BongoIT News

All the news, as it happens

How Serious Is the Latest Yahoo Hack?

How Serious Is the Latest Yahoo Hack?

Millions of people have recently found out that they not only have a Yahoo account but also that it has been hacked. Many large companies such as BT use Yahoo to base e-mail accounts for their customers. Anyone with an email address ending with "@btinternet.com", "@btopenworld.com" or "@talk21.com" could have been indirectly hacked and their details leaked.

Continue reading
  1411 Hits

Customer Feedback - Cowley Road MOTs

Customer Feedback - Cowley Road MOTs

"Without the superb help I recieved from Justin and Andrew at Bongoit, I would not have been able to regain ownership of my businesses online presence."

"6 months ago a contractor who worked at my family business attempted to steal it from me. By the time we caught him out and involved the police he had stolen our domain name, goode review account authority, controlled a website in my business name and was passing himself off online as the business owner. This had a devastating effect on my customer retention and the ability for prospective customers to even find my phone mumber.

Without the superb help I recieved from Justin and Andrew at Bongoit, I would not have been able to regain ownership of my businesses online presence. At every stage they were key in providing the help and support I needed. No matter how busy they were, what time of day or how little notice they recieved, they were there, on the phone and ready to talk my solicitors through aburdly complicated internet/legal jargon and provide expert testimony that without doubt was the deciding factor ond turned the tide.

5 stars is not enough.

Use BongoIT if you need help.

Thank you Bongo!"

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Continue reading
  951 Hits

Is Lenovo Trying to Restrict Their Users?

Is Lenovo Trying to Restrict Their Users?

In recent reports it has been found that the Chinese tech company Lenovo has made their most recent batch of laptops locked into Windows 10. Many have suspected that they had a deal with Microsoft but Lenovo has denied this. This, however, is not the first time Lenovo has tried to constrict what user are able to do on their hardware. 

The Supposed Deal With Microsoft.


A Lenovo spokesperson claimed the Chinese giant "does not intentionally block customers using other operating systems on its devices and is fully committed to providing Linux certifications and installation guidance on a wide range of products". The accusation originated from a Reddit thread. The thread accused Lenovo and Microsoft of locking the operating system onto the laptops at a firmware level. Lenovo stated that the lock was a storage driver compatability failure and not a feature."Unsupported models will rely on Linux operating system vendors releasing new kernel and drivers to support features such as RAID on SSD," the spokesperson staited. This meant that if you want to install Linux, you need a kernel with the required SSD driver. The issue could be simply that the latest kernel for Linux RAID has a small bug that creates a huge problem. The affected models include the "Yoga 900S" and the "Ideapad 710S". This does not bode well for Lenovo's already shaky record of unnecessary firmware additions.


BIOS Editing


In August Lenovo sold laptops with that came with free crapware already installed. This included free demos, unnecessary Microsoft programs and other things that clog up your storage space. The software itself was attached to a BIOS function which detected if any of the crapware is deleted and then reinstalls them for you on the next boot up of your system. The way that Lenovo had created their BIOS for the laptop range was with a WPBT that allowed manufaturers to add their own programs and drivers to your operating system.It was also designed to help prevent corruption by running executables on boot-up. This, however, gives companies like Microsoft a free backdoor to implant free, unremovable, demos and software. This idea of implanting information into the operating system was supposed to be used by anti-virus programs. The idea being that that protection programs could delete viruses that had placed code into the BIOS of your system. But the advertisement of major companies beat any hackers that could figure the vunerability out. But that's not all, Lenovo also sends a moderate chunk of statistics back to their databases in China.


Will Lenovo clean up their act? Or will they continue their scheming ways with Microsoft? We can only wait and see if history repeats itself once more with Lenovo.


Lenovo crams unremovable crapware into Windows laptops – by hiding it in the BIOS

Lenovo denies claims it plotted with Microsoft to block Linux installs


Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter


Continue reading
  957 Hits

The Free Tool To Prevent Ransomware

The Free Tool To Prevent Ransomware

This handy piece of software allows you to block almost all ransomware - including the dreaded cryptolocker.


Ransomware Prevention, now for Free.


This invaluable piece of software, now given to the public for free, can clean up and prevent most malicious attacks that come in the form of ransomware. The "Cryptolocker Prevention Kit" was only given out to paying subscribers but now it's available to all. It is not something that can replace your anti-virus but it is a usefull addition to your PC's defences. The kit boasts an "article on cleaning up after infection but more importantly materials and instruction for deploying preventative block using software restriction policies". This means that if your computer gets infected by something that is trying to modify existing software it will be blocked from your machine and placed into quarantine.

The SMBKitchen Crew and Third Tier staff had origionally made this program only available to paying customers. But due to the rapid spread of the virus, the producers made it available to everyone. Click here for the download page.


Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Continue reading
  915 Hits

Ransomware - What, How and Why.

Ransomware - What, How and Why.

In the aftermath of Cryptolocker and Gameover Zeus, is the threat of ransomware still significant? How does ransomware work? How can ransomware be prevented or even removed form the internet completely?

The fight against ransomware and all viruses in general is always an uphill struggle. Your typical anti-virus programs can only prevent attacks from viruses and malware from programs it recognises as threats such as the famous Crytolocker.


What Is Cryptolocker?


Supposidly created by the Russian hacker Evgeniy Bogachev, aka "lucky12345" and "slavik" Cryptolocker is a trojan virus that infected computers via malware. Malware often gets into your system via pirated media and fake advertisements. Cryptolocker was also spread via e-mail attachments, which still today remains one of the most common ways systems are infected. These e-mail attachments could look like anything. Such as a .pdf file, a word document, a powerpoint, etc. although they seem harmless they could always contain code with malicious intent. Cryptolocker was a trojan virus, meaning you would recieve a file (such as a pirated movie or file via e-mail) and then open it yourself thinking that it was harmless, then your computer would be infected. Cryptolocker acted as a ransomware virus. The best ransomware viruses encrypt your personal files and adds itself to the registry of your computer. Cryptolocker did this and also created two processes for itself, one being the actual program and another for keeping the program running if a user wanted to close it.


What Would Cryptolocker Do?




This is what Cryptolocker would do if your system gets infected by it. You would load up your computer as usual and once you reach your own desktop you will be given a timer and a message. The message states that you will have 72 hours to pay a certain cost to recieve the key that would allow you to decrypt and access your personal files again. The program actually had a algorithm that worked out the cost for the key by different currencies (inculding BitCoin) and by how much data had been encrypted. The cost was usually around 400 euros but often was slightly less if paid by BitCoins. BitCoins are an online only currency which is widely used as a way to anonymously buy and sell online. Fraudsters and scammers prefer to use BitCoins as no bank company can trace where the money goes. Crytolocker would give the user a timer in which would indicate how long they had to pay the cost of the key that would release their files before the program destroyed it. Doing things such as attempting to close the program or entering incorecct payment information would be met with warning from the program to half the remaining time. By paying the 300 - 600 euro cost to unlock the key the user would recieve their unencrypted personal files back to them as they had them before they became infected. If you didn't pay the cost before the 72 hours were up then your files will remain encryped and practically unusable. 


