Social - Clear

Company Slogan

THE STRAIGHT TALKING ALTERNATIVE

Social - Clear

3rd Generation of our Managed Security Platform Launched

OTW becomes a major Fortinet cloud Managed Security provider Following 18-months of R&D, we have embraced Fortinet’s virtualised cloud deployment model to offer Managed Security and network services to Australian businesses. Over the Wire and subsidiary Telarus have been using Fortinet’s security platform for nearly a decade and we're excited to launch our 3rd generation of the Managed Security offering.

Leveraging our existing private cloud environment, which has nodes in Melbourne, Sydney and Brisbane, we are able to expand the security platform onto our private cloud. This means that our customers will be able to benefit from a diverse and complex managed security solution at the core of their business WAN while avoiding large hardware capital expenditure.

“Previously we had deployed appliances in diverse data centres but found that this model lacked the flexibility required by growing businesses. Not only does the physical security appliance model require the purchase of redundant hardware, but as soon as a client needs additional capacity or features there is the risk that all the old hardware becomes obsolete,” says Scott Allen, Over the Wire’s National Manager of Presales. “By leveraging Fortinet’s VM licensing and moving the physical infrastructure requirements onto our existing cloud nodes we can rapidly deploy or upgrade a customer’s environment without risk of having wasted tin sitting around at the end of the process, meaning a faster turnaround at a lower cost.”

The decision to retain Fortinet as the security vendor extends a relationship that has been ongoing since 2010. The Fortinet Security Fabric enables Over the Wire customers to benefit from a comprehensive suite of security intelligence, integrated seamlessly into their corporate network.

“Beyond the standard detection, prevention, content filtering and reporting, the Fortinet offering also gives Over the Wire customers greater peace-of-mind,” Scott continues. The Fortinet Security Fabric helps businesses to be one step ahead through the AI and Machine Learning Fortinet uses on data from millions of connected end-points worldwide, meaning better detection and blocking of ‘Zero-Day’ threats. “By adding this at the private network level and managing it for them, our customers get a comprehensive network security solution, not simply a security appliance deployed in isolation,” Scott Allen explains.

With the Notifiable Data Breach scheme introduced earlier this year and other security issues in the news regularly, corporate data security has become a hot topic. At Over the Wire we believe in the importance of a robust, managed security solution. This gives Australian businesses access to expert support and enterprise-grade solution deployments that would otherwise be out of reach for most organisations.

Learn more about Over the Wire's Managed Security solutions online or contact our team to organise a security discussion session today.


5 ways your business can prevent email compromise

5 ways your business can prevent email compromise The Federal Bureau of Investigation (FBI) has stated that between October 2013 and May 2016, cyber criminals scammed $3.1 billion from over 22,000 victims in at least 79 countries through business email compromise (BEC).

At the core of business email compromise are spoofed emails - communications that have forged headers, addresses or signatures to make them look authoritative and trustworthy. They often request fund transfers or sensitive information that can result in large-scale data breaches.

Business email compromise doesn't discriminate by company size - the smallest organisation can be hit just as hard as a large corporation. Here are five suggestions to help protect your business.


1. Use Sender Policy Framework (SPF)

SPF is a critical tool for differentiating authentic emails from spoofed ones. When you establish an SPF, you can create a safe list of domains that your organisation approves for communication - for example, your own internal domain.

It will then conduct a verification of every incoming email and will send a warning if the address does not match the approved list of domains. You can then decide to analyse, quarantine or delete suspicious emails before they reach their intended destination. A variant of this system is Microsoft Exchange's Sender ID.


2. Register domains similar to your own

A common tactic used by cyber criminals is sending emails that look similar to your own - for example, replacing a lower-case L with the number 1. At a glance, this can fool many people into thinking they're receiving official communications.

One way of preventing this tactic is simply to identify all potential imitations of your domain, and register them yourself. Make sure you update these registrations on a regular basis, so they can’t be taken over by malicious entities upon expiry.


3. Add a 'hard fail' record

The Australian Signals Directorate (ASD) states that a hard fail record is a core element of preventing spoofed emails. With an SPF, unauthorised email domains can still reach the end user, but with a warning that the message comes from untrusted sources.

By configuring DNS settings to add a 'hard fail' record and setting this to a rigorous action, you can ensure communications from unauthorised domains go straight to spam or trash folders. This could also apply to emails sent from company addresses, but not company servers - another red flag to watch.


4. Educate your employees

Research from the Ponemon Institute and IBM shows that 27 per cent of data breaches are due to staff or contractor negligence [1]. By educating your employees on the dangers of business email compromise, you take a critical step towards prevention.

