Global Threats to I.T Security

Security Threats 2016 - - Defend Yourself Against Ransomware

Security is always a front runner in IT but new thinking from the fraudsters and hackers requires new, or at least updated, defences.

This year we have seen some really big stories in the news about hacking and security, and there have been some very nasty viruses released on to the internet. So, can we afford to continue in the same way as we always have? If we do it may cost us dearly. This is not scaremongering, these are the facts. Who's Been Hacked In The Past Two Years?

Experian, Premera Blue Cross, UCLA Health System, JP Morgan customers, Ashley Madison, US Government employees (including overseas spies!), Sony employees, Home Depot shoppers, EBay users... The list goes on but the above are the most notable. It's not just big companies that get hacked though, everyone is at risk and personally I have seen 3 instances of Ransomware attack in the past year (all data was recovered).

Most Notable Threats In The News:

Locky and other Ransomware - in our opinion the most prevalent and worrying viruses around at this time are those dubbed as "Ransomware". Have you or your staff received a slightly odd yet real looking email with a Word document attached? Or for that matter a PDF or Excel file? If you have and you opened it then your system is probably infected. Ransomware can come in all sorts of guises so it is difficult to pinpoint a tactical defense mechanism.

MazarBOT - A nasty virus affecting Android phone users that is capable of displaying false pages at the top of banking apps to try and trick you into handing over your financial credentials.

Linux Mint - if you happen to have downloaded this very popular version of Linux on or around February the 20th you may have been infected. Hackers had redirected the link to the ISO file to their own servers handing out an infected distro.

"Won't my Anti-Virus and Malware protection software stop Ransomware?" I hear you say...

The truth is that any very new virus won't be picked up by any AV software because it is not yet in their database.

Once infected Ransomware will start to encrypt your files so you can no longer access them. Then, at some point (and this could be several weeks later after all your backups are infected too) you will get a popup asking for a variable but not inconsiderable sum of money for the privilege of accessing your now hijacked data. Locky Ransomware is spreading at the rate of 4000 new infections per hour, which means ~100,000 new infections per day.

So are we all up the creek?

Well in a way, yes, we all have to be very careful. We all have to remain vigilant and be very aware that these attacks are out there, even to the point of training your staff so they know what to look for, and what NOT to do.

We wouldn't be surprised if cyber security even became part of the curriculum in the near future. There are some defences and practices we can adopt to minimise our risk though.

The Main Defenses

1. Use a modern browser that is updated consistently, for example Chrome.
2. Use a popup blocker extension with the browser, for example AdBlock Pro.
3. Make sure your Anti-Virus software is up to date, we recommend Kaspersky as it is Russian; the majority of hackers are Russian thus it should have the most up to date protection available.
4. Consider using Anti-Malware like MalwareBytes
5. Don't open "dodgy" looking emails.
6. Train your staff on what to look out for.
7. Protect your data! Create a backup system which is designed to resist this type of threat. Most are only designed with mechanical failure in mind.

Other Hacking Vulnerabilities For Your Delectation

Do you have a wireless mouse/keyboard? For example the signal between your mouse and the computers receiver (usually a USB dongle) may be unencrypted, thus the receiver will accept any seemingly correct command, this is known as Mousejacking. The same goes for some wireless keyboards.

"With the use of around $15-$30 long-range radio dongle and a few lines of code, the attack could allow a malicious hacker within 100 meters range of your computer to intercept the radio signal between the dongle plugged into your computer and your mouse". Ref: thehackernews.com

Poor Passwords: We see this all the time! An example of a poor password is Dave12 since it is too short and could be guessed fairly easily. Strong memorable passwords are difficult to generate so use a free web service like SafePassword.

They should include a mixture of numbers, letters and symbols and be at least 10 characters long. NB: An 11 character password is not able to be hacked by brute force by any computer in the world.

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Unified Comms, Skype for Business, PSTN Calling

The whole telecoms industry has been turned on its head by IP telephony. The idea of finally integrating your voice and data networks feels both long overdue and maybe within reach.Before dismissing this as yet another false dawn, there is some substance to the current developments that mean there is a good chance you will shortly be able to gain the massive benefits that Unified Comms has been promising for a long time…

So what’s going on now?

Update 07.02.2017 - Skype For Business PSTN calling is now available to businesses. However, we have noted that the companies using it are not entirely happy with the way it works from a UI perspective, yet.

Below we highlight recent developments that may show you the way forwards. Spoiler: It’s not quite ready today but maybe, just maybe very soon!

What We Want is Unified Comms in Office 365, When Do We Want it?

Microsoft launched Skype for Business mid 2015. At that time there was a lot of talk about the new voice and meeting capabilities, and there was the chance to see a technical preview if you lived in the US. The new capabilities will enhance the current Skype for Business experience and allow IT Service, and Telecoms providers to offer a complete enterprise grade communications solution as part of Office 365, or the unified comms solution of the future as we see it.

When we visited the UCEXPO in London during the summer www.ucexpo.co.uk this was the holy grail that everyone was reaching for. Unified communications isn't just about telecoms and conferencing it is about having all your data and colleagues connected in a way which is useful for your business, and being able to access the data from a central "control system" e.g. Outlook. As soon as someone invents an advanced algorithm for text to speech during meetings (that works well!) this type of system will be even more powerful. This company seems to be on the right track, www.cloudpipes.com however after requesting a demo I am #47,852 on the waiting list...Well at least I don't feel like a Guinea pig!

New Skype for Business Features Here and Coming...at Some Point

PSTN Conferencing

Only available to preview in the U.S. This feature uses the traditional public switched telephone network to allow users who have been invited to a Skype for Business meeting set up in Office 365 to join the meeting by dialling in using a mobile or landline. This is a basic traditional dial-in capability one might expect of a conferencing system. It is in addition to, single touch join options on PC's, smartphones and browsers. So if your technical director is on holiday in Spain again and can't connect to the internet he can still join by phone, ah the joy of technology. Using PSTN Conferencing in Office 365 you will be able to dial out from the system to add other people to the call too, which is neat.