Luckily The Threat From Cryptolocker Is Not That Great Anymore


In August 2014 law enforcement shut down a network that was in control of both Cryptolocker and the malware strain called Gameover Zeus. The extortionist gang had created a backup of their victims on a database that they hoped would never reach police hands in the event of an arrest. This would mean they could purge all the data on the primary database and police would lack evidence that could imprison them. They would them simply restore the data from the backup and continue their illegal operations. What they hadn't anticipated was that security firms and police hackers had already gained acceses to part of their network before they had created the backup database. This allowed police to slowly narrow down the list of potentual locations for their network to be based. It also allowed the security firms to find out the names of the victims and their associated file key. They eventually had enough evidence for an arrest and all the victims and their keys were released so that files could be retieved for free.


BBC News Cryptolocker Article

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Continue reading
  1099 Hits

Anti-Phishing and "Whaling", Companies Fight Back Against Cyber Attackers.

Anti-Phishing and "Whaling", Companies Fight Back Against Cyber Attackers.

In June last year the network provider and multi-million dollar company Ubiquiti was scammed out of $46.7 million and has since been only able to recover $8.1 million with prospects of another potentual $6.8 million. This one blunder will set them back at least $31.8 million. These crimes have inspried other CEOs and executives to fight back against the criminal hackers.


Florian Lukavsky Uses Hackers Own Techniques To Stop Them.


SEC Consult Singapore director Florian Lukavsky has turned predator into prey by creating a hack that sends scammer's Window's 10 credentials to the local police. Scammers like the ones that caught out Ubiquiti use a technique of e-mail spoofing to convince executives to wire large amounts of money into their own accounts. The victim doesn't usually find out that they have been scammed untill several hours later. Banks usually don't refund this type of fraud and it is usually written off as a buissness blunder. Florian Lukavsky's counter-hacking relies on the fraudsters making a blunder that could not only cost them their ill gotten gains but also jail time. After a executive has been scammed Florian Lukavsky sends an e-mail to the attacker which seems like it is a transaction comformation from the victims bank. This e-mail includes a pdf file which contains a virus that when the attacker (hopefully) opens will find as many credentials as it can from their linked Outlook or social media accounts account and then immediatly wires it to the police.

"Someone impersonated the CEO of an international company requesting urgent wire transfers and a couple of hours later they realise it was a scam … we worked together with law enforcement to trick the fraudsters," Lukavsky says. "We sent them a prepared PDF document pretending to be transaction confirmation and they opened it which led to Twitter handles, usernames, and identity information." Lukavsky says that he gets a "kick" out of convincing scammers to fall for their own trick. His efforts have led to many arrests and shut downs of many scammers and their bank accounts based in Africa.


Where does the Lost Money Go?


Ubiquiti, which lost $46.7m in June last year isn't alone in the losses. Belgian bank Crelan, which lost $78m in January, Accenture, Chanel, Hugo Boss, HSBC, and countless other smaller companies have also fallen victim to e-mail spoofing and phishing attacks. The FBI estimates some $2.2billion has been stolen from nearly 14,000 cases in seven months to May this year Some $800m in losses occurred in the 10 months to August 2015. Obviously the money can't go through the conventional route it was intended for, so where does it go? Most scammers that are impersonating another person send the money to a bank in China's Wenzhou region. The region itself has been known for money laundering for many international crimes and scams. After the money leaves that bank, any attempt at tracing it's path is practically impossible. After it leaves a chain of Chinese banks it would likely end up in the personal bank accounts of  scammers like the ones Florian Lukavsky stopped in Africa.


Donald McCarthy Prefers Prevention Over Counter-Attack


Vice President of Operations at myNetWatchman LLC Donald McCarthy has an alternate way of preventing his workers form falling for phishing scams. He belives that anti-phishing is more of a deterrent than counter hacking like Florian Lukavsky. Donald McCarthy has come up with a program that will allow his workers to recognise and report phishing e-mails. His idea includes sending out "mock" phishing mail to members of his workforce and reward them for reporting it or making sure they know what could have happened when they believe them. Over time, as the workers get a better sence of what is and isn't a phishing scam, McCarthy will increase the difficulty by making the e-mails that are pretending to be phishing scams less and less obvious. He says that he often rewards employees for the successful identification of a scam with gift cards and in-office snacks. 

"I think all organisations greater than one person should use anti-phishing," McCarthy says. "Even that one person should use it".


Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Source Articles:

Anti-phishing most critical defence against rife CEO email fraud

Ubiquiti stung US$46.7 million in e-mail spoofing fraud

Hacker takes down CEO wire transfer scammers

Continue reading
  1151 Hits

New Microsoft Investment into UK Data Centres.

New Microsoft Investment into UK Data Centres.

The new cloud regions in the UK become part of one the world’s largest online storage infrastructures, supported by more than 100 data centres globally. Several large organisations have already signed a new contract with Microsoft to use these new data centres including the Ministry of Defence.

Microsoft has recently opened several data centers in the UK. For the First time ever UK users of Azure and office 365 will be able to connect to their data without it having to pass through another country to get here. This new investment makes Microsoft the first global service to provide data from a cloud based from UK data centers. Many large organisations such as Glasgow City Council, Marks & Spencer, Confused.com, Natural Resources Wales, Pizza Hut Restaurants and Virgin Atlantic already use Microsoft's cloud servises and the Ministry of Defence is soon to join them.


Better Security and Speed For the Ministry of Defence.


The Ministry of Defence has stated that it has signed a contract to make use of the new UK based data servers because of both value for money and security of data. The MoD not only has around 230,000 workers, many of which will use Microsoft cloud products like Azure but also spends around £3 billion each year to improve its data infastructure. This should give you an idea on how much Microsoft has invested into the capacity and security of these servers.

“Microsoft’s secure and transparent cloud service in the UK fits perfectly with the MoD’s digital transformation agenda,” said Mike Stone, Chief Digital and Information Officer at the MoD. “This agreement, which is based on Microsoft’s world-class reliability and performance, will allow us to deliver cost-effective, modern and flexible information capabilities. It will ensure we are better-placed in our ever-changing, digital-first world”. Mike Stone also stated in a BBC interview that this is a welcome change as many elements of the MoD's servers and software hasn't been updated for several years.


The New Investment is a Welcome Change.


"We were still on Windows XP, for instance, and all of the applications were from 2003 or prior to that," he said in a recent interview. "I took the view that the services we were providing were unfit for purpose. The idea is to provide a different capability that fully exploits the power of the cloud and mobility. We can now work on documents collaboratively and understand more about the ways we are working—we will be able to see how much time teams are spending in meetings, on email and on the phone.".

Before Microsoft had installed these local data centers our data was having to pass through several countries. The Neatherlands and Ireland had the largest amount of traffic within their Microsoft data centers due to it having to pass through them to get to UK users. Now UK users will be able to enjoy the global network of Microsoft products such as Azure and Office 365 with less latency and more capacity but with the bonus of added security due to local servers. 


Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Source Articles:

MoD inks UK Azure data centre deal with Microsoft

Microsoft becomes first global provider to deliver complete cloud from UK data centres

Continue reading
  1065 Hits

Is The U.S. Bluffing About Their Cyber Security?

