Why NBN vs Business Grade Internet Solutions and comparisons.

We are often asked , “Should I go NBN for my business? Its cheap and fast!”

We are finding many business being cold-called for NBN solutions. Even though these sound quite low cost, in many areas, it isn’t much different to ADSL. Some cold callers will use scare tactics to force you into making a rash decision.

Often being told

  • they guarantee speeds, which is untrue (except with NBN business grade services, and at the time of writing are not offered in all areas)
  • that copper will be ripped out soon and unless upgrade now will have no internet or phones.
  • no other option but NBN for internet because of the fibre (untrue, we offer fixed wireless , not 4G but business grade, services)

Sterling IT have taken these cold calls and have informed the ‘sales person’ that these claims are untrue and need to be very careful with these sales tactics.
One of the biggest advantages on NBN over ADSL is the upload speeds. They are after 10-20 times faster than ADSL. However, with the download speeds, even at 25 or 50Mbps claimed speeds, many clients are not achieving these at the moment.

Another BIG issue for business is the SLA (“Service Level Agreement”) – Unlike a business grade connection of 99.99% uptime, NBN SLAs are generally lower, meaning longer outages without claim. We actually had one client out (during the sale of their business) down for 1 week because of NBN. They had 2x NBN connections, one for backup, and both NBN connections went down.

Smart company article : Take a READ HERE

It is always recommended to (1) Have a business grade connection; (2) Have a cheap backup connection on a different technology (eg wireless if main one is wired and vice versa)

Sterling IT is able to offer all types of services (including NBN) , however our recommendations are based on location, costs, service, dependence on internet plus many other factors.
Get professional advice from your trusted IT advisor on what is best for your business. Please do not make price your first choice. We have seen too many bad decisions because of this and businesses lose thousands of dollars in sales and productivity.

If you would like a FREE site quality check or a review on your current connection, please let us know.
Even if in contract, we are happy to discuss and provide a free review.

Petya Ransomware, worst than Cryptolocker as will try and encrypt whole drive or most files.

petya_ransomware

This Petya ransomware will kill the Master Boot Record making your hard disk useless. If this fails, it will then run a file-encypting program

Petya is an unusual ransomware threat that first popped up on security researchers’ radar in March. Instead of encrypting a user’s files directly, it encrypts the master file table (MFT) used by NTFS disk partitions to hold information about file names, sizes and location on the physical disk.

Before encrypting the MFT, Petya replaces the computer’s master boot record (MBR), which contains code that initiates the operating system’s bootloader. Petya replaces it with its own malicious code that displays the ransom note and leaves computers unable to boot.

However, in order to overwrite the MBR after it infects a computer, the malware needs to obtain administrator privileges. It does so by asking users for access via the User Account Control (UAC) mechanism in Windows.

In previous versions, if Petya failed to obtain administrator privileges, it stopped the infection routine. However, in such a case, the latest variant installs another ransomware program, dubbed Mischa, that begins to encrypt users’ files directly, an operation that doesn’t require special privileges.

The ransom that Mischa currently asks is approx 2 bitcoins, or around US$900

Another thing that sets Mischa apart is that it encrypts executable (.EXE) files in addition to documents, pictures, videos and other user-generated files typically targeted by ransomware programs. This has the potential to leave installed programs and the OS in a non-functional state, making it harder to pay the ransom from the affected system.

The installer for the Petya-Mischa combo is distributed via spam emails that pose as job applications.
These emails contain a link to an online file storage service that hosts a picture of the alleged applicant and a malicious executable file that masquerades as a PDF document.

If it’s downloaded and executed, the fake PDF file first tries to install Petya and if that fails, it installs Mischa.
There is currently no known way to restore files encrypted by Mischa without paying the ransom.

 

 

No audio device found in Remote Desktop Terminal Server client redirection on 2008 or 2012 server

no-audio-card-sound-on-2012

Having a problem getting audio sound redirected over terminal server or remote desktop server 2008 or 2012 to the client?

Here are a couple of things to check to enable audio redirect, even when server has no audio sound card.

When you connect the client to the server, it will redirect all sounds to be played via your local sound card however this may fail due to the following issues.

  1. Make sure the client has Audio enabled.
    • In the Remote Connection (MSTSC.EXE) , under LOCAL RESOURCES – > REMOTE AUDIO SETTINGS, make sure PLAY ON THIS COMPUTER is enabled
  2. Make sure that on the 2012 Server, DESKTOP EXPERIENCE is installed. This can be found under Server Manager under Roles and Features
  3. Right click the speaker icon and make sure you can test a PLAYBACK SOUND. There should also be a VIRTUAL SOUNDCARD listed
  4. If you still get NO AUDIO DEVICE FOUND at this stage, you will need to go back to server manager, under the SERVER COLLECTIONS, make sure that the REMOTE USER has Audio enabled.