THE DADDY! Cloud PBX with PSTN Calling

only available for preview to Office 365 users in the U.S of A currently. This is the feature set we are most interested in. We want to use Skype for Business to make all our calls, and have the address book linked to Outlook. Everything finally would be in one place, integrated. Unified one could say! And don't worry, when this feature comes out you will still be able to use existing on-premises phone lines for outbound and inbound calls.

Skype Meeting Broadcast Preview (available to eligible Office 365 customers worldwide)

You can use this to publish your Skype for Business meetings on the public internet making it easy for "Joe Blogs" type users to join. The system claims to support up to 10,000 people though we have never had the privilege of testing that! This makes it very easy to host huge virtual meetings like that of a volunteers meeting, town hall, or even a demonstration. This preview includes the use of Bing Pulse, for real-time polling and sentiment tracking, and Yammer.

By whom are these previews delivered?

These previews are delivered by Microsoft strategic partners such as: BT, Level 3 Communications, Orange Business Services, Verizon and Vodafone.

Titbits

Additionally Microsoft will be delivering a feature enabling direct connections to Office 365's Skype for Business customers using Azure ExpressRoute for Office 365. ExpressRoute helps customers easily create private connections between their premises and Microsoft enabled datacentres. This gives you more predictable network performance (predictable latency). This is a great resource for anyone looking for a manageable network with dedicated connectivity, reliability and additional data security. Then again seeing how easy it is to tap fibre we would still be interested to know how that is monitored.

Microsoft say they are "enabling people to connect with one another across all forms of human expression; verbal, written, visual and emotional". Well fair enough, great if you can get on a trial but for us mere mortals we have been waiting patiently for the PTSN calling and cloud PBX for years. We want it now please, thank you!

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

How to really screw up your Office 365 Migration

Of course you don’t want to, but many businesses make a total mess of their migration to Office 365. It should be simple, and if you’ve only got 20 users and a small volume of data it can be.

But most migrations we come across fail to deliver the promised benefits. Other independent research suggests that 72% of Office 365 migrations of over 200 users fail to deliver significant benefits whereas those “properly” migrated save significant cost and dramatically increase efficiency. With this background, here are the six top mistakes that will really screw up your Office 365 migration:

More haste, less speed

Whilst this is somewhat of a cliché its meaning rings true when it comes to large scale migrations and the changes they bring to your organisation. There are roughly 50 steps to follow to an Office 365 migration and activation, and they are not all easy. Some administrators will have a wider breadth of knowledge than others setting up – for example setting SPF records is new to a lot of people. Typically, younger administrators that have been with the same company for their entire career cycle may have only worked with a single version of Exchange and may have never performed a migration. So whilst the day-to-day, Business as Usual service is fine, managing a large scale and fundamental change can be extremely nerve-racking, especially as there is a lot of new terminology to get to grips with.

Our top tip is to use the Exchange Server Deployment Assistant, which can give you all the steps needed to perform your migration. Remember to do a test migration first if you are considering doing it yourself, however!

Up for adoption?

We have found that the adoption work for end users is sometimes pushed to one side, or not very well handled, as it’s not part of the day to day routine. It's ok to send out a pdf with the basics of how the system will work before migrating but really you need to engage with the end users site-wide to gauge sentiments and ensure that adoption isn't a "hair loss situation".

Depending on how many departments you have, and how many stakeholders are involved you may want to go whole hog and hold seminars for each group of people. These will not only help you educate the various groups and people involved but will allow you to gain valuable insights as to the users’ feelings and concerns about moving to the new system. It is extremely hard to hold a seminar by yourself though, you will need to have a colleague write questions and details down for you whilst you focus on presenting and answering questions.

When we helped hold adoption and technical seminars for a major London University (around 25,000 users) it was imperative for them to consider using the latest cloud technology for their students and staff to enhance the learning experience, but it was also vital to get a consensus amongst the different departments as to when/if they should move to the cloud. Don't be afraid to really simplify things down for your users too, you know how to do the simple "assumed" easy things like reset a password, they may not. As you may well be aware!

Document libraries rationalisation

Probably the most annoying job in the world unless you are a librarian or have OCD. In the case of SMEs there is often an existing document library, but we have rarely seen one that is well organised, let alone one that is prepared with OneDrive for Business in mind. There are a few things you need to think about before starting to migrate any data to OneDrive for Business or SharePoint Online. What's that you say? OneDrive for Business? Yes in Office 365 organisational accounts you get a version of SharePoint called OneDrive for Business with 1TB of space. We tend to think of it as a personal storage space however; it is also a lot easier to share documents and folders with external users using OneDrive for Business as opposed to SharePoint. With OneDrive for Business you don't have to set up a user access structure as you do with sites in SharePoint. In SharePoint you need to understand three things relating to this:

1. SharePoint groups
2. Permission levels
3. Permissions inheritance and site structure

Whilst this can be achieved in OneDrive for Business you can share a folder very easily to an email address (must have Office 365, or a Microsoft email like Hotmail) without having to worry too much about what else they might be able to access.

Back to the topic at hand. So, those things you need to know:

• If you intend users to sync files to their computer using the OneDrive for Business app there is a 5000 item (that’s files + folders) sync limit per library. This can be perpetually annoying if not considered in advance. For example libraries that will get used a lot will fill up quickly. Be sure to create a structure which allows files to be archived easily.
• Find out the overall size of the data which is to be moved. If the standard SharePoint Online (SPO) can't handle it admins can buy more space by the TB. Be aware that there is a 100Gb limit on site collections though.
• There is also a limit of 5 million items within a document library. Unlikely as that is to hit.
• Check the existing depth of the file structure. If you exceed 260 characters in the path name in SPO you will hit trouble.
• Check for invalid characters like $, these files will not upload. No need to drive yourself crazy checking by hand though. There is a PowerShell script which checks for invalid files and characters in files and folders, and for the maximum URL length. This script will also allow you to fix invalid characters and file extensions for you. SharePrep is another tool which can help analyse the files. There are also migration tools that will move the data for you but you need to check the above upfront.
• Check what the largest files are and if possible put them to one side to upload last. Treesize is an obvious tool to use for this sort of analysis.
• If there is content not in use any more consider long term deep storage, perhaps on Azure Backup.
• We tend to arrange libraries by department, it makes the most sense in the long run.
• You probably already know this but worth reminding you. Arrange the file structure before you upload the data. You can't drag and drop files in SharePoint unless they are synced to OneDrive for Business.

