The Pros and Cons of outsourcing IT support

Role of IT Within an organisation

Majestic CEO Tal Evans discusses the pros and cons of an organisation having an internal IT support team.

Small and medium healthcare providers, whether they are for profit or NFP, reach a point in their growth and development as an organisation where they realise that a small, internal IT team is perhaps not delivering the outcomes that they desire. And so, they explore their options. When they do so, they’ll typically engage a managed services provider like Majestic to meet their IT requirements.

There are many operational advantages to that decision, but one disadvantage is that they are required to spend time onboarding that external supplier, making them familiar with the organisation’s requirements.

That’s why it’s so important to partner with an organisation that already has a significant amount of expertise in your organisation’s industry. The advantage of working with an external IT services provider is that they can sustain a larger investment in the knowledge required to support various technologies than a Health Care Organisation typically can.

 

Their exposure to multiple organisations in the same, or similar industries also provides a knowledge resource that they can extrapolate to create strategies for your organisation. By utilising the skills of a large number of people, the collective together bring about an outcome for an organisation that arguably is far better than the organisation could deliver for itself.

Azim Premji’s quote highlights the importance of selecting a managed services provider who not only serves your immediate needs, but also your strategic ones.

Raconteur’s article ‘The Digital Evolution of Outsourcing’ advances the concept that the term ‘Outsourcing’ may have outgrown itself. Over time, outsourcing has grown to be second nature to most organisations, evolving from being a replacement of in-house services to being a strategic source of specialists in design, IT and business process management (BPM) that help streamline and grow their businesses.

Social Media Traps!

How People think they get hacked?
HOW PEOPLE THINK THEY GET HACKED

How People think they get hacked?

Social media sites can be enjoyable, entertaining, as well as a way of sharing events and special memories with friends.

BUT… they are also full of traps…

Be careful of memes, games, quizzes etc, which ask you to provide personal information, as the very information you share can then be used to steal your identity.

funny question
Animated girl
Picture of students in high school
Image of a pet
HOW THEY REALLY GET HACKED…

These posts and games underhandedly ask for the same kind of information you’d typically give your bank for verification if you call to make an enquiry. Now of course, not all the information is asked in the same post or game, but rather collected over time so that most unsuspecting people won’t even notice it.

Be alert, be safe!

The Pros and Cons of an organisation having their own Internal staff

The pros and cons of an organisation having its own internal IT staff

Majestic CEO Tal Evans highlights the pros and cons of an Organisation having their own internal IT team.

An organisation with its own internal IT staff has a reduced pool of knowledge with which to trade, borrow and acquire ideas from. Having a managed services provider like Majestic on the team deepens that pool considerably.

Organisations who haven’t experienced various modes of technology delivery will often have an internal IT team. It’s the common starting point for most businesses and it does have some advantages – the main one being a perceived lower cost of delivering a service.

An internal IT team gives you permanent access to salaried staff that are accessible to you all day. They deliver the required outcomes, they keep everything running, they do preventative maintenance, they know how the organisation works and behaves and they build relationships within the organisation.

On the negative side, however, is that those people tend not to have the skills, or resources required to deliver a strategic plan or outcome for their organisation’s IT management. They don’t know how to facilitate conversations around driving an investment in technology and how to create and execute a plan that has an emphasis on the organization’s maturity, the goals of the organisation, where it wants to head to and how to drive those objectives forward.

As a result, we often see organisations making poor technology investments.

Research from IBISWorld shows revenue in the business process outsourcing (BPO) industry is predicted to grow year on year over the next 5 years. Does your organisation use outsourcing a part of its ongoing strategy?

Forbes’ article ‘The Pros and Cons of Outsourcing’ discusses the key aspects organisations should consider when making a decision on whether to have an internal, external or blended team.

The pros include the access to a larger talent pool that we discussed earlier this week, the typically lower labour cost.The cons cited a lack of control, communication issues, problems with quality and impact on company culture. Although these are risks that need to be addressed, Majestic has many years of experience in doing so, using systems and processes that mitigate such risks.