Train employees on their role in information security and educate them on email spoofing and spearphishing. Make sure they understand each and every red flag to look out for. You can also implement processes that mitigate the risk of falling prey to spoofing, such as requiring a phone conversation or face-to-face confirmation for any financial or informational transfer.


5. Use application whitelisting

This addresses a symptom of email compromise rather than the cause, but is nonetheless important. Application whitelisting is part of the ASD's Essential Eight, and entails limiting the applications that can be opened on your data network. It prevents the possibility of malicious programs from opening, and can further alert people to potential compromise when they try to open an attachment from a spoofed email.


Get the best for your business

Click here to download the eBook Business email compromise is all too common in Australia, but there are tangible steps you can take to mitigate the risks. Of course, this can be a complex process for businesses that are not well-versed in cyber security - this is where Over the Wire can help.

Our managed security services take over the administrative responsibility for your day-to-day protection and give you 24/7 cover from all manner of cyber threats. Contact our team to find out what we can do for you.

Learn more about the primary areas of cyber risk in our 24 page eBook, IT Managers: Set your Network Defences to Stunning, you can download it here.



[1] 2017 Cost of Data Breach Study: Australia (IBM/Ponemon Institute, June 2017)



Do you understand the consequences of an Australian data breach?

The consequences of a data breach are extensive. The impacts of a data breach stretch far beyond the immediate consequences from the loss of critical information and the cost of mitigating the spread. According to 51 percent of respondents to a Ponemon Institute study[1] who experienced a data breach in the last two years, the impact is much wider and it's critical that you take action.

By assessing the ways in which a data breach would affect your data networks and operations, you can begin to implement prevention strategies to mitigate the risk.

[1] 2017 Cost of Data Breach Study: Australia (IBM/Ponemon Institute, June 2017)


1) Financial consequences of a data breach

According to the Ponemon Institute, the average cost of a data breach is $139 per compromised record, with slight variations depending on the cause:

  • $154 per record compromised due to a malicious attack.
  • $130 per record compromised due to a system glitch.
  • $121 per record compromised due to employee or contractor error.

This may seem minuscule, but 41 per cent of respondents to the Ponemon Institute had more than 1,000 records affected by a breach in a 24 month period - which takes the immediate cost impact of a data breach to over the $100,000 mark.

For publically listed companies, research shows that stock prices drop 5 per cent in the aftermath of breach disclosure. The time that it takes the share price to recover will extend if the organisation has poor response processes. Meanwhile, failure to comply with the new Australian Notifiable Data Breaches (NDB) scheme can net fines as large as $2.1 million.

Prevention is the best strategy - cyber criminals do not discriminate by business size, and these costs have the capacity to break smaller Australian businesses.


2) Reputation consequences of a data breach

With mandatory disclosure of serious breaches now in place for many Australian businesses, managing damage to reputation is a must. Of the average $139 lost per compromised record, only $60 is attributed to direct action such as containment and assessment.

This means more than half the cost of a data breach can be attributed to indirect consequences, such as managing customer turnover in the wake of the event. Some industries are more susceptible to high churn than others - financial services and tech companies, where there is an expectation of high security measures, are hit especially hard.

Marketing campaigns, hiring media management and building customer trust following a data breach takes time and money. Avoiding such situations in the first place is the ideal.


3) Legal consequences of a data breach

The NDB scheme has put much greater requirements on Australian organisations when they identify a data breach. Beyond the costs of detection, containment, hiring external parties (like lawyers and data forensics teams) and reporting, there can be significant legal consequences.

Reporting may have to be disclosed to the ATO, ASIC, ACSC or even the Federal Police, depending on the breach. Failure to uphold obligations under the Privacy Act 1993 may result in legal proceedings, while financial penalties from the Office of the Australian Information Commissioner (OAIC) can reach as much as $2.1 million.


Manage and prevent a data breach with a security partner

Beyond the costs to your organisation, data breaches have the potential to inflict serious harm on individuals connected with your company. If not swiftly addressed, customers' private and financial information may be compromised. Fraud and identity theft are just some of the possible consequences highlighted by the OAIC.

The smallest breach can have wide-ranging and costly impact. To mitigate the risks, look into using managed security services. At Over the Wire, we provide 24/7 protection and notification, with local specialists on hand to monitor and mitigate any threats to your company. Get in touch to find out how we can help.