We prefer to organise all the data first, then run the checks, then use OneDrive for Business to sync the libraries we have created to the computer (the one with the files on), then move the data in to the relevant folders/synced libraries for automatic upload.

Cutover or Staged Migration

If you don’t decide on your migration type, Cutover or Staged, you will run in to trouble pretty quickly when it comes to mailbox migration. Microsoft provide this advice: “You can’t use a staged migration to migrate Exchange 2010 or Exchange 2013 mailboxes to Exchange Online. If you have fewer than 2,000 Exchange 2010 or Exchange 2013 mailboxes in your organization, you can use a cutover Exchange migration. To migrate more than 2,000 Exchange 2010 or Exchange 2013 mailboxes, you have to implement an Exchange hybrid deployment.” There are several ways to migrate the mailboxes:

• Manual Migration - Migrating the mailboxes manually involves saving.pst files, or adding the new accounts in Outlook, and dragging-and-dropping. Extremely labour intensive!
• Use MS Migration Tools – Office 365 does have some built in tools for migrating the mailboxes, they are fine but do have limitations, for example the built in tool cannot migrate FROM office365
• Use 3rd party Migration Tools such as BitTitan or Skykick. 3rd party tools are much more flexible, but there is a per-mailbox cost, and depending on the tool, data may pass though the 3rd party’s server.

One very useful feature of BitTitan is that it does Office 365 to Office 365 (organisation to organisation) migrations, the Microsoft built in tool doesn’t do this. Whilst moving organisational accounts is a rare occurrence it does happen, for example during business divestment.

Third party tools

You won’t be able to use any third party tools that require installation to the exchange server. You will have to give up a bit of control! One obvious example of this is your anti-spam software which you have studiously been tweaking for years. In the case of that software you will need to switch to Exchange Online Protection (EOP) and start tweaking again…probably time to screenshot those settings!

Domain Providers to avoid

Some domain providers should be avoided like the plague. You need to be able to create SRV records so make sure your host is able to do that or you will end up with greatly reduced functionality to your Office 365 instance. If you were to use 1&1 for example they do not provide the functionality to set up SRV records which means that Skype for Business will not work…which is pretty darn important!

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Testing Our New Mimosa B5 Lites in Chipping Norton

It was sunny day in the Cotswolds, looking back on it probably the last sunny (and warm) day of the summer, and we had a job to do… Make The Internet Work! This project all started when a local social media management business owner contacted me on Facebook. He is one of the crowd we have often met at various networking events, and lives in my home town of Chipping Norton.

“Hi mate I need your Bongo skills We've just taken over the old Post Office building as our new ECN HQ for the next 6 weeks and we need to sort out internet connectivity so we can get folks voting on the High St competition”

After a few questions about the location and the surrounding buildings I suggest that if he knows someone that has line of sight (LOS) to the post office we could look at using a radio to get the connection in. As it happens Shaun had just had a similar sort of conversation with the Deli opposite and knows that he has fast fibre there so with a bit of ringing around we organise a day to go and do a survey. Good thing I live down the road from this one! With the survey complete and a plan in place we book an installation day.

The install goes well and we get the cabling run in record time. We then get the brand new Mimosa B5 Lites up on the brackets high above the street traffic to ensure LOS is kept. Positioning these radio is very easy, there is a tool that allows you to scan for the best signal strength and we simply move them around until we get the best signal. After a bit of tuning the radios go live very happily. The whole install takes us about 4 hours and at the post office end we put in a switch to ensure that 3 laptops can connect to the internet to enable the voting for the #GBHighSt Awards.

If you would like Chipping Norton to win please vote now Vote Now

“Thank you to the incredible Bongo IT for setting up high speed internet connectivity in our HQ. And of course, thanks to Delicacy Deli & Coffee Shop for letting us share their connection in the first place. A perfect example of local businesses and organisations working together for the greater community benefit”. Experience Chipping Norton

What We Want is Unified Comms in Office 365, When Do We Want it?

Microsoft launched Skype for Business mid 2015. At that time there was a lot of talk about the new voice and meeting capabilities, and there was the chance to see a technical preview if you lived in the US. The new capabilities will enhance the current Skype for Business experience and allow IT Service, and Telecoms providers to offer a complete enterprise grade communications soultion as part of Office 365, or the unified comms solution of the future as we see it.

Update 07.02.2017 - Skype For Business outbound/inbound calling is now available to users. 

When we visited the UCEXPO in London during the summer "UCEXPO" this was the holy grail that everyone was reaching for. Unified communications isn't just about telecoms and conferencing it is about having all your data and colleagues connected in a way which is useful for your business, and being able to access the data from a central "control system" e.g. Outlook. As soon as someone invents an advanced algorithm for text to speech during meetings (that works well!) this type of system will be even more powerful. This company seems to be on the right track, CloudPipes however after requesting a demo I am #47,852 on the backlist...Well at least I don't feel like a Guinea pig

New Skype for Business Features Here and Coming...at Some Point

PSTN Conferencing - only available to preview in the U.S. This feature uses the traditional public switched telephone network to allow users who have been invited to a Skype for Business meeting set up in Office 365 to join the meeting by dialing in using a mobile or landline. This is a basic traditional dial-in capability one might expect of a conferencing system. It is in addition to, single touch join options on PC's, smartphones and browsers. So if your technical director is on holiday in Spain again and can't connect to the internet he can still join by phone, ah the joy of technology. Using PSTN Conferencing in Office 365 you will be able to dial out from the system to add other people to the call too, which is neat.