Is The U.S. Bluffing About Their Cyber Security?

Is The U.S. Bluffing About Their Cyber Security?


At the G20 summit in China yesterday, President Obama stated that: “We have had problems with cyber intrusions from Russia in the past, from other countries in the past.” and that now “we are moving into a new area where a number of countries have significant capacities. And frankly we have more capacity than any other country, both offensively and defensively.”.


Are Americans at Risk?


This would obviously be reassuring for any nervous American not wanting to be spied on by countries rival to the United States but a quick read of a report made on the 5th of August may make them worry once again. In a presentation at a "DEF CON" hacking conference Jason Healey, a senior researcher scholar at the University of Columbia, revealed his report on the number of zero-day vunerabilities that U.S security agencies have at their disposal. Healey expected that the U.S. would have useable bugs in the tens of thousands. After his research into released documents, Snowden leaks, interviews with intelligence staff, and presidential papers he concluded that there could not be more than fifty bugs in total. He was sure to state that the true number of bugs and stored vunerabilities that the U.S. intelligence has could still be a mystery but the evidence found to support a severe lack of cyber strength is compelling.

So does this mean Obama was bluffing at the G20 summit, perhaps in some way to disuade potentual international threats? Or has the U.S. been able to amass a massive proportion of new bugs and vunerabilities within a month?


What are "Zero-Day Vunerabilities" and Why Doesn't America Have Them?


Zero-Day vunerabilities are bugs or vunerabilites in systems that could allow organisations like the NSA or CIA to counter-attack in the event of a cyber war breaking out. However the bugs themselves pose a threat. For as long as the United States government keeps them there is the chance of a leak and hackers obtaining these secret system vunerabilities. This has divided American politics on the subject, as many would like to keep the bugs in case of a threat from China or Russia would arise, whereas others think more businesses would invest in the United States if they knew the threat of hackers obtaining these bugs were low or non-existant. So due to this division in opinion we end up with something like the results from Jason Healey's report staiting that the U.S. is not a major power in cyber world and also President Obama telling the U.S.'s main rivals that they will be the best on the cyber battlefields to come.

All the evidence suggests that the U.S. did not meet the same cyber power as expectations but could be working towards fufilling them in the near future after the G20 summit. 


Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Source Article:

How many zero-day vulns is Uncle Sam sitting on?

Obama says USA has world's biggest and best cyber arsenal

Continue reading
  920 Hits

What Fraudsters Want You To Post Online

What Fraudsters Want You To Post Online

Identity Theft Is On The Rise


Readers be advised, idetity theft is on the rise. In the UK alone there were 148,000 victims during 2015 according to the fraud prevention service Cifas. This is up by 57% from previous years. And as if we were not worried enough by Ransomware and Brexit!

Researchers looking at this growing issue have identified social media sites as the main culprits for publishing personal details. If you think about it you wouldnt give your date of birth to just anyone, but there it is on your Facebook wall. 

These personal details can be used to take out things such as loans and credit cards in your name, and could land you with a whole heap of debts, The advice is to be aware, and think carefully before you put any details online, and keep up to date with security/privacy settings for the sites where you have posted your details.

It could be something else that gives the game away for enterprising fraudsters though such as a photo that has your bank card it in somewhere, a picture with your passport in (perhaps if you are going on holiday), your phone number (Yes even that can be used as fraudsters may try to run a scam on you!).  

So remain vigilent and don't let the fraudsters catch you out...On the other hand I don't get a huge stream of Happy Birthdays on my Facebook wall, sad days indeed.



Continue reading
  944 Hits

Office 365 Update - Control Over Sent Items When Using Shared Mailboxes

Office 365 Update - Control Over Sent Items When Using Shared Mailboxes

Ability To Control Shared Mailboxes Sent Items In Office 365


What is it?

The ability so keep a record of emails being sent and who sent them when using a shared mailbox. This feature is especially useful when using a shared mailbox which could have several users, and is essential for some businesses.

 In Exchange 2010 there was a way to configure how sent items were set up for shared mailboxes, but this was left out of Exchange 2013. Since reviewing the customer needs (i.e. customers screaming at them for removing the feature) Microsoft have re-released this handy feature.

How does it work?

Emails can now be sent as the shared mailbox itself for example from This email address is being protected from spambots. You need JavaScript enabled to view it., or by the individual users. Either way will now retain a copy of that message including the sender details in the sent items for that mailbox.

Do I need to do anything?

Yes, as by default this feature is disabled. It can be turned on by setting the features' enable flag to True. You will likely need IT Support to help you with this but for more information please see this Microsoft article Technet

Enjoy the blog post? Then you would love our newsletter! Signup here and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Continue reading
  1010 Hits

Office 365 Upgrade Has Changed The Way Files Are Attached In Outlook

Office 365 Upgrade Has Changed The Way Files Are Attached In Outlook

Have you just upgraded to the latest version of Office 365 and found that the way attachments work has completely changed?

Office 365 now sends links to documents instead of the file itself to save space.

Some of our clients have been calling in about this issue/change for a bit of IT Support. Microsoft will implement new features without making end users aware. This feature has been on the development roadmap for a while though and is designed to save storage space in Exchange online, and improve workflow. It also probably saves Microsoft a bit of electricity in their data centres, probably.

Where do I see this feature?

When you open a new email in Outlook 2016 and you want to attach a file most users will click the attach button in the email menu. Doing this now will present you with a list of the most recent documents you have used, and should the thing you are looking for not be there the option to browse for the file.


Once you select a file it will seemingly attach itself to the email.


The good news is that you can still easily attach documents. All you need do is click on the dropdown menu for the attachment and choose "Attach As Copy".


Why use the link sending feature at all?

Internally to your business it makes a lot of sense. Documents should be worked on through the system so they are always saved, and if versioning is turned on then versioned as well. We all spend a lot of time looking for things in our filing systems too, this should help users get to documents quicker, and ensure everyone is working on the same document version. Externally however it doesnt really work as a concept, yet.

Enjoy the blog post? Then you would love our newsletter! Signup here and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter


Continue reading
  927 Hits
  1 Comment

How to save money and be more efficient with your IT

How to save money and be more efficient with your IT

Saving Money and Increasing Efficiency in IT

With the uncertainty generated by BREXIT, the economy generally being a bit slow to pickup during the first half of 2016, and with the price of oil seeming to creep back up, the future seems uncertain and everyone is looking at how to save a bit of money. The question is can you save money and be more efficient at the same time?

The short answer is yes but you have to be willing to change, and those changes in the short term will cost money and/or time which is recouped in the medium to long term. Trying to be frugal on the following solutions and do it yourself can, unless very well managed, cost you a great deal more time. After all, you get what you pay for.


An example of change and efficiency working hand in hand to increase revenue: A UK technology provider is forging their own path to growth by diversifying their business and using their hard won efficiencies to nurture a new business arm. Fidelity-Group have traditionally been in the leased line and telecoms market but are now heavily promoting their energy savings arm. Their rationale is that the systems and processes needed to manage quoting and billing are very similar. In this way they are using their strengths to build a new market for far less upfront cost than say a new company would experience.


