2. Intro & About David
Professionally Supporting Small and Medium Businesses
Succeed for over 20 years!
Microsoft Certified Office 365 Specialist
Skilled to plan, migrate, deploy, and manage
Microsoft 365 services for the Enterprise
Skilled in Identity, Security & Compliance management and
supporting technologies.
>15 years working with financial clients
Office: 03 9005 4686 | david@solvebusiness.com.au
https://solvebusiness.com.au
3. Housekeeping
Thanks for attending
Thankyou Ian Chait for the Opportunity to speak here.
I will try to make this as interesting as I can
Raise your hands, ask questions, it will be more interesting
that way
At the end I will give you a way to get some extra info.
4. War Stories
Who’s been hacked or seen a hack ?
Let’s share our experiences
5. Security
Overview
Let’s take a 10 min high level look at
the Security Landscape
from your point of view
Targets
Threats
Actions
6. Targets
Bookkeepers, YOU ARE a Target
Your responsibility to yourself and your clients
You are gatekeeper of your Clients’ Data
Your Identity has Value!
Time to invest in yourself, seek to improve skills
(or buy these in)
7. Threats
The commercialisation of Threats…
Business Email Compromise
Phishing / Dodgy Emails
Banking Detail Change
Crypto or Ransomware
Bad Actor’s…
Target identity
you won’t know
sit in a system undetected
8. Recent News – Aug 13, 2019
https://www.mybusiness.com.au/finance/6092-50-000-loss-as-hacker-takes-control-of-invoicing
“One business recently lost over $50,000 as a result of a
hacker taking control of the email of the person responsible
for invoicing who was on maternity leave. The hacker then
used this access to re-issue unpaid invoices with different
account payment details”
“By the time everyone realised what had happened, the new
account had been wiped clean and shut down.”
“Hackers are no longer the typical hooded criminal in a
basement with a binary code on the screen — we are now
under threat by large-scale criminal organisations located all
around the world.”
9. Recent Phishing Email Success
Google and Facebook lose >$100M
Tom Huddleston Jr., 12:34 PM ET Wed, 27 March 2019
https://www.cnbc.com/amp/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-
google.html?fbclid=IwAR0b5vY_w5FZzPXl9WgAWc4PaWYLa3_cPWiK4u_prvlfRehM_RxZbb1sVZ4
10. Action: Notifiable Data Breach
What is a Notifiable Data
Breach
Why you must do
Your Responsibilities
Identify
Protect
Manage
Report
Office 365 DLP
A data breach happens when personal
information is accessed or disclosed without
authorisation or is lost.
If the Privacy Act 1988 covers your
organisation or agency, you must notify
affected individuals and us when a data
breach involving personal information is
likely to result in serious harm.
https://www.oaic.gov.au/privacy/notifiable-data-breaches/
11. Story: Marriot Hotel breach – 2018
Marriott knowledge September 8
monitoring system detected an anomaly a day earlier
In November realised they were compromised earlier
In JULY 2014 !
Approximate impacts:
5.25 million guests’ unencrypted passport numbers
20.3 million encrypted passport numbers
8.6 million encrypted credit or debit card numbers
More Info: https://news.marriott.com/2019/01/marriott-provides-update-on-starwood-database-security-incident/
12. Security Dilemma
Security done right is a process, know there will
be impact
Some Impact is GOOD
means security is working
Secure
CheapUsable
13. Action: Being Secure, Where to Start
Our Systems & behaviour, it starts with us
Windows Editions – they matter!
Think Securely
Know our business processes
Normal
Process
Order
Photo by Oscar Sutton on Unsplash
14. Office 365 &
Productivity
Office 365 is about more than
desktop apps, it’s an integrated
platform with applications and
systems
it all should be protected by at least
2FA at a minimum.
OneDrive
SharePoint
Teams
OneNote
Forms
Bookings
15. Office 365 File Storage
Traditional Concepts
OneDrive = My Stuff
Your personal files
Your Early Drafts before you share
Teams = My Teams Stuff
Smaller Groups of People
Files and Tabs in Teams
SharePoint = Everyone’s Stuff
Published work
Intranet Sites
16. Office 365 File Storage
- Common Features
Version History
Co-Authoring
External Sharing
Mobile Access
Drag and Drop
Sync (offline access)
Simply save your data to Office 365 to get all these benefits…
17. OneDrive
Your File Area
At least 1TB
Does everything Dropbox and others do
Files On Demand
Known Folder Move (backup for your PC)
21. Forms
Easily create Surveys and polls
collect customer feedback, measure employee
satisfaction, organize team events etc
Shareable internally and externally
Results collected in Excel
Supports Branding and Branching
GDPR Compliant Security
22. Bookings
Allow your customers to book appointments direct
Only shows available time (knows your calendar)
Advanced Rules to Keep Control
Automated Client follow-ups and reminders
23. Security Best
Practices
Let’s discuss SECURITY and what to
look out for and tools that can help
you.
Lets also look at how use of these
increases your value to your
customers
Encrypt
2FA
Password Tools
Strong Passwords
Get Trained
24. Encrypt Sensitive Data
Bitlocker
iPhone and Android devices
Use a PIN or Biometric
USB Sticks
limit use
Encrypt where possible
Be cautious
Lost n Found (never use)
25. Office 365 2FA
Office 365 2FA
Enable for ALL Users, no exceptions
TXT or Microsoft Authenticator App (Preferred)
Fraud Alert where license permits
28. Strong
Passwords
Must be unique across sites
Complexity
Not Social Related
Not your name
P@ssW0rd1 is not secure
Not your dog’s name
(save renaming your dog!)
Photo by Oscar Sutton on Unsplash
29. Get Trained
Greater Skills means
> Proficiency
>Professional, >Trustworthy
Save time, > profit
Better training lowers risks
UK Girl Guides do Cyber Security Badges
30. Q&A
Your questions answered
Our Promise to you
Anyone at this ICB meeting can reach out for a one on one personal discussion about their
technology and security. If we can help with Security and Office 365 then we’ll work out a
next step and meet up.
Please pass a business card or email address and we’ll send you a Resource Data Sheet
that you can use for a self check and reminder and a booking link to grab some one on
one time.
You can share the resource sheet you anyone you please.
Professional Microsoft Office 365 Management and Office IT Management is what we do
and we can tailor a bundle for you to include things such as the correct Office 365
licenses, Professional Management and backup, it just depends what’s required.
How can we help you ?
