Power Up Project

#37: Cyber Security Series Pt. 5 – Conducting Security Audits

In this episode of The Power Up Project, we cover:

>Part 5 of our five-part cyber security series – Conducting Security Audits

>What is a cyber security audit?

>A wrap up of our cyber security podcast series

Transcript:

In this episode, we talk about conducting security audits.

Welcome back to the Power Up Project. It’s fantastic to have you here as we round out the final episode in our five-part series on our top cybersecurity defences for your business. So far in this series we have spoken about intelligent firewalls. We’ve spoken about cyber insurance. We have spoken yet again about multi-factor authentication. And in our last episode, we spoke briefly about cybersecurity awareness training for your staff.

So in this episode we’re going to talk about security audits. Now, this is a very open-ended discussion. A security audit can be very simple, and cheap, and easy. A security audit can be very in-depth, and prolonged, and expensive. So it really is a bit of a piece of string here as to how you perceive the risk to your business, if you have any particular requirements for compliance with any particular regulations for example, or if you have a board who are concerned about this and need to be put at their ease.

So at the simple end of the process, there are a number of routine scheduled checks that you can conduct yourself if you like, every three months perhaps, maybe more, maybe less, and check on some of the most common areas that can be a threat to your business. For example, one of the really easy ones that we see is user accounts left in place for staff who have left the business.

So of course we all have a seamless process in place where our HR is tied into our IT department, so as soon as a staff member leaves the business, of course that automatically triggers down closure requests to the IT department to close down all the user accounts. We all have that, right? Of course we do. But sometimes a user account can slip through the cracks and be left in place when it shouldn’t be.

So it’s a very simple matter then to run some reports, to log onto your systems, to check the user accounts in place, and tick them off against maybe a payroll report or something similar to make sure there are no extraneous user accounts left by the by. Now, that is just one simple example of how you can run these routine checks yourself to pick up on some of the low hanging fruit I guess, the easier and most common areas that are worth checking with a bit of a routine audit.

As we climb up the scale in terms of sophistication and also, therefore, expense, we get into more technical audits, until we get to the high end of the scale when we’re talking about things like penetration testing, we’re talking about real-time monitoring of infrastructure with intrusion detection, we’re talking about a lot of these big words here. And when you get to that end of the scale, this is when we start talking, probably not to your generalist IT partner, but this is when we start talking to specialist cyber security firms who live and breathe this type of audit, and protection, and defence, and activity.

So, again, it depends what end of the scale you would like to take this, but at the very simple end, it’s pretty easy for you to put in place a little reminder in your calendar, and maybe every quarter you run through a list of checks, run some reports on some key systems, make sure the things are the way they are. And you would be surprised how effective these routine audits can be in order to tease out some of those gaps that we inadvertently leave in our security.

That brings us to the end of our five-part series on our top most effective cybersecurity defences. I do hope that everybody got some value out of this. It really is a constantly changing and rapidly evolving landscape though. So it is something that, as business people, business owners, business managers, we do need to be staying in touch with and well aware of at all times. This is not simply a matter that we can leave to the IT people. This is a business-level issue, and we need to make sure we understand it at a business level, and not simply just delegate it down.

Thanks for joining us at the Power Up Project over the past five episodes to talk about the important topic of cyber security. Have you got any questions? Please, make sure you pop over to the website or the Facebook page and send us a message. We’d love to hear from you.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT and Digit IT. Please leave us a review wherever you get your podcasts, and until next time, keep powering up.

#36: Cyber Security Series Pt. 4 – Cyber Security Awareness

In this episode of The Power Up Project, we cover:

>Part 4 of our five-part cyber security series – Cyber Security Awareness

>Why cyber security is a very hot topic in business today.

>Everything you need to know about Cyber Security and why your organisation should be aware.

Transcript:

In this episode we’ll be talking about cyber security awareness.

Welcome back to the Power Up Project. It’s great to have you here for the next in our five part series on our five most effective cyber security defences for your business. So far in this series we’ve spoken about having an advanced intelligent firewall, we’ve spoken about the importance of cyber insurance, and we’ve also spoken again about the multi-factor authentication.

Today what we’re going to talk about is something that brings it back to what is usually the weakest link in any of our cyber security defences and that is our people. When we look at cyber security breaches, in the majority of cases it comes down to people, it comes down to humans who have essentially taken some action which has bypassed or compromised security and has allowed the malicious actors to gain a foothold in the business network.

We can put all of the best technology in place, we can put fancy firewalls, we can put multi-factor authentication, we can do all of this but at the end of the day what we really need to be addressing is our people. Now our people and our staff, they want to do the best thing. None of them are out there looking to get breached by a malicious actor, so what we need to help them with then is recognising these threats and training them on how to respond when they do detect or recognise one of these threats.