As we are from the IT world though we wanted to give you our top ten tips on saving money on IT whilst increasing efficiency, and none of them involve firing anyone.

  1. Get rid of your server and its maintenance. Whilst this isn’t suited to a company doing in house software development there are still thousands of small companies out there running Microsoft Small Business Server for nothing but email, calendars, contacts and file sharing/backup. Often the way these have been setup is haphazard and leaves gaping security loopholes but that is another story. The point is if this sounds like you then you need to consider moving to Office 365. Let Microsoft look after ‘your’ server in their massive, purpose built server farms. Let them deal with updates and maintenance. Not only is it virtually guaranteed to save you money and time but with a correct implementation and the appropriate training you can become more efficient too.
  2. Get a better hardware supplier. Do you ever find yourself walking in to PC World to pick up a new computer? Oh dear, not only are they expensive but the tendency is to, with the best intentions, buy something with all the bells and whistles that you just don’t need. The same goes for many small computer supply shops. The problem is being able to trust that what you will get is fit for purpose without trying it first. To be honest though, should you be making that decision? Your IT guys should know what applications you need and buy the PC that is fit for purpose. Get a standard workstation from an industry supplier, and have it delivered to site the next day. No need to think about it, no need to drive/walk anywhere.
  3. For that matter get a better software supplier. Some hardware suppliers will also do software so long as it relates to the systems they sell. For example a large distributor of Dell will probably also do Kaspersky licenses for a fraction of the price you would pay from the Kaspersky site.
  4. A minor point, but something you can implement right away. Did you know that ~85 per cent of UK landline phone numbers are registered with the Telephone Preference Service, but only 3 per cent of mobiles are signed up to the service (which is mostly free)? Whilst this won’t save you money directly it will save you time from answering those pesky sales calls. Just text “TPS” to 78070.
  5. Hire an accounting expert, perhaps just as an advisor or on a temporary contract. They should be able to help you make cuts which don’t just get shifted on to another business unit. You may also be able to tap legal resources to review existing supplier contracts.
  6. Take control of “unmanaged” costs such as power consumption, or printing. Ensure you can measure these costs accurately so you can see where you can make further savings.
  7. Get rid of useless software. We all have that subscription somewhere that eats away at our bank account until we notice one day and wonder why we ever bought it in the first place, or in some cases IF we even bought it! It could be the anti-virus software you used to use, or even the current software which can often be bought cheaper through a different supplier. Is it strictly necessary? Does anyone use it? Isnt there an open source version you could use?
  8. Switch to VoIP telephony. Typical savings are in the 40% region. You will need a good internet connection to do this but even the Virgin home broadband upwards of 100mbps is good enough for a dozen people (though not if you run a call centre).
  9. An obvious one – review your marketing plans often. Are you getting a return on any of your expenditure? Are you spending enough in the right places or just throwing money at a marketing spread where its impossible to tell what is working and what isn’t? For example if sending a branded Filofax to a highly targeted prospect costs £200 but they become a high value customer for life is that not better than sending 10,000 emails to fairly random people?
  10. Rationalise your systems. Emails, websites and failover services are high on the list for this. If youre a bit worried about touching it (using the “if it isn’t broken” rule!) get in a consultant to help make it more efficient moving forwards. So much can be done on the cloud today, and often it presents a much more economical option.



You are not expected to know everything. Equally though when was the last time your IT company came to you and said “hey, we have this great idea that will improve your business/an aspect of your business, and it is really easy to implement”? And then it happened, it was easy/cost effective, and it made a difference?

Do we practise what we preach? To some extent yes we do, we invest back in ourselves in new learning, certifications, and IT equipment and software to do our jobs better. We have embraced the cloud and learned to use the tools it gives us to be more efficient. We have also just refurbished our office which now looks respectable enough to not be embarrassed about bringing clients to. So why not come and visit us for a coffee if you are ever in Oxfordshire?


Enjoy the blog post? Then you would love our newsletter! Signup here and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Continue reading
  1344 Hits

Top 10 Gotchas for Cyber Security

Top 10 Gotchas for Cyber Security

The internet has revolutionised how many businesses operate, and how we live our lives. With over 2 billion users it is also a battleground for cyber security experts and hackers. Protecting key information is often critical to the survivability and competitiveness of businesses today.

Cyber security is also a hot topic at the moment with the government pitching in with adverts to warn us about using stronger passwords; but there are also some very common mistakes we see IT technicians making all the time. Here’s our list of the top 10 security gotchas.....

1. Port forward 3389.

Are you able to remotely login to your server using this method? Restricting access at the Firewall by IP address is not good enough as IP addresses can be spoofed and your details could be “sniffed”. This is called a man in the middle attack. This is such a common issue seen all the time, poor practise creates loopholes!

2. Sharing passwords across clients.

The chances are that the companies which do this will also proudly list some of their clients on their website. Therefore an enterprising person could gain access to all or some of said companies’ clients. The worst culprits seem to be website "designers"

3. Installing 3rd party browsers (like Chrome or Firefox) on to a server, and/or disabling Internet Explorers’ protected mode.

Why would an admin do this? Because it’s difficult to browse from a server otherwise. IT technicians should instead connect to a workstation, browse from there and if needed download files to a shared folder.

4. Poor physical security.

If I can touch your server I can take everything you have. This is quite a remote possibility for most people, but for businesses in highly competitive markets and with valuable Intellectual Property it can be an all too easy mistake to make. For example we have noted that it is usually very easy to get in to a “secure” premises by saying “I’m here to fix the computers”, people tend to just trust you!

5. Creating/not noticing SQL injection vulnerabilities.

These are unfortunately all too common given that they can be easily avoided. One of the most notable cases was the SQL Slammer worm of 2003 which infected ~75,000 machines successfully within 10 minutes of deployment. An amusing yet simple example of SQL injection is the tale of Little Bobby Tables. His mother being the caring sort we all know and love decided to Christen her son “Robert’); DROP TABLE Students;” which when typed in to the school database (as part of standard data entry probably done by an unwitting intern) erased a years’ worth of student data. Obviously they should have sanitised their database inputs! XKCD.

Primary Defences:

  1. Use of Prepared Statements (Parameterized Queries)
  2. Use of Stored Procedures
  3. Escaping all User Supplied Input – Probably the best method!

6. SSL Issues

SSL certificate expiry happens to the best of us, well not us, but some very big companies like Google in the case of their Gmail service. It can be very embarrassing when clients can’t access your website/their email, and potentially damaging to your reputation when they are told it is not a trusted domain. To ensure it doesn’t happen make sure you get the email reminders from your certificate issuer, and that these go to a shared inbox where designated people can action it.

7. Automated Patches

Windows Server Update Services (WSUS). If not configured properly the WSUS will use Http not the encrypted HTTPS delivery. Hackers could use low-privileged access rights to set up fake updates. These updates could download a Trojan or other kind of Malware allowing the hacker some access to your server.

