#007: Let’s Talk about Multi-Factor Authentication (again!)

In this episode of The Power Up Project, we cover:

〉Recap on Multi-factor Authentication(MFA) topic.

〉Reasons why you need to enable MFA.




In this episode of the Power Up Project, we are going to talk about multi-factor authentication again. 

Hey, welcome back to the Power Up Project. I’m your host for this episode, Ben Love. Today we’re going to retouch on multi-factor authentication. Now, we have touched on this before across many channels. We’ve spoken about this in blog posts, in podcasts, in YouTube and Facebook videos. We’re gonna touch on it again, because this is a really … this is low hanging fruit, folks. This is a really powerful way of improving the security of your systems and it’s easy to do.

So what I want to do, first we’re gonna recap. What is multi-factor authentication? Multi-factor authentication can otherwise be known as MFA, two factor authentication, 2FA, so on, you get the idea, is an additional layer of security on your user accounts that you use to access things such as e-mail or your accounting system and so on. Normally you would use your username and your password to log on to these systems. When you have MFA enabled, there is a third step.

Now, usually that third step will be a randomly changing numeric code that you get from a little key fob or an app on your smartphone and you enter that code in and then it allows you to log on to the system. What I want to talk you through today, three reasons why you need to enable multi-factor authentication. First of all, it is free. Pretty much every modern application, especially the cloud based ones, which obviously we’re all moving towards in a big way, have MFA functionality built in. All you need to do is turn it on. Simple as that.

If you are using older legacy systems, MFA functionality may not be built in, so you may need some sort of a third party product on top of that to give you MFA functionality. If that has to happen, there will be cost involved because of the third party application. But we are seeing less and less of those legacy systems around these days. Most of your systems, you will probably find, have some MFA support in them. Ask the question. Go to Google. Search for the name of your application and then MFA. See what you can find.

Point number two. It is super easy to use. It really is. Most MFA on cloud apps, for example, is provided via an app on your phone. Google Authenticator and Microsoft Authenticator are the two main ones that most of the platforms seem to choose between. It is very easy. You go to log on your application exactly the same way you normally would. You may enter your username and password the same way you normally would. But then there will just be this extra step. All you need to do is open the app on your phone, it will give you a code, normally about six numbers. You type that in as part of the login process and you’re done. That’s it.

With a lot of the Microsoft stuff it’s even easier. When you go to log on to your application, the app on your phone will simply pop up a message saying, “This login is in process, would you like to approve it to proceed,” and you just tap the button on your phone saying, “Yes, approve this authentication attempt.” Very, very easy to use.

Point number three is that it is massively effective at increasing the security of your user accounts. Now, security needs to come in many layers. We need firewalls, we need anti-virus, we need best practise configurations, we need all of these things. There is no silver bullet. There never will be. But MFA is an extremely effective way of protecting those user accounts, because those user accounts are the keys to the front door of all of that important information and all of that authority and power that happens within your organisations.

MFA is a very, very important piece of the whole security picture. Please, have a look at MFA if you haven’t already. We will keep harping on about this.

To recap, it’s free in most cases. Number two, it is super easy to use. Number three, it’s massively effective at increasing the security on your user accounts.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT and Digit IT. Please leave us a review wherever you get your podcasts and until next time, keep Powering Up.


#006: Power Up Your Staff Training with Video

In this episode of The Power Up Project, we cover:

〉How to power up your business with videos for staff training.

〉How you can power up your process of knowledge transfer.

〉Powerful tools for uploading and streaming your training videos.




In this episode of the Power Up Podcast, we talk about powering up your staff training with video.

Welcome back to the Power Up Podcast. I’m your host, Ben Love, and today we’re going to power up your business with two fantastic tools that we use here at Grassroots IT all the time. One of them is called Snagit, and the other one, Microsoft Stream. What am I talking about here? What I’m talking about is developing a library of video content that you create yourself in your business to help with staff training, knowledge retention and that knowledge transfer. The reason this came to me that this was such a good thing to talk about is that I was meeting with the client early this week. Lovely group of people. Simply because of the nature of their business, they have a fairly high staff turnover. One of the things that they always have to pay attention to is the onboarding of new staff, training, and really not losing that organisational knowledge as that knowledge walks out the door as staff turnover, just through the course of business.