The most common form of threat that we see coming through is a malicious e-mail. So these e-mails, phishing e-mails, are definitely the most common at the moment. We’re seeing a rapidly increasing number of whaling and spear phishing and more targeted phishing attacks but the e-mail vector really is still probably the biggest one that we see out there in the wild. So this is when a staff member in your business will receive an e-mail that looks legit, it looks like it’s coming from legitimately from one of your suppliers or from a business that they do business with personally, maybe not even part of the fact that they’re a staff member with your organisation, and they click on a link in that e-mail and that link let’s the bad actors in. From there bad actors have access to your network and then it’s just a case of how quickly can we respond and lock things down and protect your digital assets.

What we need to do is provide that training for our staff on how to recognise these malicious e-mails, dodgy websites they shouldn’t be going to, and so on. There’s a number of ways we can do it. This doesn’t need to be a big expensive exercise, it doesn’t need to be super intrusive either. One of the most common ways that we see people going about this training at the moment is what we kind of consider to be called a friendly phishing campaign. This is when we actually send these pretend malicious e-mails to our own staff and we see who reads them and we see who clicks on them, and of course, if they do click on them that’s okay because it’s not truly a malicious e-mail, it’s just a pretend one and it will log the fact for us that this happened so we can gather some statistics on how well our people are actually avoiding these threats or how maybe unwell they’re actually clicking through to them. But we can then also lead that staff member onto a little bit of training.

We can take them to a webpage, for example, which is not a malicious webpage but it’s a friendly webpage that says, “Hey, you know what? Gotcha! That was a malicious e-mail. Here’s why you should have recognised that that was not a legitimate e-mail. Here’s what you should do with it next time you see something that matches these particular criteria.” So it’s a very friendly non-intrusive way of helping to train our staff and keep it a little bit front of mind that they do need to be on the lookout for these particular attacks.

Now you can take that training up a little notch and you can send your staff away on training courses that could be disruptive obviously, because you’re without a staff maybe for a period of time. The other option too of course is to bring a trainer into your business and run some lunch and learn type training sessions, which can be very effective. They can be short, sweet, 20 to 30 minutes, people can sit around and have a sandwich and you can deliver some training to your people to raise their level of awareness about these cyber security threats. You could even deliver that training in a webinar style if you do have people working from multiple locations.

My homework for you today: have a think about your staff’s cyber security awareness. I can probably guarantee that it is not as high as you would like to think that it is and consider whether it may be worthwhile investing in some awareness training for your staff.

Thanks for listening to this episode of the Power Up Project brought to you by Grassroots IT and Digit IT. Please leave us a review wherever you get your podcasts and until next time, keep powering up.

#35: Cyber Security Series Pt.3 – Multi-Factor Authentication

In this episode of The Power Up Project, we cover:

>Part 3 of our five-part cyber security series -MFA

>What is Multi-Factor Authentication (MFA)?

>Why is it very important that MFA is enabled?

Transcript:

In this episode, we talk about the next in our five-part series of most effective cyber security defenses which is Multi-Factor Authentication.

Welcome back to The Power Up Project. Great to have you here. Today we’re going to be talking about the next in our series of five top cyber security defenses for your business and this is one that we have spoken about a number of times before in this podcast. So, for those people who’ve heard this all before, I do apologise but, it is a very, very easy, cheap and important one that you will need to be taking very seriously. And that is Multi-Factor Authentication.

So far in this series we have touched on having an advanced, intelligent firewall in place, we’ve spoken about cyber security insurance, and now we’re going to talk about Multi-Factor Authentication. Now, Multi-Factor Authentication in most cases is free or at least very low cost, is very easy to implement and, in my opinion, is possibly the most effective way we have at the moment of protecting our user accounts from malicious actors.

So, what is Multi-Factor Authentication? Multi-Factor Authentication is something that we are all going to be familiar with in business. It’s when we need another form of authentication in addition to our normal username and password in order to log on to an account. For example, we should all be familiar with this, with our internet banking. We log on to our internet banking with a username and a password but then in order to take any action within that account such as transferring money out of the account, we must enter another code. In my case, I have a little keyring dongle with a six digit numerical code that changes every sixty seconds and I simply read that code off my keyring dongle and I type it into the internet banking and my transfer goes through. So, that is Multi-Factor Authentication.

Multi-Factor Authentication within Microsoft Office 365 is there, ready for us all to use. It’s very easy to turn on and you can receive that secret code in a number of ways. You can receive it by text message to your mobile phone or you can receive it using the Microsoft Authenticator app which is a little app you can put in your smartphone that even lets you not have to type in a code but, simply press another button which says “Yes, approve.” But the point is, it is another level of authentication and specifically it’s another level of authentication that is based on something that you have. You have your mobile phone that receives that code, you have the keyring dongle that presents the secret key.

