telanova Blog

telanova: the outsourced IT team that feels like your own

Providing advice, consultancy, helpdesk, monitoring and maintenance, updates, upgrades, security: all the things your in-house team would do, but better and at a fraction of the cost and hassle.

When things don’t go to plan...

Details
Created: Monday, 10 May 2021
Written by Jonathan Hobson

A customer called us who’d just had their office remodelled and realised there had been a miscommunication with their electrician. The customer had asked their electrician to install some network cables along with the rest of the electrical work. His quote specified he was installing the network cables in the wall, but didn’t include the actual network sockets. Unfortunately the customer didn’t spot the omission.

The customer needed to move into the remodelled office within a couple of days. No cabling company would commit to coming out for such a small job quickly. Cabling isn’t our business, but for our customers we go the extra mile. We dusted off our cabling tools and got the job done.

You won’t get this flexibility (and resourcefulness) from other IT support companies

Zero-day exploits and what you can do about them

Details
Created: Wednesday, 05 May 2021
Written by Paul Grigg

There’s always a gap between the discovery of a software flaw and a patch being released to fix it. A “Zero-day exploit” is when the bad guys exploit the flaw before the patch is available, usually before the hardware or software maker even knows the flaw exists. Antivirus, firewalls, web filtering etc, don’t protect you from them. A recent example was the Exchange Zero-day exploit in March 2021. Thousands of organisations were scrambling around when they discovered their Exchange servers were breached.

With organised crime and nation-state backed hackers on the attack organizations need to switch to a mindset that they will eventually be breached in some way. Organizations need to take steps to limit the damage from a breach. It's a bit like sprinklers, fire extinguishers and fire doors in a building. None of them prevent a fire in the first place but limit the damage.

Every organization is different, requiring slightly different strategies, but some that will apply to all are:

  1. Software to detect and disable intrusions hopping laterally from one device or system to others (Lateral Movement Detection)
  2. Remove admin rights on devices
  3. Remove admin rights on cloud/web services
  4. Limit access within line of business applications
  5. Structure files/folders and limit access

Engage telanova as your IT team and we will advise you on appropriate security strategies for your organization and implement them.

Software As A Service (SaaS)

Details
Created: Tuesday, 13 April 2021
Written by Tim Nicholls

Software as a service (SaaS) has been around for a while but what is it and what are the advantages to using it?

SaaS is software that is hosted remotely by the vendor and you access it over the internet. Instead of purchasing it outright, you pay a subscription fee to use it.

Pros:

  • Reliability. SaaS is more reliable, as long as you choose your provider with care, and check the service level agreements. It is not unknown for even the largest providers with the best-known brands to have outages and their terms and conditions may preclude any compensation for downtime.
  • Lower total cost of ownership. No capital expenditure for on-premises infrastructure or licencing, which can be just the tip of the iceberg. Maintaining on-premise infrastructure is where the true costs add up.
  • Scalability. It is easy to add subscriptions as the business expands.
  • Flexibility. Use the service from any device with a web browser
  • Saves you time. As there is nothing to install, once you have purchased the subscriptions and been sent the login details you can start using it immediately, you don’t have to wait on your IT Team to come around and install the software. If your PC breaks down you can just grab a spare one and log back into the software and carry on working with minimal downtime.
  • Compatibility? No worries. Because it is hosted remotely, you don’t have to worry about making sure everyone on your team is upgraded to the latest version.

Cons:

  • Lack of control over updates. Updates and feature changes get deployed regardless of whether you want or need them. Users can be disorientated by the sudden appearance or change of location of features within the product.
  • Scalability is usually one way, it can be hard to scale down if you no longer need licenses because you may have had to commit to a minimum contract term.
  • Reliant on your internet connection. If you have a flaky connection then you should not consider SaaS.
  • Danger of service termination if the provider goes out of business
  • You have less control over your data. To be compliant with GDPR you must choose a supplier who is also compliant with GDPR legislation

Choosing the right solution for your business can be confusing. There are some offerings that look like SaaS but aren’t. These are offerings where you remote desktop to a server running conventional software. A good question to ask a vendor is - does this run in any web browser or do you have to use remote desktop? If it doesn’t run in a web browser then it isn't really SaaS.

Talk to the experienced team at telanova, and we can help you to the right solution for your business

I can’t believe it’s not a real invoice!

Details
Created: Wednesday, 05 May 2021
Written by Tim Nicholls

A true story: An employee of a customer of ours recently received a very legitimate looking invoice from one of their suppliers, and at first glance even the email address looked correct. However the bank details were different, the bank was located in Mexico, and on checking the email address closely the domain - the bit after the @ sign - was different.

The customer was concerned that they had been hacked, but we investigated the email chain by checking server logs, security reports and the headers in the email which are normally hidden from view, and were able to confirm to the customer that it was the supplier who had been compromised, and that had enabled the scammer to set up a domain very similar to the real one and use the names of the employees in the emails with the fake bank details.

We analysed the suppliers email system and discovered it lacked even the most basic security mechanisms to prevent spoofing.

Clearly the attackers had access to the supplier’s customer database, as well as a genuine invoice. Although they were using a fake domain that was only one character different from the real one, the invoice and the fake email Footer had the correct details

Fortunately the employee had been astute enough to spot the different bank details, so they didn’t proceed with payment, and then asked telanova to investigate. This is why we recommend to all our customers that they make sure their staff are trained up on cybersecurity, and are constantly vigilant.

Scammers will often try and target times of the day or the week when people may be under pressure to get things done, hoping that they will be less vigilant, so Friday afternoon, month end or year end are sometimes chosen to launch these attacks. The emails may get marked as Urgent! or Final Demand! To try and increase the pressure on the recipient to act without proper scrutiny.

What else can you do to protect your organization?

Microsoft’s Advanced Threat Protection service (ATP) has a feature where you can put your supplier’s email addresses in and it will monitor for attackers trying to impersonate them.

Contact us to put these protections in place for you.

More Articles ...

  1. Microsoft Teams Tips and Tricks Part II
  2. Keeping devices up to date while WFH
  3. Your IT is only as secure as your weakest link
  4. The Machine Learns
Email Facebook Google LinkedIn Twitter

We use cookies to provide you with the best possible experience in your interactions on our website

You agree to our use of cookies on your device by continuing to use our website

I understand