One of the points that we discussed was using video to capture a lot of this knowledge to pass on to newer staff members. How do we do that? There are two parts to this. The first part is using a little tool on a Windows computer called Snagit. It is a commercial tool you need to pay for but it’s not very expensive. Do a Google search for Snagit and you’ll find it. If you’re working on a Mac, then you can actually just use the QuickTime player that’s built in and it will do exactly the same job. What Snagit and the QuickTime player can do is record your screen. Everything you move around on your screen, the mouse clicks, the applications you open, et cetera, can be recorded into a video. If you have a microphone on your computer, I suggest a headset just for the quality of the audio there. You can record a running commentary on what you’re doing at the same time.

What you can do, let’s say you have a particular process that you need to follow to create an invoice for a client. Oftentimes, writing that down step by step in written language can be quite laborious and as such, often doesn’t get done. It gets put in the too hard basket. With a tool like Snagit, all you need to do is click the record button on Snagit and then actually start doing the process. Actually generate an invoice for a client and talk out loud into your microphone while you’re doing it. All that knowledge will be recorded into a video. It is very easy to do. It’s remarkably easy to do. At the end of all that, you’ll have a file saved on your computer which is the recording of that particular process or workflow you’ve just stepped through. But what do you do with it now? How do you make sure it’s available to all of those staff members, the rest of your organisation? This is where the second piece of our puzzle comes in.

This is a little tool called Microsoft Stream. Essentially Microsoft Stream is part of the Microsoft Office 365 suite of products and services. If you use Office 365, which most people seem to be doing these days, you probably already have Microsoft Stream. Go and have a look for it. Essentially Stream, it’s like a YouTube, if you will, in that you can upload videos to it and then people can browse them, search them, play them, so on and so forth. It’s private and secure for just your organisation. If you’re recording some confidential information in your videos, you don’t need to worry about that information getting outside the organisation. Upload the video to Microsoft Stream. It really is super simple. You just need to go to Microsoft Stream and you can access it through your Office 365 portal or from any other Office 365 apps using the app chooser button in the top left. When you go there, you’ll see a very clear sign where you click to upload a new video and you just really follow the steps. Super easy. You can drag your video file on top of the Stream web page or you can click the button to browse for a video to upload.

When it’s uploading, you can give it a nice title, which is very descriptive of what it’s all about. You can add various comments to it. You can even get fancy and start filing your videos into different channels or categories to make them easier for people to find and access. We use this a lot here at Grassroots IT for a lot of internal training materials so when we have a particular process to work through that can be a little complex in some cases, we’ll record one of these videos and save it up there so that anybody else who needs to follow through afterwards and do that same process can very easily see how we’ve done things, listen to our commentary as to how we’re doing things, but also oftentimes listen to our commentary on why we do things a certain way.

There you go. That’s this episode’s tip on powering up your staff training and knowledge transfer using Snagit, QuickTime player, and Microsoft Stream. Thanks for listening to this Episode of The Power Up Project brought to you by Grassroots IT and Digit IT. Please leave us a review wherever you get your podcasts and until next time, keep powering up.

#005: Two Cool New Updates in Microsoft Teams

In this episode of The Power Up Project, we cover:

〉Two fantastic new updates from Microsoft Teams.

〉What is Microsoft Teams?


In this episode of the Power Up Project, we talk about two fantastic new updates from Microsoft Teams.

Hey, welcome back to the Power Up Project. We’ve got some great updates today from the world of Microsoft Teams. So there’s a couple of interesting things that have crossed my newsfeed in the last couple of days. The first one is that Microsoft Teams is now available in a free version.

So just to recap for everybody, Microsoft Teams is, in a very simplistic sense, it’s a team chat tool, similar to Slack or Hipchat, or one of those ones. But, Microsoft Teams is so much more because instead of just having a chat channel in there, you actually use Microsoft Teams to bring together a whole lot of the other features and services within the Office 365 ecosystem.

So for example, when you create a new Team within Microsoft Teams, you will also have a SharePoint site sitting behind that to hold files that you might share with that team. You also have a OneNote file. You can also have a whole lot of other stuff in there, like it also still does just have that text chat. Teams on the longer term roadmap, is also slated to replace Skype for Business, or more accurately, the Skype for Business functionality, which is voice and video calling, is going to be merged into the Teams product set.