Multi-Factor Authentication is available in almost all modern cloud applications that we’re going to be using within our business. It’s available in all of the Microsoft Office 365 Suite, in Xero Cloud Accounting, in things like Confluence, it’s available for your social media application such as Facebook.

So, my homework for you today, given I’m not going to go on ad nauseam about Multi-factor Authentication yet again. My homework for you today is to write down a list of all of the applications and systems that you use in your business especially those ones that have something to do with the internet such as your email, such as your internet banking, your financial package, social media, those things. And then, I need you to Google each of those apps with the words Multi-Factor Authentication after it and check and make sure that that application does indeed support Multi-Factor Authentication and I can tell you in almost all cases the answer is going to be Yes. And then, I need you to have a look at your user accounts within that platform and make sure that Multi-Factor Authentication is actually turned on and enabled for all users. And it really does need to be all users. We certainly see some people who only like to enable Multi-Factor Authentication for those user accounts that they think are riskier targets or high profile targets. The unfortunate thing though about cyber security is that it often comes down to the weakest link. And the weakest link in terms of your network security maybe that one user account that you didn’t think really needed to have Multi-Factor Authentication turned on. So write the list, do a little bit of Googling and then go and have a look at all the user accounts in those systems and make sure that Multi-Factor Authentication is actually turned on. Of course, if you need any help, your IT people are there to help with this as well.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT and Digit IT. Please leave us a review where ever you get your podcasts and, until next time, keep powering up.

#34: Cyber Security Series Pt.2 – Cyber Insurance

In this episode of The Power Up Project, we cover:

>Part 2 of our five-part cyber security series – Cyber Security Insurance

>What is cyber insurance?

>Why your business needs a cyber insurance policy.

Transcript:

In the second of our five part series on cyber security defences. We’re going to be talking about cyber insurance.

Welcome back to the Power Up Project. Great to have you here and welcome to episode number two in our five part series on our most effective cyber security defenses for your business. Last week we touched on the importance of having an intelligent firewall in place within your business. In this episode we’re going to talk about cyber insurance. Now cyber insurance is exactly what it sounds like. It is an insurance policy specifically designed to come to your aid in the event of a cyber security breach. This is not a bit of technology. This is indeed an insurance policy that you need to be talking to your insurance broker about. So it’s been really interesting watching cyber insurance policies evolve very rapidly over the last few years because they really are quite new and a lot of insurance brokers particularly, but also some insurance providers, some insurance companies don’t really seem to yet have a good handle on what cyber insurance is.

In the early days, just a few years ago, when you fill out the disclosure form to take out a cyber insurance policy, it was a very short form. It didn’t have a whole lot of questions on there around your technology, around what you were doing to protect yourself in terms of cyber security risk, that sort of thing. It did ask the usual business and financial level questions, I guess, so that the actuaries knew what degree of value (I guess) they were insuring. But interestingly enough, they didn’t really know what questions to ask in order to properly assess their risk. Now every year since when the forms come back out to renew a cyber insurance policy, the forms are getting longer and longer and longer. So the insurers are really starting to learn what questions they need to be asking in order to assess the risk associated with a particular business.

So, some of the policies that we’re also hearing about now are starting to go into detail about what your business is doing to mitigate that risk. They’re starting to ask fairly detailed questions about what type of firewall you have in place, who manages your IT, how often a certain parts of it audited, things like that. Now of course the depth of all of these questions and so on will depend on the insurer, depend on the nature of your business and so on. But the point of cyber insurance really is to come to your rescue when a breach has actually occurred because you may very well find that a lot of your other insurances will not cover you in such a situation, which is why you need a specific cyber insurance policy.

So my big hot tip for today in this episode is talk to your insurance broker and ask them about cyber security insurance. And, pro tip, if they don’t really know what they’re talking about, you’ll be able to tell if they do or don’t know. If they don’t, I would suggest that you need to find yourself a different insurance broker. There are some very, very good insurance brokers out there who will work long and hard on behalf of your business. And a lot of them are very, very clued up about cyber insurance and it is really becoming a non negotiable part of our insurance policies that we protect our businesses with.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT and Digit IT. Please leave us a review where ever you get your podcasts and, until next time, keep powering up.

#33: Cyber Security Series Pt. 1 – Firewalls

In this episode of The Power Up Project, we cover:

>Part 1 of our five-part cyber security series -Firewalls

>Why every business needs to set up an intelligent firewall

Transcript:

In this episode of the Power Up Project, we’ll be talking about the top five most effective cyber security defences for your business.