THE DADDY! Cloud PBX with PSTN Calling - only available for preview to Office 365 users in the U.S of A currently. This is the feature set we are most interested in. We want to use Skype for Business to make all our calls, and have the address book linked to Outlook. Everything finally would be in one place, integrated. Unified one could say! And don't worry, when this feature comes out you will still be able to use existing on-premises phone lines for outbound and inbound calls.

Skype Meeting Broadcast Preview (available to eligible Office 365 customers worldwide) - You can use this to publish your Skype for Business meetings on the public internet making it easy for "Joe Blogs" type users to join. The system claims to support up to 10,000 people though we have never had the privilage of testing that! This makes it very easy to host huge virtual meetings like that of a volunteers meeting, town hall, or even a demonstration. This preview includes the use of Bing Pulse, for real-time polling and sentiment tracking, and Yammer.

These previews are delivered by Microsoft strategic partners such as: BT, Level 3 Communications, Orange Business Services, Verizon and Vodafone.

Additionally Microsoft will be delivering a feature enabling direct connections to Office 365's Skype for Business customers using Azure ExpressRoute for Office 365. ExpressRoute helps customers easily create private connections between their premises and Microsoft enabled datacentres. This gives you more predictable network performance (predictable latency). This is a great resource for anyone looking for a manageable network with dedicated connectivity, reliability and additional data security. Then again seeing how easy it is to tap fibre we would still be concerned about how that is monitored.

Microsoft say they are "enabling people to connect with one another across all forms of human expression; verbal, written, visual and emotional".

Well fair enough, great if you can get on a trial but for us mere mortals we have been waiting patiently for the PTSN calling and cloud PBX for years. We want it now please, thank you!

OneDrive for Business Sync Improvements

Microsoft have announced that they are reviewing a new client for OneDrive for Business, your storage and sync medium to Office 365. There have been "a lot" of complaints (we complained at least 50 times, so god only knows how many complaints they actually received, 10's of 1000's we imagine).

What Is OneDrive for Business?

If you are not familiar with OneDrive for Business it is a very handy way to get your files in to the cloud, and to access those files quickly from your computer. It's a lot like Dropbox or Google Drive. The more clever side to it being that you can for example get on a flight/train/bus to a business meeting and access the files stored in OneDrive for Business locally on our computer without having to connect to the internet.

When you then reconnect to the internet the updates to the files are loaded to the cloud. If there are any changes made by colleagues during the time you were not connected to the cloud you will be notified and given a choice to merge, or keep a copy of your work. A very handy tool, especially for remote working.

So Where Does it Fall Down?

Reliability, in a word. The current client is based on Microsoft's Office Groove and has been for some time. It is prone to bugging out when you move files around, if for example you are having a bit of a "spring clean" of your old customer files and decide to drang and drop a lot of files in to a new "archive" folder. When I did this recently, my files were fine but my colleagues OneDrive for Business folders all had errors that could not be resloved.

So time to repair...but that didn't work...so time to clean the cache and start again (whilst noticing that 16gb of our harddrives' storage is taken up by the cache, aaaahhhh!!!). Frustratingly there is also a 5000 item limit which most people are unaware of (this is files + folders) for any one library, though you can have multiple libraries of course. Whilst generally all that is needed is some file structure planning it is a seemingly pointless limitation. Plus if you do accidentially go over that 5000 items limit...it can be a bit of a pain to sort out.

Our annoyance is that Dropbox can happily sync thousands of files without an issue, even OneDrive (the consumer version) is good as it uses a different technology, so why not Microsofts' business application?!

So whilst this does give us techies something to do and makes us look good when we fix it that's not really the sort of credit we are after. What we all want is a reliable sync system which flexes with the business needs. And preferably one that you don't need a degree in computer psychology to suss out.

What Are Microsoft Doing About IT?

Reuben Krippner, director, OneDrive for Business, introducing the new client in a video said:

“We heard your feedback on the sync experience loud and clear,” said “We’re delivering the next-gen sync client for both PC and Mac, and it’s based on the proven OneDrive consumer sync client.”

The new client is now in limited preview and adds OneDrive for Business Support to the existing (working) consumer client version. This should dramatically improve it's reliability. The new client will also support files of sizes up to 10Gb. Let's hope you have a fast upload to your broadband connection if you are thinking of storing those sizes of files in the cloud.

Mobile Clients

There are a number of OneDrive for Business mobile clients, many of which will be getting some new features. The Android app for example will allow individual files to not be kept from syncing. As for the rest we are unclear as to what features are going where.

The Crystal Ball

The only question is, will this be "rock solid" as promised? Well we expect a few bugs, but at least it looks like it is moving in the right direction. 

Update

07.02.2017 - We are now trialing the release candidate for the new next gen sync client. So far so good but still a way to go in our opinion. It has been pegged for release in March 2017 but we shall see.

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

MS Office 2016 New Features to Delight, and Beguile

Real Time Co-Authoring

Up until now the co-authoring functions have had a bit of a choppy time and Microsoft had settled on allowing co-authoring only in the browser IE when both users are logged in to the portal, which makes sense but was a bit disappointing given that we were allowed to see it in its full glory briefly.

However the 2016 update will allow for co-authoring when editing documents in OneDrive For Business which to be frank is the most likely place you would want to do it anyway, certainly for our clients (Network Managers/IT Directors) who are often in the office, at their desk working with colleagues. I have seen and "played" with the co-authoring function which seems to work well giving you real-time updates of what your colleague is doing to your document...and of course for a while we simply typed silly sentences at each other, marvelling at the misuse of technology. We did however speculate where this might be the most useful (other thanthe obvious use I have already mentioned) and we postulated this may be during meetings where a lot of notes need to be taken, seen by all and referred to. It could also be quite useful during scoping, and project management calls for projects too, providing everyone has the tech of course.

Link Sharing - Not Document Attachments

The default behaviour will be to share a link instead of attaching a document. Okay so this is a great idea and has been a long time coming, you can already get a link from SharePoint and share it but this is not the default behaviour for the system, or for most users. Exchange is already extremely clever about how it stores document attachments (heck it must be as I am awful at sending links!) but this new change will make email quicker, both to send and to search through, and ultimately save on disk space in Exchange. One possible problem that has been noted is that by default the link is set to "anyone can edit", however that is basically the same as sending the attached file without password protecting it, so not a biggy. What we are wondering is how this will affect older email, will the attachments still be available because I'm sure we have moved files/folders around in SharePoint a couple of times?!