So keep an eye out for Microsoft Teams. It really does seem to be getting a lot of attention from the development world at the moment. So back to these updates that came across the newsfeed this morning. Like I said, the first one is that Microsoft Teams is now available in a free version. So to date, you could only use Teams if you used Office 365. Now I know so many of us use Office 365 these days, but you know what? There are still some people out there who don’t. So for those people, you can actually access Teams for free. That’s very exciting.

The other really cool part, and I love this. This is kind of, you know, the kind of big Cloud geeky bit. Microsoft has announced that Teams is now supporting in-line message translation. So think about that for a minute. In-line message translation. This is like BabelFish stuff for typed chat. So you can be chatting with multiple people, by text here, this is not spoken words here, this is not verbal. You can be text chatting with multiple people in multiple different languages, and Microsoft Teams is now capable of translating those other languages, on the fly, to whatever your selected base language is.

How cool is that? This stuff just blows me away. Isn’t technology amazing? Anyway. This is just a brand new announcement from Microsoft. It is apparently out there in the Teams Enterprise Tenants. I have not enabled it on our Tenant yet, but I will be doing so within the next 24 hours, and testing this bad boy out because I think that’s really cool.

We’ve got, I don’t know whether you remember this, but Grassroots IT, we have staff in multiple locations, so this may be a really fun too for us to test out, to communicate a lot easier with our staff over in the Philippines, and of course with our staff over in New Zealand. So stay tuned as we enable this fantastic new stuff and test it out. I will report back once I’ve had a chance to play.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT, and Digit IT. Please leave us review wherever you get your podcasts, and until next time, keep powering up.

#004: Test Your Backups

In this episode of The Power Up Project, we cover:

〉Testing your backups.

〉How to make sure you can restore your business after a power outage?

〉How important ensuring an effective data backup is.




In this episode of The Power Up Project we talk about testing your backups.

Welcome back to The Power Up Project. I’m your host, Ben Dampney, and today we’re going to power up your business by making sure you test your backups, or perhaps that should be making sure you can restore your business in the event it powers down.

So you have backups right? We certainly hope so. Now, we consider data backed up when we’ve used the three-two-one method. That’s three copies of any piece of data, be it a Word document, picture file, email, et cetera, and that’s stored on two different types of media. For example, on a network share and also on a USB hard drive. Now one of these backups must be at a location where the data is not usually stored, so a great example offsite, at your house or maybe in a cloud service.

Now, what types of data should be backed up? Typically, your onsite data, such as your My Documents folder, server file shares, maybe your application database and also cloud services, such as Office 365, Exchange, SharePoint, G Suite, and also your financial packages, such as Xero, MYOB, Reckon, et cetera.

Now, presumably you get reports that the backups are completing okay, or perhaps your IT provider get these alerts and lets you know if there’s an issue. But more importantly than that is, are the backups tested? Now, it’s critical not just to complete a backup but to actually test them. Imagine the feeling that someone has when a critical file is deleted. You might think to yourself, “Okay, well, it’s not a problem, we have backups. We can go and restore the file.” Yet, when you attempt to recover the file, the restore process fails. Depending on the file, you may be able to recreate it or maybe not. If it’s a very large spreadsheet with lots of details about a supplier for example, that could be very difficult to restore or recover or reenter.

Even worse than that, if a CryptoLocker attack on your network encrypts all your files so you cannot access them, that’s really disastrous if you can’t get a recoverable backup, say if it’s a few months old since it was last functionally working for you. According to a major antivirus vendor, one in five small businesses that get affected by CryptoLocker go out of business. Most businesses can recover from data loss for a certain period. For some, it might be a couple of hours. For others, a few days. So I’d like you to take the time to think about any particular system or file in your business, what sort of window could you recover or restore or recreate, and how you might go about doing that.

Testing your backups can mean exploring a backup and restoring a single file, but it can also mean a full disaster recovery test, restoring servers, databases and applications to a test environment to make sure that we can functionally get it working for you. And, I guess, how often is regularly, is a pretty flexible question. It really depends on how you are testing. If you’re manually testing, then exploring a backup might occur once a month. But for a full disaster recovery, maybe it’s every three to six months. However, some of the products that we recommend, such as StorageCraft and Datto, can actually automate the testing of your backups and some of these are done daily. It certainly helps us, as IT providers, sleep at night.

Most importantly, I think it’s critical for managers and business owners to understand where their backups are stored, how often they are being tested, and what timeframe recovery is likely to be. Testing can obviously help you with this understanding. So as part of any good disaster recovery and business continuity plan, you should have an understanding of the process, and whilst you can rely on a good IT provider to assist you, ultimately these plans need your active engagement and ownership, and regular testing. So for my sanity and yours, please, review your backup testing procedures, make sure someone is actually doing it, and look at it today.