Hello and welcome back to the Power Up Project. Great to have you here. Today we’re going to be kicking off the first of a five part series where we talk about the top five most effective cybersecurity defences for your business. Now we all know that cyber security really is the hot topic at the moment. It is the hot topic at the moment for a very good reason. This is not just companies, IT, vendors etc., trying to push the new thing for the sake of it. Cyber security is a very real risk to all of us at the moment. We are seeing a lot of cybersecurity breaches on a very, very regular basis. Some of them are very high profile, others are less high profile, but certainly just as risky with potentially huge disruption to the businesses that have been compromised.

The terrible thing too is that in a lot of the cases where a business is compromised, it is not necessarily because they’ve done anything wrong. This really is a bit of an arms race between the hackers, the malicious actors, if you will, the security vendors out there who are producing defensive products for the rest of us to deploy in our businesses and also us, as business owners, and IT people to make sure that we are continually assessing our cybersecurity stance to make sure we’re doing everything that’s reasonably fair within our powers, and our budgets of course, to to protect our businesses. So today we’re going to talk about number one on the list of our top five most effective cyber security defences. And I’m going to talk now about firewalls. Now that is a term that everybody, I’m sure will have heard at some point, but there is a little bit of subtlety in understanding what we’re talking about here.

So essentially when an Internet connection connects into your business, there is a point of contact there at which the public internet, the public facing Internet there, hits what needs to be a secure line of defence and demarcation between that public internet and the internal network of your business. Now, in a lot of cases, what we see playing that role there is not really so much a firewall device, but it is more a routing device. So for example, at home you may have an Internet router, right? It might be ADSL router. It might be something that’s been provided to you by your NBN provider and that provides the point of demarcation there. But those devices are very simple devices. They do provide a level of firewalling security and protection for you. But it really is a very basic level.

In a business, given the current threat landscape, it’s becoming very important that we all look at what we have in place in our business in that position and make sure that we don’t just have a simple router, a simple firewall, but make sure that we do have an advanced firewall, an intelligent unified threat management firewall. Now this device plays the same role as the router, but more. It intelligently scans the Internet traffic that is passing between your internal business network and the Internet, back and forth. It filters that, it scans that, it looks for potentially malicious activity. It helps protect your users, your staff from browsing to websites that may be particularly threatening. It can also help in other ways such as helping to enforce internal policies, for example, to stop staff from browsing to inappropriate websites, not necessarily a site that may be a security threat, but maybe a website that is just not the type of content that’s appropriate in the workplace.

So how do you know if you have an intelligent firewall in place? Well, the best way to find out really is just to ask your IT people. But there are some more common brand names that we are seeing in Australia in these devices. There are names such as, Sophos, names such as Meraki, Sonicwall, WatchGuard. These are all the names of intelligent firewall appliances, intelligent firewall vendors, that do an extremely good job of protecting your business from that external threat, but also protecting it from those internal risks as well, as I touched on. Now an intelligent firewall is going to cost you more than a basic router or basic firewall. They usually also come with, an ongoing subscription cost because these devices are constantly in touch with their vendor platforms. So for example, the Sophos XG firewalls are constantly talking back to Sophos headquarters if you will, and updating their rules, their intelligence, their patterns, their knowledge of what is a threat and what is not.

So you do pay for that privilege. So there is an ongoing subscription cost that comes with these appliances. But again, this is just becoming the cost of doing business with connectivity to the Internet these days. So that’s number one on our list of the top five most effective cyber security defences for your business. So my homework for you for this week, find out whether you do indeed have an intelligent firewall appliance in place within your business there. And secondly, find out and make sure that it is actually in place with an active subscription. The devices will sit there, even if you don’t have an active subscription, but they’re not going to do a whole lot of good. So that second question you might have to ask your IT person about, but they’re the two things you need to be looking at for this week’s homework.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT and Digit IT. Please leave us a review where ever you get your podcasts and until next time, keep powering up.

#32: Windows 7 Must Die

Windows 7 Must Die

In this episode of The Power Up Project, we cover:

>Windows 7 free support will be ending early next year.

>Why it’s important that you let go of Windows 7 and update to the latest OS.

Transcript:

In this episode of The Power Up Project, we talk about why Windows 7 must die.

Welcome back to The Power Up Project. I’m your host Ben Love, and today we’re going to be talking about why Windows 7 must die.

Now, what do I mean by that? I mean, that this is a very old operating system. Now, don’t get me wrong, it was a real favourite of mine. I was big fan of Windows 7, but it was released in 2009. Now, it’s currently 2019, that’s 10 years. That’s 10 human years, and technology is working even faster than dog years, so 10 years is a long time for an operating system like this to be around.