Outlook Groups

Office 365 users will now be able to create a new type of group which will have a shared calendar, simple mailing list (group), library (document store) and some messaging tools via Skype for Business.

Clutter Update

Do you use clutter? This is a question I am asked daily. The answer is yes, but I also check it! Many users are not too keen to miss an important email so have turned clutter off straight away without testing it for a bit. Okay, fair enough, nobody likes change (or Microsoft "experiments") but if you are going to embrace the cloud, you might as well start using the apps that are built to make you more productive. The clutter function does hark back to the zero inbox method which I have come across. Basically this entails organising your email into several folders: Urgent, Important Not Urgent, Not Important...and thus cleaning up your very messy inbox. This allows you to concentrate on the most important things and potentially shift some of the other Not Important things on to another business function as you will probably find they are not super relevant to your job role. Streamlining is fun! So what is new? - You can manage it from within Outlook, not just online.

What Else?

That's basically it from us. Microsoft have just shown me their published changes which can be found at this URL here . Excel is going to have some new chart types but that's only of interest if you are a hardcore Excel user, most of us are not. So are you looking forward to 2016?

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

40,000 UK businesses have their broadband boosted

Digital Economy Minister Ed Vaizey urges businesses to apply for £3000 broadband grants before it’s too late

More than 40,000 small and medium businesses (SMEs) across the UK have now benefitted from the Government’s Broadband Connection voucher scheme, latest figures published today show. The scheme, which helps SMEs get connected to superfast broadband has seen a huge surge in demand in recent months, but time is running out for businesses to take advantage of the initiative.

The Government made £40m available in 2015/16 for the scheme, and the vouchers are being issued on a “first come, first served” basis. Funds have not been ring fenced for individual cities, and with more than 1000 applications now being received each week, Government is encouraging all eligible businesses to apply before the available funds are exhausted.

The scheme allows businesses to apply for grants of up to £3,000 each to cover the costs of installing faster and better broadband. So far, more than 40,000 businesses in the 50 cities across the UK participating in the scheme have had grants approved. The scheme has helped a huge variety of businesses to date, including architects, estate agents, mechanics, events coordinators cafes, graphic designers and caterers.

Digital Economy Minister Ed Vaizey said: “Our offer to small businesses has been a tremendous success and is proving incredibly popular. More than 40,000 UK businesses have already taken up our offer which is aimed at boosting both their broadband speeds as well as their bottom line. Businesses need to act now to ensure they don’t miss out on this fantastic offer and I’m urging all eligible businesses to apply now before it’s too late.”

Too late!? Surely not a great message for the future....(sorry had to be said)

The grant, in the form of a voucher, is part of the government’s transformation of the UK’s digital landscape, helping cities to create and attract new jobs and investment, and making the UK the best place in the world to do business. Vouchers issued as at 25 August 2015:

• Scotland - 2087
• Wales - 2042
• Northern Ireland - 1867
• North West - 6344
• North East - 1291
• Yorks and Humber - 5734
• Midlands - 5179
• London - 11664
• East of England - 1407
• South East - 1592
• South West – 1734

(Please see notes to Editors for a city-by-city breakdown of vouchers issued)

Benefits small businesses are seeing as a result of a faster connection include:

• •
• Growing and accessing new markets through better communication with customers and suppliers •
• Increasing security through fast secure back-up of data •
• Increasing productivity and improving customer service through faster upload and download speeds

Businesses can find out if they are eligible and get more details on the broadband connection voucher scheme at www.connectionvouchers.co.uk

Do you want to know who is looking at your website?

of course you do! Lead generation is really important to you!

We have made this really easy to do with the help of the free analytics package PIWIK and a little plugin we made.

What is PIWIK?

PIWIK is an open analytics platform (like Google Analytics) currently used by individuals, companies and governments all around the globe. With Piwik, your data will always be yours unlike Google's version where they own your data. And should you wish to purchase your historical data it can cost a lot of money. Whether your site has a a lot of visitors or just a few, Piwik will help you collect and analyze information about your users. Track Key Performance Indicators such as visits, goal conversion rates (once set up correctly), downloads, keywords and a whole lot more.

How Do You Know Who Is Visiting The Website?

We have built a plugin that works with PIWIK to look up the IP address of visitors against a WHOIS record. This will give you varying amounts of data on the company. The bigger the company the more data you will likely get. Often you will get the telephone number, company name, company address, and maybe an email address too. This data can then be fed into your marketing activities as a new lead.

Sounds Amazing! How Much Does It Cost?

We just charge a flat fee of £50 pcm. This covers all the setup, support and training you need to get the most out of the plugin. So contact us to get it set up today for a 2 week no obligation free trial. 01865988217, option 2.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

12 tips on getting your blogs noticed

By Jenny Haken, Copywriter

Writing blogs should be fun, enjoyable and entertaining. Or at least educating in some way. But whether they’re used as a marketing tool or a means to provide useful information, blogs must read well and include key words (you know, those words that describe what you do, to hook your customer in!), and also keep the reader engaged. Tricky, huh?

Well, no! I was recently asked to create some blog writing tips specifically for a healthcare client, which I was delighted to do. So I’ve generalised them to share here with you. I can’t promise they will make your blogs go viral, but you never know! So here goes:

Make sure your heading includes key words and is formatted to H1. This is necessary for Search Engine Optimisation (SEO) purposes. Search engines like H1 headings and it will help your blog to be ‘found’ on the internet more easily.

Your first paragraph should always be treated as an introduction. Try to include key words as much as possible, but don’t get too hung up on them – Google is quite smart at picking out the right words. It’s more important that the copy flows nicely, gives a taster - a teaser, if you like - of the information they’re about to read, and captures the reader’s attention.