8. Sensitive data exposure

A good developer should be very aware of security, sadly many developers are not. We had a situation like this when we took on a charity who had a lot of work done for them pro bono. We always say that you get what you pay for, and in this case that really rang true. The (very) sensitive data was not encrypted, nor was the access to the data. Anyone working at the web hosting company had access to the data, we had access to the data, the data could have been sniffed etc. and whilst we can be trusted we shouldn’t have access, and Joe Blogs is definitely a security threat.

9. Not applying fixes/updates

In a lot of SME’s they tend to look after their own IT until it becomes too complicated (out of necessity) for them to manage. I can’t count the amount of times I have gone in to scope out a system and found a bazillion updates needed doing. When asking why they have not applied the update the answer is usually “oh that’s what that thing is flashing at me for”. In larger companies updates should be scheduled and run from the server (to save on bandwidth mostly, and in some cases to be able to control which updates should be installed), remote devices should be able to be locked and wiped as a bare minimum requirement if they can’t be fully controlled. We have seen instances where this is not happening correctly and have suggested using a tool like Intune.

10. Poor practise

If it is not broken don’t go looking for issues, mentality. What with all of the above to deal with one would assume that an IT technician needs to keep on the lookout for vulnerabilities, but you know what they say about assumptions.


Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Continue reading
  1154 Hits

Bongo IT’s Top 10 Gotchas on Office 365

Bongo IT’s Top 10 Gotchas on Office 365

Bongo IT’s Top 10 Gotchas on Office 365

Of course you don’t want to make a hash of it, and you want a good ROI, but many businesses make a total mess of their migration to Office 365. It should be simple, and if you’ve only got a few users and a small volume of data it can be. But most migrations fail to deliver the promised benefits.

Independent research suggests that 72% of Office 365 migrations of over 200 users fail to deliver significant benefits whereas those “properly” migrated save significant cost and dramatically increase efficiency. With this background, here are 10 confusing pitfalls of Office 365 you should be aware of before migrating to the cloud:

1. Microsoft Account vs O365 Organisation Account


As you will know there are a lot of different versions of Office 365; for home, for Business, for Enterprises, for Not-for-Profit organisations...and even some free versions for consumers requiring a different MS account type not to be confused with your organisational account. If you have both account types (which could even use the same email address) Microsoft will be holding your credentials within two different databases...thing is they sometimes "cross streams", and as we all know you don't want to do that. I'll try to explain the two account types:


I have This email address is being protected from spambots. You need JavaScript enabled to view it. as my Office 365 username. This is my organisational account (for Bongo IT) and allows me to access my organisations' apps and data when logged in to the portal. This account is used for logging in to all Office 365 features, for example:

  • Office 365 Exchange mailbox
  • Office 365 SharePoint
  • Skype for Business

Microsoft Account

I also have This email address is being protected from spambots. You need JavaScript enabled to view it. which I have linked as a Microsoft Account (https://signup.live.com). I can use this account type to access the consumer version of OneDrive, and a few other apps. Anyone can have a Microsoft Account like This email address is being protected from spambots. You need JavaScript enabled to view it., or This email address is being protected from spambots. You need JavaScript enabled to view it. and if you want free personal email and storage it’s not a bad idea to get one. In my case as I already had Gmail and didn’t want another email address to remember I just linked that up as my MS account. This account is used for:

  • Log in to Windows 8+
  • Log in to Skype / Xbox
  • Log in to OneDrive (onedrive.live.com)
  • Log in to free MS Office (www.office.com)
  • Log in to Windows Phone 8+
  • My free MS Account apps

With Microsoft things are never simple when it comes to licensing but the key thing is to remember that these account types are stored in separate databases that are not aware of each other. Each allows you access to different things, for example Skype Vs Skype for Business. If using both systems at the same time it is useful to use 2 browsers (one for each) to avoid any logging in issues, and to avoid a great deal of confusion. A password manager won't go amiss either. You may also come a cropper to a few inconsistencies. For example you can link Office 365 Home, or Student, to Skype. You can’t link Office 365 for Business to Skype.

2. Sharing Documents Externally

This used to be quite tricky but Microsoft have worked out some of the bugs since 2013, which has made this a lot more user friendly. There are various ways to share documents/folders/sites with external users but you need to be aware that SharePoint has a different security setup to OneDrive (paid subscription). OneDrive is ready to go when it comes to sharing externally, SharePoint Online (SPO) may require some settings updating and security groups creating. If you decide to allow internal users to be able to share a Site in SharePoint be extremely cautious.

Before you start you will need to turn on External Sharing in your Admin Centre, from the SharePoint dropdown menu item. NB: You can only share documents etc. with a Microsoft Account or Organisational Account holder. These are the things to be aware of: Sharing by email address: if you opt for this and uncheck "Require sign-in" the user will be emailed a Guest link. They could email this on to anyone (with a MS Account) who would then be able to access the data. Make sure you set an expiry date to the link. Sharing by "Get a Link"; again you will see options where no sign in is required. Remember to set an expiry if that is an option you choose.

3. Failing to factor in the Cost of Add-ons

As a Microsoft cloud partner it’s almost easy to forget that we have access to almost everything as part of our partnership benefits. Gloating aside here are some of the Add-ons you might want; Dynamics CRM Online, Yammer for Enterprise, Project Pro for Office 365, Visio Pro for Office 365.

4. Using Exchange Server Deployment Assistant

The Exchange Server Deployment Assistant will help you build a step-by-step checklist that will greatly assist you in the deployment of Exchange Server for different scenarios. It is a web based tool, and can be found here. If you don’t use the tool, then you are risking looking like one.

5. Get the prerequisites right for Office 365 when going hybrid

If you have large files which need super fast access (e.g. architects, designers, engineers), or you have offices in multiple countries you are probably considering going for a hybrid deployment. Number one is to be aware that if you have older software you need to upgrade it to support Exchange 2007 and later. However if you are using 07 and 10 you still need a 2013 CAS&MB server. We would recommend upgrading your entire on premise organisation to 2013. With Exchange 2016 around the corner it makes a lot of sense to get on the upgrade path now before you get left woefully behind, lacking in various bit of new functionality.

6. OneDrive for Business 5000 limit…and why you shouldn’t use it, yet.

Whilst you may have carefully planned your libraries, data migration and access rights you may not know about the 5000 limit which will scupper your good intentions at the final stage. You can only sync 5000 items (files + folders) per library using the OneDrive for Business app for PC and Mac. It's only a limit of the app, not SharePoint Online. So the answer is either to not sync libraries, or to ensure they only have a limited number of items in them. You can cheat by using Zips but that's not desirable for eDiscovery, or generally for access. We will say this though: currently we do not recommend using OneDrive for Business as it can be (but not always) unstable.

There is a new next gen sync client based on the more reliable consumer version out now but it only works with OneDrive (business not consumer), not SharePoint which is what we need. A little bird a Microsoft has said that it will be released in July 2016 though. Currently OneDrive for Business is unreliable, and whilst “easy” to fix it can be a bit of a time waster. There is a way round it though that gives you just about the same functionality. You can view SharePoint Online via the Explorer window so long as you are using Internet Explorer and select that option in the library settings pane. You can eliminate issues with the local cached copies of files by going old school and mapping a drive to a folder or library.