If you require further assistance or more technical information, please make comment and we will be happy to further assist.

2015 Top 25 passwords used – how to protect yourself on mobile and computer.

If you cannot remember a complex password or more than one password, ask Sterling IT how we can assist you with a password manager that is secure.

Internet users continue to put their security at risk by using generic passwords such as “123456” and “password”, despite widespread advice to create more unique and secure codes.

Both “123456” and “password” have held the top two spots on SplashData’s annual list of leaked passwords since the first list in 2011 and data released by SplashData yesterday shows 2015 was no different.

The top 10 passwords on the 2015 list are dominated by numerical passwords, with football, baseball and ‘qwerty’ also among the least secure passwords being used online.

 

Go to Smart Company to READ MORE

Sterling IT have the solution to protect your passwords securely on phone and computers.

Contact us for more info

 

Source: smartcompany.com.au  – Recommended by Sterling IT for all good businesses.

CEO CFO and other management caught up in scam emails to transfer funds using fake accounts

my-account-was-hacked-and-all-my-money-stolenScammers are reportedly claiming to be corporate CEOs in email scams designed to steal up to hundreds of thousands of dollars from targeted companies.

Sterling IT has had one of its clients be hit with this twice and we believe they phished the email addresses from their website.
The staff also had their titles with their email addresses making it very easy.

Stay Smart Online has received a report that scammers misrepresenting themselves as corporate CEOs are sending fake emails to the CFOs of targeted companies. These emails request that up to hundreds of thousands of dollars be transferred urgently from targeted businesses to apparently legitimate bank accounts held by third-party individuals. However, these bank accounts may have been established using the details of people who have been victims of identity theft.

The relatively sophisticated scam appears to be identical to, or a recurrence of, the ‘Business Email Compromise’ or ‘Wire Fraud’ scam that Stay Smart Online provided an Alert about in October 2014. Details of the 2014 scam were provided by CERT Australia. The FBI has published similar reports regarding the ‘Business Email Compromise’ scam.

Businesses are advised to be suspicious of unexpected, urgent demands for large sums of money by any person – including CEOs and other senior leaders. You should always verify these requests directly with the person involved, and follow all governance and due diligence processes.
CERT Australia provides the following advice:

  • Consider adding a second method of verification for large financial transfers, such as verbal verification between employees.
  • Alert employees to be vigilant with regard to these incidents, especially those conducting or authorising wire transfers or similar financial instruments.
  • Do not reply to the email.
  • Sender Policy Framework (SPF) checking should be implemented to detect and prevent sender address forgery.
  • Review network logs for evidence of the indicators provided in this Alert.
  • Configure mail servers and mail scanners to block and remove emails with the indicators provided in this Alert.
  • Report identified activity to CERT Australia.

If a company has been defrauded as a consequence of these emails, report the matter to local police for investigation and escalation as appropriate.

 

 

Source: staysmartonline.gov.au 

Received an email? Do you click or not click? – Malware, Scams, Trojans, Viruses could be lurking

The internet has become an indispensable tool for everyday life, both personal and business. Its global use and familiarity has also opened the doors for cyber-criminals to take every opportunity to exploit vulnerable people through disturbing online attacks. Online scams and malware are also becoming increasingly sophisticated, and while IT professionals are aware of what to look for and how to fix problems when they arise, their colleagues may be confused by the latest scams discussed in the media.

Botnets

A botnet is the result of a criminal using malware (malicious software) to turn a computer into a bot, short for robot. In conjunction with a large number of other computers, these systems together form a botnet. Bots can often propagate themselves across the Internet by searching for vulnerable and unprotected computers. Exposed computers can be infected quickly and unknown to the user stay dormant until they are required to perform their detrimental attack. Once infected these bots can be controlled remotely to perform automated tasks over the internet such as sending out spam, malware and spyware; launching denial of service (DoS) attacks against other systems; or participating in other types of cyber-crime such as theft or fraud.

Hacking

Computer hacking has been around much longer then people have had PCs in their own homes, and is the term used to describe gaining unauthorised access into a computer. Hacking can be used to find weaknesses in your security settings which are then exploited to gain sensitive or personal information, to install malware, or to block or hijack your access to websites or email.

Malware

Extremely common, malware, or malicious software, is software you don’t want to infect your computer. Malware includes computer viruses, worms, ransomware and Trojan horses. Specifically designed to disrupt, damage or gain control of a computer system or data, therein each of these types of malware has its own purpose. Malware does a range of things, it may tell you that your computer has a security problem, re-formats your hard drive, alters, deletes or encrypts files; steals sensitive information, sends unauthorised emails, or takes control of your computer and all of the software on it.