The Challenges with IT departments in small to medium Organisations

Role of IT Within an organisation

Majestic CEO Tal Evans discusses the challenges faced by small to medium organisations, as they attempt to balance the diverse needs their IT team must cater to, with the resources available.

The ABS estimated that over one million Australians changed employers or the business they ran in the year leading up to Feb 2020. That represents 8% of the workforce. The IT industry came in slightly below the average, with 7.1% but that’s still a very significant figure.
What (if any) measures does your organisation take to try and stay below the average?

Given the pace and breadth of innovation, IT skills gaps are now an inevitability in internal departments within mid-sized organisations.
Regardless of how well intentioned the existing staff members are, expecting them to have the full range of required skills is no longer operationally realistic.

“Almost 50% of medium sized businesses reported a growing skills gap within their IT departments.”

Small and medium healthcare organisations with internal IT are faced with the constant challenge of a lack of IT skill.

There are over 200 different types of IT skills that an organisation might need to have from a technology perspective in order to deliver the full range of required services to the organisation.

Not only is it not realistic to expect that any small IT team could encompass that full body of knowledge, it’s also the case that not all of them are required all of the time.

Internal teams are, out of operational necessity, normally comprised of generalists. They don’t have highly specialised skills in certain areas and consequently, they aren’t able to meet the full range of their organisation’s technology requirements.

Absence due to leave, illness or turnover due to a team member leaving the organisation is also a constant operational risk in small internal departments. Not only can it leave a small department dangerously under-resourced, when team members leave it often creates what’s commonly referred to as ‘knowledge bleed’ out of the organisation as the information that ‘only they know’ goes out the door with them.

Strange “missed call” SMS messages are doing the rounds… Here’s how to avoid the trap.

unrecognizable-person-hold-cell-phone-view-from-be-WHSQ3H3-Copy-1024x683

If you’ve been receiving some garbled SMS messages mentioning a missed call or voicemail recently, you’re not alone. The messages are generated by malware called ‘Flubot’, which spreads via SMS and can infect insecure Android phones.

What is Flubot?

FluBot is malware (like a computer virus) that can be installed on your Android device if you click on a malicious link in an SMS message. This malware then sends many similar text messages to other people from your list of phone contacts without your knowledge, potentially infecting them too.

If installed, the malware has wide access and can harvest your contact list to further spread, as well as accessing your personal information and banking details if you used it while infected. If infected, you should urgently remove the malware and change all your passwords, using another device that is not infected.

How do phones get infected?

You may receive an SMS from another mobile number with a message about a missed voicemail, or it could be about a package delivery service from a reputable brand:

Scam-alert-image
Scam-alert-image

If you click on the link, you will be taken to a web page displaying some trusted brand and prompted to install an app, in order to listen to the voicemail message. If you give permission to install, then the Flubot malware will be loaded on your mobile.

Flubot is a sophisticated piece of malware because it spreads by sending SMS messages to random mobile numbers, as well as mobile numbers obtained from a compromised Android device’s contact list. Each time it does this, it creates a new and unique link, which therefore makes it almost impossible for the carriers to block this before it gets to your phone or compromises someone else. To have your mobile phone compromised by the Flubot malware, you would have to click on the link and visit the malicious website in the SMS you receive.

How can I tell if I’m infected?

If your device is infected with Flubot, you will not know if your personal data is being accessed, and you will not be able to see your handset sending SMS messages to infect others. The following are warning signs:

  1. In your app list, you’ll see a new app called “Voicemail” with a blue cassette in a yellow envelope. If you try to uninstall you receive an error message “You cannot perform this action on a system service.”
  2. You receive text messages or telephone calls from people complaining about messages you sent them, but you have no idea you sent them any.
  3. Your carrier may detect you sending very high volumes of messages and send you a message saying: “Your phone is sending many SMS and may be infected with malware/virus…” or something similar.

What can I do?

Importantly, just because you’ve received this message does not mean that your phone is already affected. If you’ve just received one of these messages, do not open the link and you’ll remain protected. However, if you have already clicked on the link and downloaded the software, chances are your device is now infected.