Thanks for listening to this episode of The Power Up Project, brought to you by Grassroots IT and Digit IT. Please, leave us a review wherever you get your podcasts, and until next time, keep powering up.

#003: WTF is MFA?

In this episode of the Power Up Project, we’re going to talk about:

〉What is Multi-factor Authentication (MFA)?

〉How MFA can help you avoid cyber attacks.

〉What systems you can use MFA on.


Hey, welcome back to the Power Up Project. I am your host for this episode, my name is Ben Love. Great to have you with us. Today we’re going to be talking about multifactor authentication, otherwise known as maybe two-factor authentication, MFA, 2FA, whatever, they’re all acronyms, they all mean the same thing. Basically, it means adding another authentication step in addition to your username and password to access a system.

Now it’s very simple to do, but it’s also becoming very, very important that you do this. A lot of us have got little physical dangles from the bank that are attached to our keyring and it’s got that little code that constantly changes, so if we need to do a transfer of money from our business bank account, the internet banking site will pop up another window saying please enter your code. And that’s when you need to enter that ever-changing code from your little keyring before the transfer will be authorised. That is multifactor authentication. That’s exactly what it is.

So you are already using this on your bank accounts. But what you may not be using it for is to access other pieces of software such as Xero, your cloud accounting platform or MAIB online, or any of your Office 365 environments such as your email or your SharePoint or your One Drive files

Now what we are seeing across our client base is that multifactor authentication is becoming critical to the point of becoming non-negotiable in most environments because it is the single most effective thing that we’re seeing at the moment for stopping user accounts being compromised. So what would happen if your account, if your password were to be compromised somehow by a malicious party, by a hacker we’ll call them. They would know your user name, and they would know your password, and they would then be able to log on to, let’s say your email.

They would then be able to log on to your email as if they were you. So we’re seeing a lot of things like this occur now. We have seen a couple of our clients targeted with this, but it’s also in the news. You might have heard about it. They’re calling it, well, you’ve heard the term phishing, which is an email spam type attack. And then there’s spear phishing where it’s an email that is sent to specific people and customised to try and get their attention and get them to click on a malicious link or compromise their security in some way.

Well the next step on that, that we’re seeing is called whaling. This is where the malicious parties identify the whales within your organisation, so that might be the CEO, the CFO, somebody with a particular authority. And if they’re then able to compromise, let’s say the email account of your CFO for example, then they could send emails around purportedly from the CFO requesting all sorts of activity, mainly that money be transferred to certain bank accounts. Now this actually is happening in real life. People are falling for this, and money is being lost with this particular approach.

But think about this. If the malicious party had your username and password to access your email to be able to send these emails, if you had multifactor authentication in place, if you had another little random security code that was constantly changing on your keyring or your smartphone app that you needed to enter in to your email before you could log on, then it would not matter that that malicious party had your username and password, because they would not have your randomly changing code. So what we are seeing is that multifactor authentication is really becoming absolutely critical, especially for those people in an organisation who have the most authority, who have the most access to different systems.

So what I really want to encourage you to do after you finish listening to this episode is have a think about where in your digital existence you are currently using multifactor authentication. You’re almost certainly using it in your internet banking for your business bank accounts. But are you using multifactor authentication to log on to your accounting system or to log on to your email? Or to log onto One Drive, where you keep all those HR documents. Or to log on to any of these other online platforms that are crucial to your business.

If you’re not using multifactor authentication in those places, please think about turning it on. It is very easy to turn on, there are instructions that you can very easily google, otherwise of course, call your friendly, handy IT company for help. In most cases, all it requires is a couple of setting changes to your account within the application in question, and an app on your smartphone, such as the Google Authenticator App or the Microsoft Authenticator App. And it literally is as easy as that. It will slow you down logging on to these applications by all of maybe four or five seconds, but the big leap forward that you will take in how secure your accounts are is well and truly worth that four or five seconds worth of log time.

So in summary, people, we now know what MFA is, and you now also know that it is critical that you look at your platforms, you look at what you’re using, and you turn on MFA wherever possible.

Thanks for listening to this episode of the Power Up Project, brought to you by Grassroots IT and Digit IT. Please leave us a review wherever you get your podcasts, and until next time keep powering up.