Types of Malware

Viruses

A computer virus when executed will replicate by inserting copies of itself (possibly modified) into your computer programs, data files, the hard drive or connected network shares. By doing this the virus infects your system and interferes with the way a computer operates. Viruses are often spread via normal looking attachments in an email message or instant message; through downloads, or in pirated software.

Trojan Horse

Like the Greek tale, the Trojan horse or Trojan, employs social engineering so that it looks legitimate, useful or interesting to the potential victim who is then more susceptible to installing it on their computer. As a non-self-replicating type of malware program it is designed so when it is executed it carries out the actions determined in the program, often including joining the computer to a botnet.

Ransomware

As a relatively recent addition to the malware family, ransomware is a digital form of extortion. When you open a malicious email attachment or click a malicious link in an email message, instant message, on a social networking site, or other website; ransomware is downloaded onto your computer and is designed to block access to all your files and programs until a sum of money is paid. A computer becomes basically inoperable as you have no access to any of your files (unless you have done regular data backups). It is generally advised that you don’t pay the ransom as you cannot be guaranteed you will get the key or code to unlock your files.

Phishing

Phishing has also become a firm favourite of cyber-criminals. These sophisticated modern day forgers use deception and social engineering techniques to trick users. This is done by sending emails, text messages or website links purporting to be from authentic companies that the victim may have had previous communications with (also called spoofing). These fake messages or links are then used to persuade the recipient to reveal personal information including usernames, passwords and credit card details. Phishing scams have become increasingly prevalent because they are easy to execute, and with little effort.

Spam

Spam is another common method for sending information out and collecting it from unsuspecting people. Spam is usually the mass distribution of unsolicited messages, marketing, advertising or pornography. Spam tends to annoy people mostly by clogging their inboxes with junk, however it can also be a vehicle for malware, scams, fraud and threats to privacy.

TIPS FOR CYBER SECURITY

It is vital that anyone who sends and receives emails daily (at home or at work) is made aware and well educated on these common types of cyber threats.
There are a wide range of things you should remember or put into place within your organisation, to ensure your computer/computers are protected the best way possible.

• Avoid giving your email address out online. If you publish your email address on the web, make it unscannable so that it cannot be harvested by bots. There are alternative ways to display an email address which in turn makes it hard for spambots and cyber criminals to harvest it.

• Never open an attachment that is a .zip file or .exe file unless you are expecting it. Files from unknown senders often contain some kind of malware or virus.

• Check who is sending you email communication. Be aware that malware, phishing scams or spam may come from unrecognisable or odd email addresses, however legitimate email addresses can be forged easily.

• Never respond. If unsure, report the message as ‘spam’ to your service provider, and delete it! Also, you should delete the email from your trash to save you accidentally opening it in the future.

• Only click links from trusted senders. If an email has a link you don’t recognise, take a closer look by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.

• Check for spelling, grammar and syntax. Most malware, phishing scams or spam originate from foreign countries so may contain some very obvious errors.

• A reputable company or organisation will never use an email to request personal information. If you think there is a possibility it may be legitimate, type the real URL into your browser or contact the company directly.

• Reading an email in plain text rather than html can help to avoid phishing attempts, however this is not 100% foolproof.

• Report any suspicious or scam emails to the company that is being imitated, your email security provider, or to SCAMwatch.

• If a computer runs slowly, keeps crashing or stops responding often, this could be a sign that the computer is infected. Get an IT professional to take a look for you.

• It is extremely important to back up your data every single day.

• Utilise multilayered defences. This includes installing anti-virus, anti-malware, anti-spyware, and using cloud based email filtering and web filtering services. You should also not conduct day to day work with Administrator privileges on your workstation. Instead, you should use elevated privileges only when required, for example to install trusted software. Having one form of protection alone may not cover you for all the possible threats.

• Keep your software regularly updated. Software that updates automatically is incredibly beneficial to busy organisations.

• Use strong passwords and keep them secret. It is also a good idea to change them on a regular basis. Don’t use the same password for multiple accounts.

• Install a firewall on your computer and never turn it off.

• Increase security settings on your browser. You can limit user rights to certain online sites.

• Use external devices cautiously. This includes USBs and iPads/iPhones etc. as these can become infected with malware, corrupting your computer.

Cyber criminals are quite adept at tricking email users into falling for their scams. They are always coming up with new methods of deception. It is in the best interest of every company to ensure all their employees are educated on the most commonly known threats. Staying cyber-vigilant and applying solid security measures, is always the best defence against any future breaches.

Want to add another of level of protection on your email? Filter with Mailguard – the providers of the information above.

Need more information, quote on Mailguard or training for your staff?
Contact Us NOW! – Don’t Delay