Now you can get down to the real writing. Just write your heart out! Put down everything you want to say and keep it interesting and friendly. Don’t try to be too clever. Add a bit of humour if you can. The important thing is to then go back and edit, hone, cut and cut some more until it’s clear and succinct – one of the best ways to do this is to get rid of superfluous words.

Keep it simple! This is important for all businesses and organisations. Try to put yourself in your prospective customers’ heads, especially in that all-important opening paragraph, or introduction. This is true of all marketing and advertising copy – simplicity is best! I often cringe at beautiful looking websites, brochures and leaflets when I read copy that’s too technical for their target audience. On the other hand, try not to fall into the trap of oversimplifying information so much that it sounds like you think your customers don’t have an iota of intelligence!

Make it personal. In other words, use ‘you’ and ‘your’. Try to relate to the individual. Write it as if you’re writing a letter to a friend.

Sub-headings are helpful. And bullet points. They break up the text a bit, drawing your readers’ eyes to a new point that they may find particularly useful.

Check for mistakes. Blogs, or any marketing material, that have a typo, spelling mistake or, heaven forbid, an apostrophe missing or in the wrong place (my particular bugbear!) will immediately make the more astute reader question as to how efficient and trustworthy that organisation is. Ideally, ask someone who you know as a bit of a grammar nazi to read through for mistakes. A fresh pair of eyes always helps, but if that’s not possible and time allows, leave it and read it again later.

Links to other authoritative articles can help. If you can provide links to websites, articles or studies that back up what you’re saying, that not only helps to improve your credibility but also helps for SEO purposes, too.

Use pictures! That’s often a great way to initially attract your target audience, especially if you’re trying to sell a product or service. But make sure they’re relevant and that you have the right to use them. There are many online photo agencies and resources where you can pay or, in some cases, get free photos to use in your blogs. Just remember to credit the photographer and/or the agency in your caption.

Have a 'Call To Action' at the end. This is another important marketing tool – all marketing blogs should finish with a CTA. Even if it's simply ‘Contact us now for further information’. But if you have a special offer, promotion or something you want the reader to do, repeat it at the end with clear instructions as to what to do next to benefit from this wonderful opportunity!

Keep it short! Ideally, a blog should be around 500 words to keep the reader interested. However, there are times when a longer article is necessary. I’ve seen (and sometimes been interested enough to keep reading!) blogs and articles of 1,000 words, 2,000 words or more.

And if you can’t be bothered to do any of this, ask me! I’m always happy to help.

0808/0800 Inbound Cost Changes & SIP Channels

From 1st July, calls to 0808/0800 will be free of charge from mobiles as they currently are with landline. To offset this new cost, the mobile carriers have passed onto fixed carriers a Mobile Levy Fee of around £0.016ppm when a call to 0800/0808 originates from a Mobile. This charge is then added to the standard Inbound Service termination cost.

We expect a 65% cost increase for businesses using 0800/0808 numbers, which will more than likely cause large bill shock. As the networks have been slow to react and to advise customers. In order to remedy this cost hike we are proposing that 03 numbers are used as a replacement.

There has also been some recent talk about Openreach’s ISDN network becoming obsolete by 2020, as much of their network already runs on SIP. With greater broadband speeds and options available now, we are providing our customer with SIP channels over an Assured broadband connection 9 times out of 10. SIP channels provide resilience and disaster recovery options, multi site and free phone number solutions, fraud detection/prevention and all inclusive call charges to UK Landlines (01/02/03) and UK Mobiles for £12.50 per line per month.

Cost control and future technology! How does that compare with your ISDN line package?

Craig Jones Telecom and WiFi Consultant

GHM Communications Ltd M: 07787578971

GHM Communications

Digital Legacy is the online presence you leave behind when you pass away. This includes any social media profiles and accounts such as Facebook, Instagram, digital music or photos to name a few. Digital Legacy is just as important as leaving a Will of physical assets for your family members. Research from Saga Legal Services has revealed that only 13% of accounts users have planned their Digital Legacy. 

In the US Facebook accounts can be memorialized, but Facebook also allows users to choose a “legacy contact,” who will have the opportunity to guard the profile after the user has deceased. This process can be done on the Facebook’s setting and a message will be sent with specific details to the chosen individual. The legacy contact can be changed at any point and proof of the death must be given. There are limitations to this as Facebook allows the legacy contact to write a post for the profile to share news of a memorial service, respond to new friend requests, update pictures. Facebooks does not allow the legacy contact to log into the account to delete any old content nor read the deceased private messages.

Apple have a different policy about iTunes. They have the right to freeze an account if the user has died. This is because Apple’s policy is that any files that are bought do not belong to the user, they are just loaned to the user, thus, they cannot be passed down the generations like physical assets. But surely, this is the same as buying a CD and passing them onto your children? You have paid the money for it and you should be entitled to pass it down if you wish. Either way it is something to think about as more and more people have online access to their music, social media accounts and profiles, we need to develop a way to protect our digital legacy after death.

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Southern Oxfordshire New Business Competition in Conjunction with Jennings.

We are extremely happy to say that Bongo IT have been shortlisted to win the Southern Oxfordshire New Business Competition. 

This means we are one of 8 new businesses (under 2 years old) in this region to be selected. We all feel very special right now just to have got this far. The winner of the competition gets a free office for a year with the fabulous Jennings.

If you are a new business we highly recommend you apply next year. All you have to do is describe in 100 words or less what you have learnt and achieved in your first two years of business. And/Or check out Oxford Business Mentors if your business is over the 1 year mark, they offer great 1 to 1 support for free.

Thanks to everyone who has helped us get this far. We look forward to continuing to move forwards with you all.

Andrew Elder

Bongo IT

Director of Sales & Marketing 

Bongo IT specialise in eCommerce websites

Our eCommerce platforms turn over tens of thousands of pounds, and makes the customers very happy

The Rise of eCommerce

eCommerce is the fastest growing segment online. In particular in the USA apparel and accessories are now growing faster than any other eCommerce product segment. Health & Beauty is a top performing segment as you might imagine and the online 

ordering of food is growing voraciously, and I must admit Just Eat is very handy. The companies benefitting from eCommerce "done right" are outperforming competitors every time as they are creating loyal returning customers who engage with their 

brand. As you may well be aware return business is roughly 80% more cost effective to maintain than winning new business. 

