis...
19/02/2024

Is your business running on 365? Would you know if someone is trying to break in to one of the accounts in your organisation?

First of all, why should you care? It matters because it is far better to stop the intrusion, rather than having to clean up the mess after the fact. If you have an early warning sign, it is definitely worth getting in and being proactive.

A myth that we often hear is that ‘we are too small to be targeted’. We have seen even some of the smallest clients receive 30,000+ failed login attempts within a short period of time.

What can you do about it? There are numerous steps you can take, such as:
- Ensure any (and all!) targeted users have Multi-Factor-Authentication setup and enforced
- Ensure that the users in question are using a strong password
- Ensure that the passwords in use are unique (and not used else where)
- Ensure suitable Conditional Access Policies are in place
- Notify at risk users, asking them to be on the look-out for suspicious activity on their accounts and devices
- Also ensure that all users are suitably trained in cyber security precautions

Now to the question again, how would you find out that one of your user accounts is under attack? Normally, by default, you wouldn’t. No alerts, nothing. However - we have an affordable solution that can monitor for this, and help put you and your organisation on the front-foot when it comes to cyber security.

We are an Australian owned and operated business. Helping other like-minded Australian organisations improve their cyber security posture.

Reach out to our friendly team to see how we can help.

Each time we onboard a new client that already has 365, we undertake a review of what is in place. What do we almost al...
16/02/2024

Each time we onboard a new client that already has 365, we undertake a review of what is in place.

What do we almost always find? ... Excess users. Often to surprise (and sometimes shock) - "That person hasn't worked here for years". This typically ends up with a list with lots of red lines, itemising the old users to remove.

It is an effective clean up, however that is only valid at that point in time. How do we handle user lists over time? We have 3 main ways to address the problem:

a) We provide our clients with a list of users in their 365 system on a monthly basis.

b) We monitor for common services that are not utilised by an account. For example, if a team member is not utilising their email, it likely means that user has left.

c) We monitor for logins that have not been active for many months.

Why is this important? Only active and valid users should have access to your environment. Idle accounts are a serious security risk.

Want more information? Reach out to our friendly team.

Your 365 inbox. If I asked you to think about what was in your email inbox right now, you could probably give me a prett...
14/02/2024

Your 365 inbox. If I asked you to think about what was in your email inbox right now, you could probably give me a pretty good list. What you probably won't think about is what else that email account has access to - ie if you had to 'reset a password via email', what could you reset with your work email account? This could potentially be social media accounts, suppliers systems, invoicing systems, payroll, (and the list goes on!).

The email inboxes of your organisation might hold both sensitive data, and also give access to external systems. Once the combined value of this is realised, the need to secure it becomes even more clear, "I have Multi-Factor-Authentication setup" (MFA), will that be enough? MFA is great help, however there might be something else lurking underneath.

The other item to be concerned about are what are known as "Email Rules". These typically aren't visible and allow you to automatically file and arrange incoming emails based on rules. We have seen numerous instances where these email rules have been used maliciously by an attacker to forward incoming email to an external email address that the attacker controls.

What does this mean? Potentially that all your incoming email could be forwarded to a hostile email address, allowing an attacker to read all new email and also potentially utilise this to reset access to third-party systems. Once in place this type of rule will survive password resets, and MFA.

How do we deal with this? We have a system that can report on existing rules that contain a forwarder rule. This same solution can also alert for new rules that have been added. How does this help? This greatly reduces the time to discovery. Addressing the situation earlier allows for a significant reduction in risk.

Interested in further information? We can assist, please make contact with our friendly team.

Address

Canberra, ACT
2609

Opening Hours

Monday 8:30am - 5:30am
Tuesday 8:30am - 5:30pm
Wednesday 8:30am - 5:30pm
Thursday 8:30am - 5:30pm
Friday 8:30am - 5:30pm

Telephone

+61 2 6102 4500

Website

Alerts

Be the first to know and let us send you an email when BluePackets posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Organization

Send a message to BluePackets:

Shortcuts

Share