So Microsoft have announced, and have been talking about it for a long time, that Windows 7 will be going end of life in early 2020. Now that’s not far away. That’s a little over six months away, as of now. But so what does this actually mean for the operating system to go end of life, or EOL? Well, let’s take a little bit more of a step back, and say, what does is mean to be running a 10-year-old operating system? First of all, there’s a good chance that if you are running Windows 7 on a 10-year-old operating system, you may actually have 10-year-old hardware out there as well. Now, 10-year-old hardware is going to be slow, and it’s going to be problematic. That is the first thing. You’ve also got the 10-year-old operating system, which means that you’re are missing out on a huge amount of features and usability that is being introduced and developed in the years since.

But very importantly, too, is we’re starting to see compatibility issues where Windows 7 will not run a lot of the apps that people are really wanting to run these days, particularly with such massive uptake of Office 365, and a lot of the newer stuff there. You don’t want to be on Windows 7 trying to use this stuff.

We’re also seeing, because Windows 10 is becoming so prevalent in organisations, where those organisations do have a handful of computers left still running on Windows 7, there is a very inconsistent user experience between them. Sitting down and using a Windows 7 machine, is actually very different to using a modern Windows 10 machine, so it’s a lot harder to convey training, and staff productivity between staff there, when you’re talking about essentially how to use very different systems.

So what does all of this mean for you? It means one thing, it means you need to understand whether you have any Windows 7 computers still in your fleet, and you need to factor replacing those into your rolling upgrade cycle. Now, just on that point, you do have a rolling upgrade cycle? Don’t you? By that I mean, that if we assume a useful working life for a computer in a business environment of three years, then that sort of tells us that every year we probably have to be budgeting to replace proactively, a third of our computers. Now, you don’t have to be as proactive as that, especially in smaller networks and smaller environments, but it is a very good thing for you to be thinking about replacing your computers proactively on some sort of a three to five year cycle, so that you are keeping things current, and you’re not waiting til computers get slow, and buggy, and problematic, and start really damaging that productivity.

So your take home for today, the thing I need you to do, is understand if you have any Windows 7 computers in your fleet, and that is a very easy question to ask, you just need to talk to your IT provider, to your MSP, and ask them, because they will be able to provide you with a full list, a full report on all of your computer hardware out there, including what operating system it’s on. And if you do have any Windows 7 machines out there, let’s get rid of them. Hey. Put it in the budget, get it done straight away, get it done in six months, but don’t let it sit there, let’s move those Windows 7 computers onto the great computer operating system pasture in the sky. Their day is done.

Thanks for listening to this episode of The Power Up Project, brought to you by Grassroots IT, and Digit IT. Please leave us a review wherever you get your podcasts, and until next time, keep powering up.

#31: Microsoft Puts an End to Password Expiration Policy

Microsoft Ends Password Expiration Policy

In this episode of The Power Up Project, we cover:

>Breaking news about the end of Microsoft’s enforced password policy.

>What it means for you and your business.

>How you can secure your account now that Microsoft won’t be forcing a password expiration anymore.

Transcript:

In this episode of The Power Up Project, we talk about why expiring passwords is no longer a thing. Well, according to Microsoft at least.

Welcome back to The Power Up Project. I’m your host Ben Love, and today we’re going to be discussing the expiration of passwords. Now, you should know what I mean by that, because we’ve all been caught by it, and it can be really annoying. That every 60 days, maybe every 90 days, we get that message popping up on our computer saying, “Your password is about to expire. You need to choose a new password.” And then, of course, we go through the process of trying to choose a new password. Do we use an old password and just change it very slightly or did we already use that one? Anyway, you understand what I’m talking about. We’ve all been there. Well, the interesting thing is that Microsoft have recently updated their security baseline recommendations, and the big news that a lot of people are talking about is that they are no longer recommending the forced expiration of passwords. What the?

So I just want to dig into this a little bit deeper because we need to understand what’s going on here. This is a quote from Microsoft. “There’s no question that the state of password security is problematic and has been for a long time. When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, or forget their new password altogether.” Does that sound familiar to anyone? I know it certainly does to me.

So, what they’re saying there is that the previous recommendation to force expire your passwords is actually adding very little value to the security discussion. It’s not that they’re saying don’t expire passwords or telling you to never expire passwords even, but what they’re saying is that this is a very low value add activity when it comes to improving the security of one of our network environments.