7. Calculating time to upload - EWS 400GB limit, and bandwidth requirements.

An oft forgotten issue when you are bogged down with the technical details. If you have a slow upload rate then you need to think carefully about how you are going to move all your company data to the cloud. You might even consider moving some data to another site to increase the upload speed. Exchange Web Services (EWS) also has a 400Gb transfer limit per day set as well. If you are uploading this much data the chances are you will be doing the migration in stages over multiple days, but it is still something to be aware of.

8. Data Retention: 14 day retention limit for deleted items.

As an Administrator you will be able to reinstate files which the user may have accidentally (or deliberately!) deleted from their Exchange Online inbox or from SharePoint Online. However the default setting is that files will only be retained for 14 days which doesn’t give the business much time to react in the case where something has gone missing.

9. Being aware that Lync Online does not provide full VoIP telephony…yet

If you thought that Office 365 (in the UK) was a full Unified Communications platform you would be wrong. Yes you can host Skype for Business (Lync), or use a hosted service but this requires significant investment. In its virgin state you can't use Skype for Business to dial out, which is a shame. Microsoft look like they will be releasing full PTSN integration at some point in the near future though, this feature is available now on a trial basis depending on your location and account type. We are trialing it right now!

10. Spam filtering – do I hear a rewind!

You may have spent years tuning your spam filter so that you barely get any spam at all but, like unlike Viking Gold, you can't take it with you. You will need to learn about Exchange Online Protection (EOP). There is so much material out there on EOP that there is little I could add so try reading up on it here... more details NB: If you have a Hybrid deployment or just plain old Exchange or even a non-Microsoft email server (heaven forbid) you can still get EOP to protect your mailboxes!

  • For both Exchange Online and SharePoint Online you need to be aware of the legal retention framework which your business operates under. Solicitors and accountants will have a completely different set of rules to play by than a builders. The general principal is the same though, retain data only for as long as you legally need to. This reduces your “legal risk”.
  • For Exchange Online you can now edit this limit by creating a new MRM policy; here's how MS Blog You may also wish to use the Exchange Admin Centre or PowerShell Technet
  • For information on how the SharePoint Online Documentation Deletion Policy Centre works try this very helpful article Technet


Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Continue reading
  1828 Hits
  1 Comment

Email continuity during an Office 365 Cutover migration

Email continuity during an Office 365 Cutover migration

Email continuity during an Office 365 Cutover migration

Ever been in the position where you can’t access your emails? Then you will know that sinking feeling, and the ‘sh1t I can’t do any work’ thoughts that will run through your head.

Continue reading
  1149 Hits
  1 Comment

Critical Issues in Office 365 Implementation

Bongo IT Introduce: Dr James A Robertson - Business Systems Specialist

Bongo IT collaborate with a number of affiliates across different sectors including change/process managers and strategic business advisors, to deliver effective projects every time. The author of this article, Dr James A Robertson, works with Bongo IT leading the charge in understanding the business needs by working with the C-level stakeholders, in most cases the CEO. Understanding business needs and processes from the top level down helps bring about highly effective implementations of IT systems, improving productivity companywide.

Critical Issues in Office 365 Implementation

The full implementation of Office 365 represents a distinct change in the way of working for most organizations.

Continue reading
  1636 Hits

Hacking and Hackers 2016 - Defend Yourself Against Ransomware

Hacking and Hackers 2016 - Defend Yourself Against Ransomware

Global Threats to I.T Security

Security Threats 2016 - - Defend Yourself Against Ransomware

Security is always a front runner in IT but new thinking from the fraudsters and hackers requires new, or at least updated, defences.

This year we have seen some really big stories in the news about hacking and security, and there have been some very nasty viruses released on to the internet. So, can we afford to continue in the same way as we always have? If we do it may cost us dearly. This is not scaremongering, these are the facts. Who's Been Hacked In The Past Two Years?

Experian, Premera Blue Cross, UCLA Health System, JP Morgan customers, Ashley Madison, US Government employees (including overseas spies!), Sony employees, Home Depot shoppers, EBay users... The list goes on but the above are the most notable. It's not just big companies that get hacked though, everyone is at risk and personally I have seen 3 instances of Ransomware attack in the past year (all data was recovered).

Most Notable Threats In The News:

Locky and other Ransomware - in our opinion the most prevalent and worrying viruses around at this time are those dubbed as "Ransomware". Have you or your staff received a slightly odd yet real looking email with a Word document attached? Or for that matter a PDF or Excel file? If you have and you opened it then your system is probably infected. Ransomware can come in all sorts of guises so it is difficult to pinpoint a tactical defense mechanism.

MazarBOT - A nasty virus affecting Android phone users that is capable of displaying false pages at the top of banking apps to try and trick you into handing over your financial credentials.

Linux Mint - if you happen to have downloaded this very popular version of Linux on or around February the 20th you may have been infected. Hackers had redirected the link to the ISO file to their own servers handing out an infected distro.

"Won't my Anti-Virus and Malware protection software stop Ransomware?" I hear you say...

The truth is that any very new virus won't be picked up by any AV software because it is not yet in their database.

Once infected Ransomware will start to encrypt your files so you can no longer access them. Then, at some point (and this could be several weeks later after all your backups are infected too) you will get a popup asking for a variable but not inconsiderable sum of money for the privilege of accessing your now hijacked data. Locky Ransomware is spreading at the rate of 4000 new infections per hour, which means ~100,000 new infections per day.

So are we all up the creek?

Well in a way, yes, we all have to be very careful. We all have to remain vigilant and be very aware that these attacks are out there, even to the point of training your staff so they know what to look for, and what NOT to do.

We wouldn't be surprised if cyber security even became part of the curriculum in the near future. There are some defences and practices we can adopt to minimise our risk though.

The Main Defenses


  1. Use a modern browser that is updated consistently, for example Chrome.
  2. Use a popup blocker extension with the browser, for example AdBlock Pro.
  3. Make sure your Anti-Virus software is up to date, we recommend Kaspersky as it is Russian; the majority of hackers are Russian thus it should have the most up to date protection available.
  4. Consider using Anti-Malware like MalwareBytes
  5. Don't open "dodgy" looking emails.
  6. Train your staff on what to look out for.
  7. Protect your data! Create a backup system which is designed to resist this type of threat. Most are only designed with mechanical failure in mind.

Other Hacking Vulnerabilities For Your Delectation

Do you have a wireless mouse/keyboard? For example the signal between your mouse and the computers receiver (usually a USB dongle) may be unencrypted, thus the receiver will accept any seemingly correct command, this is known as Mousejacking. The same goes for some wireless keyboards.

"With the use of around $15-$30 long-range radio dongle and a few lines of code, the attack could allow a malicious hacker within 100 meters range of your computer to intercept the radio signal between the dongle plugged into your computer and your mouse". Ref: thehackernews.com

Poor Passwords: We see this all the time! An example of a poor password is Dave12 since it is too short and could be guessed fairly easily. Strong memorable passwords are difficult to generate so use a free web service like SafePassword.

They should include a mixture of numbers, letters and symbols and be at least 10 characters long. NB: An 11 character password is not able to be hacked by brute force by any computer in the world.


Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Continue reading
  1655 Hits

Unified Comms, Skype for Business, PSTN Calling. All in one place?

Unified Comms, Skype for Business, PSTN Calling.  All in one place?

Unified Comms, Skype for Business, PSTN Calling

The whole telecoms industry has been turned on its head by IP telephony. The idea of finally integrating your voice and data networks feels both long overdue and maybe within reach.Before dismissing this as yet another false dawn, there is some substance to the current developments that mean there is a good chance you will shortly be able to gain the massive benefits that Unified Comms has been promising for a long time…

So what’s going on now?

Update 07.02.2017 - Skype For Business PSTN calling is now available to businesses. However, we have noted that the companies using it are not entirely happy with the way it works from a UI perspective, yet.

Below we highlight recent developments that may show you the way forwards. Spoiler: It’s not quite ready today but maybe, just maybe very soon!

What We Want is Unified Comms in Office 365, When Do We Want it?

Microsoft launched Skype for Business mid 2015. At that time there was a lot of talk about the new voice and meeting capabilities, and there was the chance to see a technical preview if you lived in the US. The new capabilities will enhance the current Skype for Business experience and allow IT Service, and Telecoms providers to offer a complete enterprise grade communications solution as part of Office 365, or the unified comms solution of the future as we see it.

When we visited the UCEXPO in London during the summer www.ucexpo.co.uk this was the holy grail that everyone was reaching for. Unified communications isn't just about telecoms and conferencing it is about having all your data and colleagues connected in a way which is useful for your business, and being able to access the data from a central "control system" e.g. Outlook. As soon as someone invents an advanced algorithm for text to speech during meetings (that works well!) this type of system will be even more powerful. This company seems to be on the right track, www.cloudpipes.com however after requesting a demo I am #47,852 on the waiting list...Well at least I don't feel like a Guinea pig!

New Skype for Business Features Here and Coming...at Some Point

PSTN Conferencing

Only available to preview in the U.S. This feature uses the traditional public switched telephone network to allow users who have been invited to a Skype for Business meeting set up in Office 365 to join the meeting by dialling in using a mobile or landline. This is a basic traditional dial-in capability one might expect of a conferencing system. It is in addition to, single touch join options on PC's, smartphones and browsers. So if your technical director is on holiday in Spain again and can't connect to the internet he can still join by phone, ah the joy of technology. Using PSTN Conferencing in Office 365 you will be able to dial out from the system to add other people to the call too, which is neat.

THE DADDY! Cloud PBX with PSTN Calling

only available for preview to Office 365 users in the U.S of A currently. This is the feature set we are most interested in. We want to use Skype for Business to make all our calls, and have the address book linked to Outlook. Everything finally would be in one place, integrated. Unified one could say! And don't worry, when this feature comes out you will still be able to use existing on-premises phone lines for outbound and inbound calls.

Skype Meeting Broadcast Preview (available to eligible Office 365 customers worldwide)

You can use this to publish your Skype for Business meetings on the public internet making it easy for "Joe Blogs" type users to join. The system claims to support up to 10,000 people though we have never had the privilege of testing that! This makes it very easy to host huge virtual meetings like that of a volunteers meeting, town hall, or even a demonstration. This preview includes the use of Bing Pulse, for real-time polling and sentiment tracking, and Yammer.

By whom are these previews delivered?

These previews are delivered by Microsoft strategic partners such as: BT, Level 3 Communications, Orange Business Services, Verizon and Vodafone.


Additionally Microsoft will be delivering a feature enabling direct connections to Office 365's Skype for Business customers using Azure ExpressRoute for Office 365. ExpressRoute helps customers easily create private connections between their premises and Microsoft enabled datacentres. This gives you more predictable network performance (predictable latency). This is a great resource for anyone looking for a manageable network with dedicated connectivity, reliability and additional data security. Then again seeing how easy it is to tap fibre we would still be interested to know how that is monitored.

Microsoft say they are "enabling people to connect with one another across all forms of human expression; verbal, written, visual and emotional". Well fair enough, great if you can get on a trial but for us mere mortals we have been waiting patiently for the PTSN calling and cloud PBX for years. We want it now please, thank you!


Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Continue reading
  1428 Hits
  1 Comment

How to really screw up your Office 365 Migration

How to really screw up your Office 365 Migration

How to really screw up your Office 365 Migration

Of course you don’t want to, but many businesses make a total mess of their migration to Office 365. It should be simple, and if you’ve only got 20 users and a small volume of data it can be.

But most migrations we come across fail to deliver the promised benefits. Other independent research suggests that 72% of Office 365 migrations of over 200 users fail to deliver significant benefits whereas those “properly” migrated save significant cost and dramatically increase efficiency. With this background, here are the six top mistakes that will really screw up your Office 365 migration:

More haste, less speed

Whilst this is somewhat of a cliché its meaning rings true when it comes to large scale migrations and the changes they bring to your organisation. There are roughly 50 steps to follow to an Office 365 migration and activation, and they are not all easy. Some administrators will have a wider breadth of knowledge than others setting up – for example setting SPF records is new to a lot of people. Typically, younger administrators that have been with the same company for their entire career cycle may have only worked with a single version of Exchange and may have never performed a migration. So whilst the day-to-day, Business as Usual service is fine, managing a large scale and fundamental change can be extremely nerve-racking, especially as there is a lot of new terminology to get to grips with.

Our top tip is to use the Exchange Server Deployment Assistant, which can give you all the steps needed to perform your migration. Remember to do a test migration first if you are considering doing it yourself, however!

Up for adoption?

We have found that the adoption work for end users is sometimes pushed to one side, or not very well handled, as it’s not part of the day to day routine. It's ok to send out a pdf with the basics of how the system will work before migrating but really you need to engage with the end users site-wide to gauge sentiments and ensure that adoption isn't a "hair loss situation".

Depending on how many departments you have, and how many stakeholders are involved you may want to go whole hog and hold seminars for each group of people. These will not only help you educate the various groups and people involved but will allow you to gain valuable insights as to the users’ feelings and concerns about moving to the new system. It is extremely hard to hold a seminar by yourself though, you will need to have a colleague write questions and details down for you whilst you focus on presenting and answering questions.

When we helped hold adoption and technical seminars for a major London University (around 25,000 users) it was imperative for them to consider using the latest cloud technology for their students and staff to enhance the learning experience, but it was also vital to get a consensus amongst the different departments as to when/if they should move to the cloud. Don't be afraid to really simplify things down for your users too, you know how to do the simple "assumed" easy things like reset a password, they may not. As you may well be aware!

Document libraries rationalisation

Probably the most annoying job in the world unless you are a librarian or have OCD. In the case of SMEs there is often an existing document library, but we have rarely seen one that is well organised, let alone one that is prepared with OneDrive for Business in mind. There are a few things you need to think about before starting to migrate any data to OneDrive for Business or SharePoint Online. What's that you say? OneDrive for Business? Yes in Office 365 organisational accounts you get a version of SharePoint called OneDrive for Business with 1TB of space. We tend to think of it as a personal storage space however; it is also a lot easier to share documents and folders with external users using OneDrive for Business as opposed to SharePoint. With OneDrive for Business you don't have to set up a user access structure as you do with sites in SharePoint. In SharePoint you need to understand three things relating to this:


  1. SharePoint groups
  2. Permission levels
  3. Permissions inheritance and site structure

Whilst this can be achieved in OneDrive for Business you can share a folder very easily to an email address (must have Office 365, or a Microsoft email like Hotmail) without having to worry too much about what else they might be able to access.