Most popular anti-virus applications for Android phones will detect Flubot to prevent infection, as well as clean up a currently infected device. Information on how to remove Flubot from an Android device is available from various sources online. However, the instructions can be very technical, so if this sounds too techy for you, you can factory reset your phone, which will also erase the malware. Remember that once you’ve reset your phone, performing a “restore” of any recent backup may restore the malware (if that backup was taken while the malware was already installed), so it’s important that after a reset, you use an older backup.

After you’ve removed the malware/virus from your phone, we recommend changing your passwords as a precaution. Do not change your passwords before removing the malware.

Australian phone carriers are already working with the security community to address this scam. For now, and as always, our advice is to be especially cautious of phone calls, messages and emails from an unfamiliar source, and not to click on links that you don’t trust. If you’re still unsure of what to do and think you have been compromised, please contact our support team on 1300441551.

It is impossible to work in Information Technology without also engaging in Social Engineering

Role of IT Within an organisation

Majestic CEO Tal Evans discusses the emerging role of the IT Department as one of the major drivers of an Organisation’s future strategy.​

Jhon Naisbit's quote

“Jaron Lanier’s quote shows us how much reach an IT department now has within an organisation. Far from just keeping the network up and running, the role of IT has evolved to have significant strategic influence over any organisation.”

The role of the IT department is to facilitate what it is that an organisation needs from a technology perspective. Although we may be tempted to view that only in terms of nuts and bolts, eg. making sure the computers are all working, the backup is running and the internet speed is good, there’s a far more important underlying layer. IT Departments are increasingly being called on to participate at a strategic level, advising on what the organisation can do and invest in, in order to achieve their required outcomes.

John Naisbit is famously quoted as saying “We are drowning in information but starved for knowledge.” And he probably has a point. But why? I believe it’s because what we’re really starved for is a lack of strategy. The strategic attainment of knowledge should never result in an over-supply.

The Role that IT plays in an organisation

Majestic's CEO Tal Evans discusses the crucial role that IT plays within an organisation

Whether we always wish to acknowledge it or not, it cannot be argued that IT plays a critical role in any organisation. Your IT infrastructure must be able to deliver on the overall objectives your organisation sets, whatever those may be. It is increasingly vital for our technology to be there to enable those objectives to be carried out in a more effective, more cohesive manner.

Your organisation’s technology can function 24 hours a day, as distinct from human beings. This also facilitates automation, enabling us to do more with less.

Most organisations either have an internal IT team or an external IT provider. Whichever yours is, the role of the IT partner is consequently to offer ways ideas, suggestions and generally advise around the type of things that technology can facilitate.

Research from Accenture has shown that 34% of companies see the IT department as the main driver of innovation. As companies increasingly look to their IT teams to drive change at an organisational level, the role of IT is moving from being a part of an organisation’s infrastructure to becoming a key factor of its strategic plan.

Steve Ballmer's saying

KEEPING YOUR SYSTEMS SAFE IS OUR FIRST PRIORITY

clogs in IT security

There are massive ransomware attacks that are spreading globally. Majestic always have an eye open to instantly react on those attacks. Ransomware attacks have become more frequent these days. At majestic, We take no chance in order to keep our clients systems and data safe

Here are few updates on how we keep up with the frequent ransomware attacks

  • Security and critical patching – We perform security and critical patching on all the SLA systems every month to prevent from any malware attacks.
  • Event log verification – We check event logs of the system every month in order to identify any malicious logs that might have occurred and take proper action to eliminate them.
  • Immediate action on ransom attacks – We constantly monitor for any new ransomware attacks and take an immediate action to prevent, if there are any.
  • Keep the security services up to date and running – We keep security services up to date by installing latest patches.

Majestic Computer Technology’s Service Level Agreement includes all the above features, giving you a sense of security and ensure that you are in safe hands.

We also request our clients to not click on any suspicious links or emails. if you suspect that your computer is not functioning normally or if you receive any suspicious emails, do not hesitate to call us.

WILL YOU SURVIVE AN “ATTACK”?