Here’s another quote from Microsoft. “This reinforces a larger important point about our security baselines. While they are a solid foundation and should be part of your security strategy, they are not a complete security strategy.” And so what does that mean? Well, what Microsoft is saying there is that network security needs to come from many directions and in many layers using many different methods, and passwords are really only one piece of the picture. We’ve spoken many times on this podcast, in blog posts, at seminars, you name it, about multi-factor authentication. Okay, so that’s one example that Microsoft do not talk about in their security baseline, but they do very heavily allude to.

So what do you need to do about all of this? Well, here are the take-homes that I need to leave you with today. First of all, changing passwords is still a good idea.

Secondly, use a different password for different systems. So try not to use the same password for everything from your Uber Eats account through to logging onto your corporate email to your internet banking. Next, try and use a passphrase where possible. So, a passphrase is a series of words, it is a phrase that may mean something to you, it may be nonsense, but it is probably a lot easier for you to remember than some cryptic random string of characters in a password. But curiously enough, passphrases can often be a lot harder for hackers to brute force and to crack. So, not all systems out there will let you use a passphrase instead of a password, but if you can, definitely a good idea. And the last point that I need to leave you with regarding this is multifactor authentication. I sound like a broken record on this, but it is really important. It is very easy to enable on enterprise systems such as Office 365. We can also enable it on our Facebook, for example. Absolutely on things like Xero and on your internet banking. Multifactor authentication is currently the single most effective method that we are seeing of helping with network security. So there’s the take-home, folks. Microsoft is no longer recommending that you expire passwords periodically, however, it’s still a good idea. Use different passwords, use passphrases, and use multifactor authentication.

Thanks for listening to this episode of The Power Up Project, brought to you by Grassroots IT and Digit IT. Please leave us a review wherever you get your podcasts, and until next time, keep powering up.

#30: Office 365: New Updates and Features!

In this episode of The Power Up Project, we cover:

>The latest updates in your Office 365 suite

>What can these new features do for your business?

Transcript:

In this episode of the Power-Up Project, we do a quick recap of the most recent Grassroots IT webinar.

Hey. Welcome to this episode of the Power-Up Project. My name is Ben Love, and I’m your host for today’s episode. What we’re going to do today is a little recap on the webinar that we hosted about a week ago now on some of the latest updates from Office 365. Now, I’m not going to take you through the entire webinar. There was a huge amount of content in there, but you know what? The recording of the webinar is up on our website. Just go to grassrootsit.com.au to the blog, and you will find the recording there.

What I did wanna do, though, is just call out a couple of the more important points that came out of that webinar, and particularly some of the ones based on the feedback we had from attendees on that webinar and from the discussions that have come out the back of it as well as to what really peeked people’s interest the most.

Probably the first thing, it’s a really important point, I’ve said it before and I’ll say it again, Skype for Business is going away, and it is being replaced by Microsoft Teams. If you have not already started the transition from Skype for Business across into Teams, and if you do actively use Skype for Business, obviously, then now is the team. You really must be looking at this. We do have some cheat sheets up on the website, and we will link to them again in the show notes here in case you need to go and have a look at Microsoft Teams and just work out how it’s going to work for you because it will work for you, it’s a great tool.

The other really interesting point of discussion that came out of that webinar was around Microsoft’s To-Do product. It’s a little bit of software called To-Do, Microsoft To-Do. As you would have guessed, it is a to-do list manager. A very simple tool that lets you create to-do lists, add some notes to it, tick them off once you’re done, couple of other little features on the side, but in the essence, that’s what it does.

For those of you familiar with Wunderlist, which still is a very popular list tool, that’s actually owned by Microsoft. A lot of the functionality and favourite bits of that are all being brought across into To-Do. But the interesting point of the discussions that we had after the webinar was the fact that To-Do is now synchronising with Microsoft Outlook, and specifically within the tasks section in Outlook. If you are a user of tasks, or I guess if those things could be of benefit to you, have a look at that because we actually had some people on the webinar pretty excited about the fact that tasks in Outlook and To-Do items in the To-Do mobile app are now actually synchronising.

I haven’t been into the use cases with those people yet, but I will be digging into that a bit more because I am curious. But for now, that’s a really good thing for you to know.

The other interesting point that came off the back of that webinar too was a bit of discussion around where the various project management and, I guess, task management tools from Microsoft all fit in. At one of the spectrum, we have Microsoft To-Do, which I just explained. It’s a fairly simple list maker that you tick off items on the list as you go. It has some basic collaboration and sharing features in there, but not hugely intended for that sort of role. It’s sort of more for one person to keep track of their own task lists.

The next step up in the family of products from Microsoft is Microsoft Planner. Now, for those of you familiar with other [inaudible 00:03:43] style tools, such as Trello, you’ll be very familiar with Microsoft Planner. It works in the concept of buckets, and then within the buckets you’ve got cards or items. You can drag and drop those items around between lists and change their status from in progress to completed and so on. Cards and items can be assigned to other people in your team, you can have multiple people looking at this board simultaneously. It really is a very simple but very powerful and effective way of helping a small team of people really stay on point with what it is they’re meant to be working on and who’s attention is where.