About PCI DSS

PCI DSS compliance is now a necessity for all merchants selliing online whether they outsource the services or not. The following is an extract taken from the guidance provided by the PCI Security Standards Council:

"Merchants choosing to sell their goods and services online have a number of options to consider, for example:

• Merchants may develop their own e-commerce payment software, use a third-party developed solution, or use a combination of both.
• Merchants may use a variety of technologies to implement e-commerce functionality, including payment-processing applications, application-programming interfaces (APIs), inline frames (iFrames), or hosted payment pages.
• Merchants may also choose to maintain different levels of control and responsibility for managing the supporting information technology infrastructure. For example, a merchant may choose to manage all networks and servers in house, outsource management of all systems and infrastructure to hosting providers and/or e-commerce payment processors, or manage some components in house while outsourcing other components to third parties.

No matter which option a merchant may choose, there are several key considerations to keep in mind regarding the security of cardholder data, including:

• No option completely removes a merchant’s PCI DSS responsibilities. Regardless of the extent of outsourcing to third parties, the merchant retains responsibility for ensuring that payment card data is protected. Connections and redirections between the merchant and the third party can be compromised, and the merchant should monitor its systems to ensure that no unexpected changes have occurred and that the integrity of the connection/redirection is maintained.
• E-commerce payment applications such as shopping carts should be validated according to PA-DSS, and confirmed to be included on PCI SSC’s list of Validated Payment Applications. For in-house developed e-commerce applications, PA-DSS should be used as a best practice during development.
• Third-party relationships and the PCI DSS responsibilities of the merchant and each third party should be clearly documented in a contract or service-level agreement to ensure that each party understands and implements the appropriate PCI DSS controls. Appendix B of this document can be used as a high-level checklist to help all entities understand which parties are responsible for the individual PCI DSS requirements.

Essentially this all means that you must COMPLY!...Don't worry though we have experience that will guide you through this tricky area. For most people it is a simple form that needs filling in.

Quick Case Study

Pre-amble

We met Womersley Fruit & Herb Vinegars at a local evening networking meeting (Experience Chipping Norton), Rupert the owner bought me (Andrew) a pint. Excellent way to start!  After we started talking it became apparent that whilst Womersley had an excellent blog site, and links to resellers, they did not sell their own product online. Further investigation showed that they didn't have great control over their online pressence as some items were being sold on Amazon by 3rd parties but with the Womersley's details meaning Rupert had to field calls for products he hadn't sold directly. it was strongly agreed to get control back of the online sales and start making sales to the general public as well as to trade.

Process

We booked an initial meeting to create a Content Strategy. This outlines where the business is now with it's digital strategy, where it wants to go and how to get there. During this stage we also look at SEO and what this might look like on and off a website. After some off-site work and the presentation of the document we confirmed we could move forwards with building the eCommerce solution. We then agreed on a rough design, fonts, logo and colours before moving forwards. During the next stage (the build) we were in direct contact with Rupert at each stage to review sections as they were added. We exported and rationalised his existing content for it to be better indexed by Google and added some neat features of our own like the mailing list management tool which is built into the website. When it comes to the front end look of the site we enjoyed adding our specialist expertise to use the latest CSS and HTML effects to make it sparkle. During the process we ensured that Rupert had all the correct documentation in place to be PCI DSS compliant. 

Savings! - Vouchers Supplied

Thames Valley Chambers of Commerce had a pot of money to put towards learning digital skills. This covered the creation of a Content Strategy and paid for 50% (cash back) of the website build. The Go-To voucher for Buckinghamshire and Oxfordshire also allowed Womersley to claim an additional £150 back meaning that the total saving was over 50%.

Result

A happy customer who has been taken on a journey, and most importantly can continue his journey with a suitable platform. After just one week Womersley have made back ~50% of the remainder of the website build costs. Pretty good going for a fantastic yet niche brand. Rupert now has more control over the online sales of his brand and we continue to work with him in various capacities.

SEO FAQ Search Engine Optimisation (SEO)

is a confusing subject for many business owners. These might be some of the questions going through your head: What the heck is it?! Why do I need it? Why does one person tell me one thing, another says something else? Don’t I already have it? Can I trust a so called “SEO expert”. Hopefully I will be able to answer these questions for you.

What is SEO?

SEO in its simplest form could be described as internet marketing, it usually starts with understanding who your customers are, what messages you are trying to get across and what key words/phrases are most appropriate to use. This leads to key words/phrases being used holistically across your digital marketing channels. These are used in content for your website, micro-sites, adverts/adwords, social media, some directories, and specific/relevant places on the web which help the search engines to understand what you do, and subsequently present that information to the right people.

Get it wrong and your message could be being seen by loads of people, just not the right ones, or no one at all of course.

“Think of your website like a window to a store on a busy high street. The street is the internet with all its data and users zooming past. What can be done to get people to stop at your shop? Nice displays in the window, maybe a sign, maybe several signs. SEO is the window dressing and the signs which help a person (or search engine) understand why they need to stop at your shop, what services you offer, and what makes you different”.

Why do I need it?

If you want your website to come up in Google for multiple search terms then you will need to think about using SEO in some way. If you are already well listed in Google (possibly due to getting a new website) then as your content ages other sites become more relevant and you go down in the search results.

Why does one person tell me one thing, another says something else?

Whilst I can’t give a definitive answer why this occurs we have found that SEO companies tend to focus on what they know how to do well, there are two usual schools of thought.

1. SEO is all about creating quality backlinks to your website.

2. SEO is all about creating great quality content on a regular basis.

It is true that both of the above are required to get a perfect “SEO score” although one should really say that

"if you are creating great quality content on a regular basis you will naturally get good, relevant links back to your website given time". 

When I talk about SEO I do always talk about the content side of it!

Don’t I already have it?