What you need to know about the Notifiable Data Breaches Scheme

What you need to know about the Notifiable Data Breaches Scheme The Australian data security landscape has profoundly changed. On February 22, 2018 the Australian government's Notifiable Data Breaches (NDB) scheme came into effect, requiring all organisations to report NDBs to those individuals affected.

It's a crucial step for Australian cyber security, but it's one that means organisations all over the country will need to completely revamp their relevant strategies and policies.


How does the Notifiable Data Breaches scheme work?

The Office of the Australian Information Commissioner (OAIC) is an independent Government agency, that is responsible for administering the principles of the Privacy Act 1988.

As the OAIC notes, the NDB scheme directs organisations covered under the Privacy Act 1988 "to notify any individuals likely to be at risk of serious harm by a data breach". They must also inform the OAIC as soon as possible.

The scheme aims to improve corporate transparency around data breaches and to foster "consumer and community confidence" in the large data networks that hold personal information. It also enables individuals to minimise the damage caused by a data breach as quickly as possible.


What qualifies as a Notifiable Data Breach?

There has been some debate about this, with a recent PricewaterhouseCoopers paper debating the strength of 'serious harm', and noting that it could be open to interpretation or argument. However, the OAIC notes that an NDB will likely include:

  • Theft or loss of a device containing personal information.
  • Hacking of central databases that hold personal information.
  • Accidental or malicious disclosure of personal information.

The Equifax breach of 2017 is a prime example of this at a high level, while at a small scale an NDB could be as simple as sending a small business' financial information to the wrong email.


Who must comply with the Notifiable Data Breaches Scheme?

All organisations covered by the Australian Privacy Act must comply with the Notifiable Data Breaches scheme. The following are examples of those who will have an obligation to notify any data breaches:

  • Businesses and not-for-profit organisations with an annual turnover of greater than $3,000,000.
  • Federal government bodies and private health organisations.
  • Small business operators: Those with turnover of under $3 million who provide health services, trade personal information, report on credit, or are related to an APP entity.
  • Credit reporting bodies: Including those with turnover of more than $3 million.
  • Credit providers.
  • Tax File Number (TFN) recipients.

How can organisations notify individuals?

Ideally, organisations subject to a data breach should notify affected individuals directly, as well as presenting a statement to the OAIC. If the organisation cannot get in touch with all individuals, they can reach out to only those at risk of serious harm. If the organisation cannot inform any individuals, they must publish the OAIC statement on their website and take all reasonable steps to let impacted parties know about this.

Notifications should include a description of the breach and the type of information at risk, as well as the organisation's own contact details and steps individuals should take to mitigate the risks of the breach.


How can businesses identify Notifiable Data Breaches?

This can be more difficult. If an organisation knows with certainty that a Notifiable Data Breach has occurred, it must take the above steps as quickly as possible. However, in many cases a business will simply suspect a data breach has taken place, without concrete evidence of it or its impact.

In these cases, the OAIC requires operators to take all reasonable assessment steps within 30 calendar days of first becoming aware of the potential for a breach. This should be a "reasonable and expeditious" assessment, have a risk-based approach, and remain in line with the business' own data breach response planning.


What can businesses do to be prepared?

Click here to download the White Paper If your business will be impacted by this change, it is important to conduct a rigorous assessment of your data security. Everything from individual security protocols and education to the strength and number of your firewalls should be analysed, weak points addressed and fail-safes for identifying and reporting breaches established.

To get you started our white paper, 6 Steps to Improve your Business Cyber Security, is a great resource with tips you can put into action immediately to help protect your business and avoid data breaches. You can download it here.

For a more comprehensive look at your company's security policies, our experts can work with you to evaluate your current data security provisions and find ways to improve them. Let us help you today.

Don't Get Caught Out By Your SLA's

Service Level Agreements

One of the most important components to consider in a business grade telecommunications service is the Service Level Agreements (SLAs) that accompany the terms and conditions of the contract. However, it is also one of the most commonly misunderstood aspects of a service, and as such it can lead to a great deal of unexpected and unnecessary problems. Here’s why:

"A Service Level Agreement is not a guarantee that your infrastructure will remain active for the specified uptime. Rather it is the minimum period of outage after which the business will receive a financial rebate, where this has been stated in the contract."

For instance, a 99.95% uptime SLA (which is typical for the majority of business grade Ethernet services) has a maximum target downtime of 21 minutes and 55 seconds per month. Many IT Managers make the costly mistake of thinking this means that the service is guaranteed to be active for the remaining time period. It isn’t. The SLA simply means that come 21 minutes and 56 seconds, the customer will be able to claim some remuneration for any additional downtime experienced.

Why are the SLA’s not guarantees?