We start off with Microsoft To-Do, which is the simple one person end. We take the next step up into Microsoft Planner, which is better and more capable of dealing with teams and keeping a team of people on track. Then at the next step up, we move up into Microsoft Project, which is a fully fledged project management tool with a lot of the very powerful project management features that you would expect. It is the sort of the tool that, to be honest, unless you are a project manager, unless you have a little bit of training and some experience in that area, it may be a little bit too much. It may be not what you’re after. But of course, for the project managers who are listening, you’ll probably already be very familiar with Microsoft Project and all of its bigger team and larger project capabilities up at the top end there.

They’re probably the key points I just wanted to call out from the webinar that we hosted last week. Of course, as I said, the recording of that webinar is available on our website. There will be a link in the show notes to that recording. If you do want to have a bit more of a deep dive into what the latest updates are in the Microsoft 365 family of products and services, please check out the show notes and head on over.

Thanks for listening to this episode of the Power-Up Project, brought to you by Grassroots IT and Digit IT. Please, leave us a review wherever you get your podcasts. Until next time, keep powering up.

#29: Farewell Skype for Business: Is Your Business Ready for the Change?

In this episode of The Power Up Project, we cover:

>Where is Skype for Business going, what’s it being replaced by and when is it happening.

>How will your business be impacted by the change.

>Download the Quick Start Guide to Microsoft Teams at the base of the blog post.

Transcript:

In this episode of the Power-Up Project, we talk about the impending change over from Skype for Business to Microsoft Teams, and what you need to know now so that you don’t get cutoff.

Hey, welcome to this episode of the Power-Up Project. I am Ben Love, and I’m your host for this episode. Today, we’re going to touch on something that we have certainly mentioned a number of times in the past, and that is that Microsoft is actively retiring the Skype for Business product. In its place, they are pushing forward with Microsoft Teams.

Now, the two products reached what Microsoft call “feature parity” last year sometime. That basically means that Microsoft Teams has all of the features in it that Skype for Business has. What we are now seeing happen and the reason this is very important for you to hear is because we are actually seeing this happen in the wild. This is not just Microsoft talking about it, we are actually seeing clients who go to use their Skype for Business one day, and it no longer works. The reason it no longer works is because the upgrade behind the scenes for Skype to Business into Microsoft Teams within their tenant has been done without them necessarily being aware of that. So, they go to use Skype for Business one day and it simply doesn’t work.

Now, this is just part of the phase upgrading and retirement of Skype for Business, it’s something that Microsoft has been very open about, they are publicising it all. At this stage, we are not sure of when individual client tenants are going to be upgraded. We’re seeing if we can get some of that information from Microsoft. To be honest, I don’t like our chances at this stage. What it does mean is that you really need to be actively thinking about Microsoft Teams, especially if your business relies on Skype for Business.

What does that mean? It means you need to look at your usage of Skype for Business and how you’re using it. Are you using it for chatting, for meetings, for video calls? Are you using it for webinar style presentations? Are you using it for your main telephony instead of a more traditional telephone system? There’s a lot of ways in which people have been using Skype for Business.

Now, all of those things are now available in Microsoft Teams. Teams is a very good product. I use it really heavily here at Grassroots IT with my team of people. We’re spread out across three different countries, quite a number of client sites, etc. It’s a fantastic tool, and we really love it, okay?

So, if you are heavily using Skype for Business, have a think about how you’re using it and go out and have a look at Microsoft Teams. It is probably already installed on your computer, if not, it is very easy to install it.

You just go to teams.microsoft.com, and there’s a button there that you can use to install it, okay? Now, what I’m going to do in the show notes for this particular podcast episode is we’re going to leave a link to a little cheat sheet on Microsoft Teams**, and how you do various things in there, how you have a chat with somebody, how you schedule a video meeting, how you do all of these things. It should be nice and quick for you to get up and running with Microsoft Teams.

Of course, if you have any questions, just reach out. We are more than happy, of course, to help with the transition there in any way. But remember, your action point for this episode, if you are actively using Skype for Business, you must go out and look at Microsoft Teams instead because the change is coming.

Thanks for listening to this episode of the Power-Up Project, brought to you by Grassroots IT and Digit IT. Please, leave us a review wherever you get your podcasts, and until next time, keep powering up.

#28: Taming Email Signature Chaos with Exclaimer

In this episode of The Power Up Project, we cover:

>What is Microsoft Exclaimer all about?