Cybersecurity image

Did you know that the recent Privacy Act Amendments (under the Notifiable Data Breach Scheme) mean that Federal agencies, companies and not-for-profits with an annual turnover of $3 million or more must notify the Office of the Australian Information Commissioner about cyber breaches, and alert affected individuals?

In this digital age, all businesses are vulnerable to a cyber-attack. This could be via a website, server, emails or third-party providers.

Even if your system is “secure” do you use contractors that can log into your system? Are their computers “secure”?

What are your procedures on opening emails with attachments? What measures do you have in place for transferring money to third parties and internally? Do you have a robust risk management system in place for all your IT systems – telephones, laptops, multi-function printers, working from home, servers (“the cloud”) etc? Do you test your systems to ensure backups are available and haven’t been corrupted?

What would you do if you couldn’t access your computer system – could you still operate? Would your customers be able to communicate with you? Could you continue to make sales or deliver services? What damage would be caused to your reputation?

The Notifiable Data Breaches Scheme

Who needs to comply with NDB?

  • Australian Government Agencies
  • All businesses and not-for-profit organisations with an annual turnover of $3M or more
  • Some small business operators including:

o   All private sector health service providers;

o   Those that trade in personal information;

o   Tax File Number (TFN) recipients;

o   Those that hold personal information in relation to certain activities, such as providing services to the Commonwealth under a contract.

Some statistics…

Australia’s NDB scheme has already forced the disclosure of around 950 data breaches in its first year of operation. In fact, quarterly reporting by the Office of the Australian Information Commissioner (OAIC) reported 812 breaches to the end of 2018 – an average rate of around 2.66 breaches per day!

These numbers are rather alarming given that as the NDB is a new scheme, and thus many smaller organisations are likely to be yet unaware of reporting responsibilities. Experts warn that many companies still lack the internal capabilities to comply with breach-reporting requirements or even evaluating the extent of any incident.

A survey released by McAfee found 45% of Small to Medium organisations had been the target of an electronic attack in the prior year and 46% had suffered a data or security breach perpetrated by disgruntled and current employees.

The risk of fire to Australian organisations is 1 in 200, while hacking is 1 in 5 – would you operate without insurance for your property or stock?

Indeed, nowadays you can insure against almost anything, including:

  • Technology Professional Services;
  • Multimedia Liability;
  • Security and Privacy Liability;
  • Customer Support and Reputational Expenses;
  • Data Recovery and Business Interruption;
  • Privacy, Regulatory, Defence and Penalties; and
  • Cyber Extortion.

What Now?

There are clearly no guarantees that your systems can be made impenetrable. However, being able to demonstrate a responsible IT security posture and how you go about protecting the safety of the data you hold, certainly goes a long way. It may even help keep your insurance premiums at bay!

Our role is to help you with solution to ensure that even if your systems happen to become compromised, your organisation can keep functioning with as little disruption as possible, while minimising the potential for data loss. Let us show you how.

RESEARCHERS HAVE CONFIRMED A NEW FORESHADOW VULNERABILITIES AFFECTING INTEL CPUS

Foreshadow image

Researchers have identified three new vulnerabilities affecting Intel CPUs. All three are Spectre-class attacks that take advantage of a CPU design feature named speculative execution. Speculative execution is a feature that is found in all modern CPUs that has the role of improving performance by computing operations in advance and later removing the unneeded data. Foreshadow/L1TF is a highly sophisticated attack method, and today, Intel is not aware of  any reported real-world exploits.

Majestic Computer Technology is aware of this new speculative side channel vulnerability known as Foreshadow/L1 Terminal Fault. Microsoft has released security update on 14th August, 2018 in order to address this issue. Microsoft patch that has been released to address this issue provides protections against a new speculative execution side-channel vulnerability known as L1TF that affects Intel Core Processors and Intel Xeon Processors. This patch also make sure that previous OS protections against Spectre Variant 2 and Meltdown vulnerabilities are enabled using the registry settings.

Majestic Computer Technology’s Service Level Agreement has installed this security update on all SLA servers, giving you a sense of security and ensure that you are in safe hands.

If you would like to know more, please feel free to contact Majestic Computer Technology at any time. We are here to help.