Back to the topic at hand. So, those things you need to know:

  • If you intend users to sync files to their computer using the OneDrive for Business app there is a 5000 item (that’s files + folders) sync limit per library. This can be perpetually annoying if not considered in advance. For example libraries that will get used a lot will fill up quickly. Be sure to create a structure which allows files to be archived easily.
  • Find out the overall size of the data which is to be moved. If the standard SharePoint Online (SPO) can't handle it admins can buy more space by the TB. Be aware that there is a 100Gb limit on site collections though.
  • There is also a limit of 5 million items within a document library. Unlikely as that is to hit.
  • Check the existing depth of the file structure. If you exceed 260 characters in the path name in SPO you will hit trouble.
  • Check for invalid characters like $, these files will not upload. No need to drive yourself crazy checking by hand though. There is a PowerShell script which checks for invalid files and characters in files and folders, and for the maximum URL length. This script will also allow you to fix invalid characters and file extensions for you. SharePrep is another tool which can help analyse the files. There are also migration tools that will move the data for you but you need to check the above upfront.
  • Check what the largest files are and if possible put them to one side to upload last. Treesize is an obvious tool to use for this sort of analysis.
  • If there is content not in use any more consider long term deep storage, perhaps on Azure Backup.
  • We tend to arrange libraries by department, it makes the most sense in the long run.
  • You probably already know this but worth reminding you. Arrange the file structure before you upload the data. You can't drag and drop files in SharePoint unless they are synced to OneDrive for Business.

We prefer to organise all the data first, then run the checks, then use OneDrive for Business to sync the libraries we have created to the computer (the one with the files on), then move the data in to the relevant folders/synced libraries for automatic upload.

Cutover or Staged Migration

If you don’t decide on your migration type, Cutover or Staged, you will run in to trouble pretty quickly when it comes to mailbox migration. Microsoft provide this advice: “You can’t use a staged migration to migrate Exchange 2010 or Exchange 2013 mailboxes to Exchange Online. If you have fewer than 2,000 Exchange 2010 or Exchange 2013 mailboxes in your organization, you can use a cutover Exchange migration. To migrate more than 2,000 Exchange 2010 or Exchange 2013 mailboxes, you have to implement an Exchange hybrid deployment.” There are several ways to migrate the mailboxes:


  • Manual Migration - Migrating the mailboxes manually involves saving.pst files, or adding the new accounts in Outlook, and dragging-and-dropping. Extremely labour intensive!
  • Use MS Migration Tools – Office 365 does have some built in tools for migrating the mailboxes, they are fine but do have limitations, for example the built in tool cannot migrate FROM office365
  • Use 3rd party Migration Tools such as BitTitan or Skykick. 3rd party tools are much more flexible, but there is a per-mailbox cost, and depending on the tool, data may pass though the 3rd party’s server.

One very useful feature of BitTitan is that it does Office 365 to Office 365 (organisation to organisation) migrations, the Microsoft built in tool doesn’t do this. Whilst moving organisational accounts is a rare occurrence it does happen, for example during business divestment.

Third party tools

You won’t be able to use any third party tools that require installation to the exchange server. You will have to give up a bit of control! One obvious example of this is your anti-spam software which you have studiously been tweaking for years. In the case of that software you will need to switch to Exchange Online Protection (EOP) and start tweaking again…probably time to screenshot those settings!

Domain Providers to avoid

Some domain providers should be avoided like the plague. You need to be able to create SRV records so make sure your host is able to do that or you will end up with greatly reduced functionality to your Office 365 instance. If you were to use 1&1 for example they do not provide the functionality to set up SRV records which means that Skype for Business will not work…which is pretty darn important!


Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Continue reading
  1905 Hits

Local Businesses Working Together Chippy2Win #GBHighstreet Awards

Local Businesses Working Together Chippy2Win #GBHighstreet Awards

Testing Our New Mimosa B5 Lites in Chipping Norton

It was sunny day in the Cotswolds, looking back on it probably the last sunny (and warm) day of the summer, and we had a job to do… Make The Internet Work! This project all started when a local social media management business owner contacted me on Facebook. He is one of the crowd we have often met at various networking events, and lives in my home town of Chipping Norton.


“Hi mate I need your Bongo skills We've just taken over the old Post Office building as our new ECN HQ for the next 6 weeks and we need to sort out internet connectivity so we can get folks voting on the High St competition”

After a few questions about the location and the surrounding buildings I suggest that if he knows someone that has line of sight (LOS) to the post office we could look at using a radio to get the connection in. As it happens Shaun had just had a similar sort of conversation with the Deli opposite and knows that he has fast fibre there so with a bit of ringing around we organise a day to go and do a survey. Good thing I live down the road from this one! With the survey complete and a plan in place we book an installation day.

The install goes well and we get the cabling run in record time. We then get the brand new Mimosa B5 Lites up on the brackets high above the street traffic to ensure LOS is kept. Positioning these radio is very easy, there is a tool that allows you to scan for the best signal strength and we simply move them around until we get the best signal. After a bit of tuning the radios go live very happily. The whole install takes us about 4 hours and at the post office end we put in a switch to ensure that 3 laptops can connect to the internet to enable the voting for the #GBHighSt Awards.

If you would like Chipping Norton to win please vote now Vote Now

“Thank you to the incredible Bongo IT for setting up high speed internet connectivity in our HQ. And of course, thanks to Delicacy Deli & Coffee Shop for letting us share their connection in the first place. A perfect example of local businesses and organisations working together for the greater community benefit”. Experience Chipping Norton

Continue reading
  1691 Hits

  • At Bongo IT, we know that technology is increasingly dominant and crucial to maintaining business performance and productivity.

    Organisations should make sure they are making the right IT decisions for their current needs, whilst also planning for the future with flexible and scalable solutions.

  • As a special offer, we are offering a FREE one hour consultation to address your current IT setup and recommend an effective strategy for your future requirements.

    Addressing issues such as computer hardware, broadband, data security, file sharing, compliance and more, we’ll help you build a plan and ensure you deploy the most cost-effective IT strategy for your company’s needs.



Bongo IT Has Partnered With iwoca To Provide Finance On IT Equipment And InstallationWhat are the benefits of using short term finance for your business?Short t...
We pose the question: is it possible to get a future proofed machine, that will last me the next 10 years? There are three aspects to this, hardware, ...
The usage of self-managed mobile devices can leave you up the creek!Bring Your Own Device (BYOD) - Just Don't Do Anything With IT!it's great isn't it. All your ...
Our Experience With Business NetworkingBusiness networking comes in all shapes and sizes, and at a huge range of costs. We don't think that you have to spend th...
In the beginning there was Lync. Then we got Skype for Business (SfB), which is a nice product, much like Skype (personal edition) but far more fully featured. ...