>How to leverage your email marketing with Exclaimer

Transcript:

In this episode of Power Up Project, we’re talking about leveraging email signatures for marketing punch with Exclaimer. Welcome back to the Power Up Project. I’m your host for this episode, Ben Love. And today we’re going to be talking about a great little tool called “Exclaimer.” And specifically, we’re going to be talking about how Exclaimer can help you manage and, indeed, get some extreme value from your email signatures.

So let me walk you through a scenario we’re probably all familiar with. We all have businesses that use email, we all have staff and multiple people who use email. And I can almost guarantee that all of those people have got an email signature. Now, it would be a very safe bet, I would say, that if I would look at all of those email signatures across your business, I would see, let’s say a little bit of inconsistency.

I would probably see some different fonts in use, some different alignments, maybe the colours could be a bit different. Some people present mobile phone numbers, some people don’t have a phone number at all. Some people put a job title, other people don’t. Some people have still got the old logo there from before you changed it two years ago.

Does that sound like a common situation that you might have come across in your business? Here’s another one. Let’s say you’ve got a situation like that, and let’s say maybe even that your email signatures are fairly consistent. You do a fairly good job of keeping them all consistent, even though it means that every time there is any single change to be made across the organisation, every single person in your organisation needs to manually edit their email signature.

And of course, then you ask them to do that, they’ve forgotten how to edit their email signature. Some people might be using email signatures, other people might be using email stationery. Some people might have a different email signature for emails sent from their mobile device than when they send it from Outlook on the desktop computer.

So, these are all problems. There are all situations that are extremely common, but there is a very simple, and very affordable solution. And that solution comes in the form of a little product called, “Exclaimer.” So, what Exclaimer does, is it allows us to centrally manage all of the email signatures across our organisation.

Now, because we leverage them centrally, it means that we create those signatures once based on a single template, or we can have multiple templates if we really want to. But we create them centrally, and they are automatically applied to everybody’s email. No matter where that person sends that email from, whether it’s a computer, a spare laptop, their mobile device, whatever.

The same signature is automatically applied as that email is sent. So what we’ve got now, is we’ve got consistency. We’ve got consistency of visual design, colours, logos, layout. We’ve also got consistency of info. So all of your people are now sending email signatures out, delivering the same consistent information, such as a mobile phone number and a web address. The other thing that it lets us do though, is it lets us be very nimble and agile, and it opens up opportunities to use email signatures in a different way.

What we can do now, is we can start to use email signatures to communicate more effectively with all of those recipients, whether they be clients, suppliers, or other partners. Because what we can do is, from our centralised administration portal, we can very quickly and easily update the email signatures across our entire organisation with some new information.

So, you might have some office-closing hours over Christmas. Well, what you can do now, is you can very easily add a little line of text at the bottom of everybody’s email signature that announces those closure hours to everybody who receives an email from your business. You don’t have to rely on every staff member in the business to individually go in and add that line. You don’t need to worry about inconsistencies of design and font and colour. You don’t need to worry about them just not doing it at all. Forgetting to do it, it was a bit too hard, they couldn’t remember how to edit a signature.

Because now you’re doing it centrally, and you’re doing it for them. And it automatically applies to all staff. Take that a step further. Maybe you could start using your email signatures for a little bit of marketing. Have you won an award lately that you’d like to tell people about? Why not add that to the email signatures going out? Do you have a particular promotion coming up soon, a particular sales campaign? Maybe you add that in there.

Do you have an event, maybe the next webinar or the next training workshop? You could add a little line into everybody’s email signatures with a link that would take people back to the registration page. So, I hope that’s given you some ideas to think about. Not only how you can get your email signatures across the business under control, but then how you can take that a step further and how you an start to leverage your email signatures to communicate consistently across the organisation, and out to your customers.

Now, the wonderful thing about Exclaimer as well, is that it’s bloody cheap. So, the pricing does work on a sliding scale depending on how many users you have. But to give you a quick idea, for 10 users, if you have 10 users in your business, it’s approximately 20 dollars per month. It’s very quick and easy to set up, it is very quick and easy to edit those email signatures once they’re in place. It really is a very simple tool, and it absolutely baffles me why more people aren’t using it.

So I hope that’s given you some good ideas to think about, with how you can take control of your email signatures. I’d love to hear how you’re using your email signatures in order to do more than simply put that necessary stamp on the bottom of your emails. Are you using your email signatures to promote upcoming events or sales campaigns? How effective have you found that? And another question there, how do you know how effective it is? How are you measuring the ROI on the effectiveness of those email signature-based campaigns? Let me know, I’d love to know.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT, and Digit IT. Please, leave us a review wherever you get your podcasts. And until next time, keep powering up.