#002: Keep Your Business Running when the Internet Fails

In this episode of The Power Up Project, we cover:

〉What can you do to keep your business running when your Internet connection suddenly fails you?

〉Why you should consider getting a second internet connection such as an ADSL connection or NBN connection.

〉Why you should consider having a 4g backup connection.




In this episode of The Power Up Project, we’re going to be talking about how to keep your business running when the internet fails.

Welcome back to The Power Up Project. I’m your host Ben Love and today we’re going to be talking about how to keep your business running when your internet connection fails. You see, we had a hell of a week last week. One of the major upstream internet providers, we don’t know who at this stage, could have been APT, or Vocus, or Telstra or one of those, had a fairly major outage in some equipment somewhere.

Which meant that quite a few of our clients were impacted with either a total internet outage, or in some cases the internet was still kind of working but kind of really not. In either case, some of those clients coped better than others with that particular internet outage. That really can depend in a lot of cases on the nature of the business that is being done. Some businesses are very time critical and depend on that internet connection. Other businesses, you know it wasn’t such of an issue to be offline for a couple of hours.

What do you do when your business suffers an internet outage like that? What would the impact be on your clients, on your staff, on your productivity? Would it make a big impact or would it really not? Could you go and have a coffee and just wait for it all to pass by?

If you do need to really keep that internet connection going because your business really does depend on it, and those outages can cost you a lot of money, or a lot of goodwill with your clients; you really need to have a backup internet connection. It really is as simple as that.

That backup internet connection could be your mobile phone, for example. You could tether your laptop to your mobile phone hot spot and keep working that way. We certainly have a lot of clients who do that and not just small clients, but big clients too with a significant head count who use that method. It works very well.

That’s particularly useful when some or all their services are up in the cloud, because it doesn’t matter how they connect to the internet to get to them or where they connect to it from.

Some other options you might like to consider for that continuity piece for your internet there, you could get a second internet connection into the building such as a ADSL connection or maybe an NBN connection. The thing you need to keep in mind when you’re dealing with internet connections like that is that they all come into the building via a physical cable.

A lot of the times when you do lose that primary internet connection, it can be because there has been some physical damage to the cable coming into your building. You might have some roadwork going on down the street, or you might have some linesmen doing some work on the cables and maybe a backhoe or bobcat has accidentally dug through some cables.

If your primary internet connection and your secondary internet connection both come in on cables through that same hole in the ground, there’s a fair chance that both of those internet connections are going to be offline while those cables get repaired. That really doesn’t do you much good, does it?

Probably one of the best options we’re seeing at the moment is 4G, leaning on the mobile phone networks for that internet connectivity. As I said, you can certainly hotspot to a mobile phone. You can get standalone 4G routers, which are separate little devices. They’re not expensive.

You put a sim card in them with your favourite telecom, might be Telstra or Vodafone, whoever. That can provide connectivity for your office. There can be a little bit of fiddling around with that type of setup, particularly if you’ve got services both inside the building that you need access to, as well as services such as cloud services that are outside the building.

We can still set it up, there’s just a little bit of configuration that can get a bit fiddly sometimes. One of the really killer solutions we’re seeing emerging more and more is having that primary internet connection with that backup 4G connection built into the router, built into the system you’re already using.

In the event that your primary internet connection does fail, you can have automatic failover to that 4G connection. In a lot of cases, that failover can happen so quickly that you won’t even notice that you’re not running on that primary internet connection anymore.

All of these solutions are available. You need to have a think about your business, think about how important the internet connection is to your business, and how time critical it is more to the point. Put yourself in that hypothetical scenario where the primary internet connection has failed, and it’s not just for a couple minutes but it might be for an hour, or half a day, or two days. Think about what you would do in that instance. Can you work from home? Do you need to set up some sort of a 4G connection for your office so that’s really not an issue?

I’ll leave you with those thoughts for now. Please, give us a call if we can help with any of that. Thanks for listening to this episode of The Power Up Project brought to you by Grassroots IT and Digit IT. Please leave us a review wherever you get your podcasts. Until next time, keep powering up.

#001: Welcome to The Power Up Project

Welcome to The Power Up Project!

In this episode, we give you a quick rundown on who we are, what we do and why we’ve started The Power Up Project.

So great to have you here. We really hope you enjoy our new podcast, and that it helps you power up your business.