Not necessarily. Some website developers will include a basic level of on-site (website) SEO when they build your website, this is usually in the form of metadata which is included in your websites and contents HTML structure, some won’t offer this although your website will probably still appear in Google, somewhere, at some point… The good ones however will offer it as part of a long term strategy which was defined before/during the website build. SEO shouldn’t be an afterthought.

Can I trust a so called “SEO expert”.

One would hope so but just in case what can you do to check them out?

1. Ensure that they take a holistic approach to SEO. If they are doing link building do they create good content with it? Are the links relevant to your and are they from reputable websites? Where are some examples? Bad link practise will do more harm than good.

2. Make sure they create a plan with you and that they truly understand what content you need creating.

3. Ask them a question like “what do you think about Googles continued initiatives to lessen the effectiveness of backlinking companies?”. Hopefully you will hear them say that creating high quality content is more useful in the long run anyway.

4. Ask them “what is the quickest way to get backlinks? If they are very eager to tell you all the ways to easily get links using methods you will start to realise must be illegitimate you will have caught them out. There is no quick way to do it, though you can legitimately list your business in online directories yourself quite quickly this doesn’t usually provide much benefit.

5. Ask them what their tactics are and how they measure their success. ROI can take a long time to see but you should always be moving in the right direction, taking measurements along the way. In summary try to do some online research into content marketing and content strategy, not just SEO. This will help you understand about the type of activities you should take part in online.

For more information please get in touch with us at www.bongoit.co.uk/contact

Bongo IT Can Help You Understand How To Market Yourself Online

Here at Bongo IT we take online marketing very seriously. Before you invest in a website or promoting yourself online you should be thinking about your content strategy.

Simply put an internet troll is a person who butts into your conversation looking for an argument or reaction by making an (often) offensive comment.   You may be familiar with this type of person from your own real life (or "RL" as us internet types tend to say) experiences. I know I have certainly met a few. 

Bongo IT's SEO team are teaming up with Jen Haken, an experienced Oxford based copywriter.

SEO isn't a standalone activity. To create a good plan for SEO you need to look at the overall Content Strategy.

Here at Bongo IT we have become accustomed to taking a holistic approach to our clients approaches to digital marketing.

How have we helped clients?

• We have broadened the horizons of many of our clients by teaching them about the plethora of ways to promote themselves online. This in turn has provided them with better, more magnetic sales experiences, more sales, more engaged clients and more brand awareness. 
• increased Amazon sales by using the tools available in the Marketplace like fulfilment and bundles.
• helped with Adwords campaigns get more clicks and visibility by making the website landing pages more effective, doing keyword research and by using a few little tricks we know of.
• helped create traction with bloggers by using Twitter more effectively, this in turn creates content, backlinks to your website and boosts your SEO score. 
• created content which attracts the search engines attention and gets your blog or website pages more views.
• re-architechted websites to be more SEO friendly.
• helped clients with their Direct Mailing (DM) campaigns both in terms of creating a "sign up magnet" on their website, driving clients to sign up, and creating the email campaign itself including the email templates.
• got all our clients websites better indexed by Google (and other major search providers) making them more visible in the Search Engine Results Pages.

So get in touch now and see how we can help you.

Here are some "fun" facts which you probably didn't know about computers

1. Your PC has a battery in it...how else does it know the time after being unplugged? You can take the battery out too, but we wouldn't reccommend it unless you know what you are doing!

2. You can turn off your PC if it freezes by holding the power button down for 4 (or more) seconds.

3. Everything you see and hear off the internet is technically coming from your computer. This is because the file has to create a locl copy of itself on your computer before it can play, thats what "buffering" is.

4. An Intel Core i7 3.4Ghz processor can do about 150,000,000,000 floating point operations per second, thats so much maths I can't even count....

5. The first computer (that resembles todays computers) was invented by British mathematician Charles Babbage around 1833.

6. Silicon is the most likely substance of which Alien life is created (does that mean machines will take over and destroy us?! The irony!)

7. The Russians made a computer that ran on water in 1936. I tried running on water but I sank...

Why you really, really should use stronger passwords

This blog post was created from a conversation we had with one of our clients since they sent us this link with a subject line of "interesting?" Advice From A Real Hacker which is worth reading first.

There are many thoughts on this. The suggestion is that we as IT companies should stop forcing password changes so often. Users simply make every new password simpler than the last which is counter productive. Don’t forget, Password1 is a 9 character password containing uppercase, lowercase and numbers!

It has been suggested that we enforce a policy of not using dictionary words, this is not a good argument in reality. It forces passwords to get shorted and shorted, as jumbled characters are hard to remember. How about a (misquoted!!) phrase: ItWasTheWorstOfTimesItWasTheBestOfTimes No matter how many dictionary lists you are using, you will still have to run them all 12*12 times to spot a 12 word phrase.

If “it doesn't take me very long to test every … word combination in the dictionary” then use a word combination that is not in the dictionary, or indeed in any book anywhere...

Where passwords are concerned we will allow:

Never Use Just Numbers

Use All of the Allowable Character Types

Please note he suggests using munging, even tho Wikipedia has a munging lookup table: Munging

Our conclusion? A few steps:

Step 1: Use the same password on all the sites you don’t care about. The forum you registered on just to say “lol” on a post? Pasword1. The site you had to register on to download some shareware? Password1. The city council site you have to register on to receive SMS alert about your dustbins? Password1. Who cares if they get cracked, and it makes your life easier.

Step 2: Use a password manager. For the (few) sites that you actually care about, generate a unique, strong (20 random characters, with all of the Allowable Character Types) password. You will need a password manager, as there is no way you can remember one of these, let alone a few of them for important sites. I define important as “I could lose money if this was hacked”. That loss can take place via simple theft (i.e PayPal) or via complicated ID fraud (i.e. UK Govt. Website). I like KeePass, and LastPass is a strong offering too. They will generate the password, store it encrypted, and when you need it auto fill it onto the web page. Now, you only have to remember 1 password. How about:

“ASingleManInPossessionOfAGoodFortuneMustBeInWantOfAPasswordManager”

(with apologies to Jane Austen).