Using the example of a 99.95% SLA, 21 minutes and 55 seconds is more than enough time for a provider to fix the majority of network faults. However, infrastructure faults, which often rely on third parties to be resolved, can take much longer. For instance fibre cuts, ULL faults, and NTU failures are normally beyond the scope of the service providers control and as such require third party technicians to be physically present at the point of failure to be resolved. Depending on the fault, the remoteness of the area, number of services affected and the availability of qualified technicians, infrastructure failures may take several days to resolve.

Why does this matter if the provider has to compensate me?

Whilst an SLA may provide remuneration in the event of a service outage, the rate of remuneration is determined by the provider and is not linked to the actual loss incurred by the business. This means that the risk of a failure still needs to be weighed against the potential costs of one occurring. If the impact on the business is deemed to be unacceptably high it is strongly recommended that organisations consider utilising a redundancy package to mitigate the risk of an outage occurring.

What redundancy options are available?

Typical considerations for redundancy should include the following; however, it is recommend that all organisations consider backup links on a per-site basis so that the appropriate technology can be balanced against the cost.

  • Due to their low cost and geographic availability, ADSL links are often recommended for the majority of sites.
  • However if the site is in a remote location or there is a high risk of a large scale problem (e.g. flooding, bush fires, etc.), 3G and 4G backup links can be used. 3/4G is also recommended as a method of providing redundancy against terrestrial problems. For instance if a fibre cable, or other form of cable infrastructure is cut, it is likely that an ADSL connection will be affected as well, making 3/4G the most viable alternative. Microwave transmission can also be used to the same effect, however it comes with its own advantages and disadvantages. You can read more about the differences in connectivity options in this article on connectivity.
  • The deployment of a second router to provide additional device redundancy can protect against hardware failure and get you back to work almost instantly.
  • Due to a slow reduction in costs, protected fibre (fibre that takes diverse routes to the exchange) is becoming increasingly common as a backup option. Protected fibre comes with the advantage of being able to offer the same speed as the primary connectivity option.

Considerations should also be made as to whether there is a requirement for automatic or manual failover, as each of these options has the potential to affect the speed at which your service can be restored.

The next time your organisation is considering setting up a link to a new office, or upgrading an existing network, make sure you keep in mind that an SLA is not a silver bullet, and that the risk of an outage needs to be balanced against the potential costs of one occurring. 

Access Expertise via Managed Services

Managed Services is a term used in the IT industry to refer to the support of IT and Networking infrastructure; including anything from server support, through to complete ownership of an environment down to the device level.

In Australia, there has been a definite trend towards this kind of ‘outsourced IT’ over time, with the realisation that it is often unrealistic to expect an internal IT resource to be an expert and have time to stay up to date with an increasingly broad range of systems, particularly at a price point suitable for the business.

Hence the primary benefit organisations seek to derive for managed services providers is the ability to leverage the expertise of professionals with an esoteric skill set in order to gain more efficient utilisation of their existing infrastructure. This may occur as the result of consultation during infrastructure deployments, but can also result from day to day support and management programs which augment the skills and availability of in house IT teams.

To ensure that your IT is built and performing to enable your business to achieve its goals, rather than hinder them, the right amalgamation of different fields of expertise is required. So that we can offer the most appropriate solutions, and support a wide range of deployment styles, Over the Wire works with an extensive network of corporate partners, each of which are experts in their relevant fields, as well as maintaining our own in house teams of engineers.

This enables us to join your team as a trusted adviser, assisting your business goals through the ownership of your whole environment, parts of it, or simply on an ad-hoc basis. When used in conjunction with the wide range of other network, infrastructure, and voice services also offered by Over the Wire, a complete, end-to-end solution can be achieved; with a single point of call, backed by extensive experience in each area.

In the video below Over the Wire’s General Manager of Services Simon Wren, talks about some of the benefits of an Over the Wire Managed Services agreement.

For more information about our IT Support Services,  visit our IT Support Services Webpage, or call us to create a tailor made support solution for your business.

Tags: 

Managed Services Provider Celentia Purchased

Over the Wire is pleased to announce that it has acquired Brisbane based Managed Service Provider Celentia.

Celentia has a long history of providing IT support services to businesses in Brisbane and we welcome them as a valuable addition to our team. This acquisition will help Over the Wire strengthen it’s end to end service value proposition, by allowing our clients to deal with a single provider for all of their IT and Telecommunications requirements.

More information about Over the Wire’s IT support services can be found on our IT Support Services webpage.

For additional details about the aquisition please contact media@overthewire.com.au

Tags: