weakest link - The Dangers Of Uninformed Staff Members And How They Can Be The Weakest Link In The Cyber Security Chain

The Dangers Of Uninformed Staff Members And How They Can Be The Weakest Link In The Cyber Security Chain

By | QCS Group Blog

No matter how secure you think your data and your network are, it can all come crumbling down from just one phishing email or spear phishing campaign. Most employees aren’t trying to hand hackers their information or the company data, yet, it happens. Most employees will click on or respond to a well-crafted phishing or spear phishing email if it lands in their email box. Despite education efforts, 20-30% of recipients open standard phishing messages that arrive in their inbox and 12-20% of those click on any enclosed phishing links. These rates are already high, but they double when looking at spear phishing emails.

Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Virtually anyone on the internet has seen a phishing attack. Phishing attacks are mass emails that request confidential information or credentials under false pretences, link to malicious websites or include malware as an attachment.

Many phishing sites look just like the sites that they are impersonating. Often, the only difference in many spoofed sites is a slight, and easily missed, difference in the URL’s. Visitors can easily be manipulated into disclosing confidential information or credentials to the hacker if they can be induced to click the link. Even blacklisted phishing sites can often get by standard filters through the technique of time-bombing the URL’s. Then the URL will lead to an innocent URL initially to get past the filters but then redirect to a malicious site.

Although malware is harder to get past filters, recently discovered and zero-day malware stands an excellent chance of getting through standard filters, and being clicked on, especially if the malware is hidden in a non-executable file such as a PDF or Office document. This is how many of the recent ransomware attacks were pulled off. If an employee isn’t looking close enough, they could be clicking a link that unleashes the hacker into your system.

Spear phishing is an enhanced version of phishing that takes aim at specific employees of the targeted organisation. The goal is usually to gain unauthorised access to networks, data and applications. Often the initial email will contain no URL or attachment. Instead, it will simply try to invoke the recipient into thinking that the sender is legitimately whomever they say they are. Only later on will the hacker request confidential credentials or information, or send a booby-trapped URL or attachment.

“But my staff is careful,” you might say. “They know what to look for,” you argue. But do they? Some phishing attacks are often just the first part of a much larger hacking campaign. Once they are inside your system, hackers can do devastating damage by rifling through confidential customer lists, intellectual property, and emails; even deleting critical data or encrypting it with ransomware. Companies that fall victim to phishing schemes risks:

  • Reputation damage
  • Loss of market value
  • Competitive disadvantage
  • Legal liability and compliance problems

Let’s look at a possible spear phishing scenario and how it plays out: After cataloguing the executives in the “Our Team” section of the Widget Co. website, the attackers create a cross-reference of social graphs, using Facebook and LinkedIn accounts to build lists of who knows whom inside Widget Co. Then, by piecing together the social information, the attackers are ready to go spear phishing.

The attackers find an HR employee at Widget Co. named John Smith. Posing as Mr. Smith, the hackers target Smith’s Facebook friend and colleague, Jeff Jones, an HR manager at Widget Co. To build trust in the faked email address, the hacker posing as Mr. Smith sends his “friend,” Mr. Jones, a note asking about the family vacation he is currently on (according to pictures posted to Facebook). If Mr. Jones responds, the hacker is off to a good start. He’s successfully impersonating another Widget Co. employee and is starting to build trust in the faked email with his target. Mr. Jones replies and says he is enjoying his time away with his family. The two continue to banter about Mr. Jones’ family vacation as well as things going on in the office, including the names people that have been researched and associated with the social circle.

How can the attacker get away with this? Doesn’t Mr. Smith have a unique, domain- specific email through Widget Co.? Yes, he does. However, due to Widget Co.’s “Bring Your Own Device” (BYOD) policy, employees are able to use personal mobile devices to send messages to one another. In this case, the attacker knows from LinkedIn that Mr. Smith’s personal email address is [email protected] The attacker creates a Gmail account for [email protected] Mr. Jones doesn’t notice the difference, and the stage is set for the real attack.

The hackers know from LinkedIn that Jane Doe is a new employee working with Mr. Jones. The hacker posing as Mr. Smith sends to Mr. Jones a PDF file of “new employee paperwork” that actually contains key logging malware. If Mr. Jones opens the file, his device is instantly infected, his credentials sucked up, and the network is breached.

Alternatively, the fake Mr. Smith could send a note that says, “Hey, Jeff — I’m on the golf course, but I need to call the bank and make sure Jane Doe’s retirement plan is all set up. I can’t remember the login for the employee database system — can you help me out?” If Mr. Jones shares his login for the database, the hacker is inside. Either way, the phisher can collect Mr. Smith’s login credentials — a free pass to invade the Widget Co.’s private networks. Any confidential employee data is at risk of being improperly accessed.

It could just as easily have been in corporate finance, marketing and sales, IT, or any other department. Most employees have more than enough personal information about them in the public realm to allow their identity to be utilised to swindle another employee and compromise your network.


cyber security - What Role Does IT Play in the Modern Company?

What Role Does IT Play in the Modern Company?

By | QCS Group Blog

As technology expands to impact nearly every business process, from customer service to business strategy, the role of the IT department is expanding along with it. IT is no longer only responsible for setting up computer systems, maintaining the server, and running the help desk.

The IT team is the keeper of the treasure that data has become. With IT’s services, leadership teams can better understand their customers, predict changes in the market, understand how to streamline business processes for improved productivity, determine where inefficiencies are cutting into profits, and spot new opportunities for innovation and growth.

Thanks to developments in technology, IT has moved from a cost centre to a revenue generator. According to a 2016 survey by CIO, 84% of IT executives agree that their role is becoming more important to the company they serve. And it isn’t just large companies that benefit from the insights that IT can provide. Smaller companies who outsource their IT can take advantage of the same data intelligence that in-house executives offer enterprise-level companies.

If IT doesn’t yet have a seat at the decision-making table in your company, pull up a chair. IT can deliver value in myriad ways, but here are five of the most significant.

1. Smarter Decision-Making

Intelligent decisions are based on facts and data. In order to guide their companies well, leadership teams must have the research that the IT department can provide. CRMs can be mined, customer surveys can be sent and results analysed, business intelligence data can be examined for insights. The IT department, whether internal our outsourced, can deliver the information that the decision-making team needs and provide recommendations.

2. More Effective Marketing

To communicate in a compelling way, you have to know your audience inside and out. As modern culture becomes more individualised, both business buyers and consumers expect companies to provide personalised experiences that align with their interests and needs. IT can create detailed customer profiles that allow companies to micro-segment and deliver custom messages to each. Without this data and technology, companies will waste a majority of the marketing budget on ineffective initiatives.

3. Better Customer Support

Personalised experiences don’t stop with marketing. Smart companies continue to provide individualised service throughout the customer life cycle. The IT department can help company leadership understand their customers’ changing preferences and predict behaviours so appropriate action can be taken to retain customers. IT can also improve customer communication via a multitude of channels, delighting customers and heading off potential problems before they begin.

4. Profit-Boosting Productivity

IT can create systems and provide tools that allow people and process to work as efficiently as possible. Wasted time is converted to productive time, so more gets done faster. Inefficient processes can be simplified, reducing costs. The IT department can facilitate everything from document management to inventory tracking to problem solving, all with a positive impact on the bottom line.

5. Reliable Security

With advances in technology come risks. Hackers have an unprecedented number of ways to infiltrate servers, and ransomware looms as a threat to companies of all sizes. Businesses have always depended on the IT department for security, but the value of an IT department that can provide reliable security is higher now than ever before.

As companies depend more and more on technology to compete and to grow, IT’s role will only become more important. Rather than being viewed as the stereotypical socially-challenged, video-game-loving nerds who can fix computer issues, IT professionals are now being seen as the heroes who can lead the company to levels of success that were never before possible.

If you’re in the Brisbane area and would like to find out more about this or other IT topics, please don’t delay — Contact QCS Group, at 1300 858 723 or by sending us an email to: [email protected]

Snowed Under - Does Your IT Have You Feeling Snowed Under?

Does Your IT Have You Feeling Snowed Under?

By | QCS Group Blog

Information Technology is a critical and often confusing part of your business operations – which is why great IT support makes all the difference.

As technology becomes more and more integral to the way businesses do business, making sure you have the right technology in place becomes more and more important. When you count on technology for everything that you do, you quickly find yourself with a complex infrastructure that can be tricky to manage successfully. Not only do you need to be sure you have the right technology solutions in place to suit the specific needs of your unique business, but you need to be able to keep that technology running smoothly around the clock.

That need to manage and maintain increasingly complicate Information Technology is the reason why businesses of all sizes are turning to outsourced IT support from a Managed Services Provider.

Managed Services Providers (MSPs) act as your business’ complete IT department, handling your entire IT infrastructure from top to bottom. Their team of highly trained and certified professionals is there to help by taking over day to day IT responsibilities from your staff, or stepping in to support your in-house IT personnel by adding specialised expertise to your existing setup.

The goal of managed IT services is to take the stress out of your business technology. You’ll always have someone to turn to with your IT questions, and a team of technicians will be there to fix any issues that crop up and actively work to keep disruptions and downtime to a minimum. Most importantly, unlike working with a break/fix IT contractor, you’ll be working with the same people each and every time you need assistance. An MSP takes the time to get to know your business and your staff, offering guidance and support we know will help you based on what your specific business needs.

An MSP gives you all the advantages of a fully-staffed in-house IT department at a fraction of the cost, with a range of services available for a low, predictable monthly fee. Not only do managed IT services take the guesswork out of your technology, but they also take the guesswork out of budgeting for your technology.

To learn more about what managed IT services from QCS Group have to offer your business, get in touch with us at [email protected] or 1300 858 723 today.

cyber security - Cyber Security in a Cloud World

Cyber Security in a Cloud World

By | QCS Group Blog

We speak with business owners every day about how to help make their team more productive, mitigate the risks in their business, and get more done. Recently we’ve noticed a dangerous trend: Business owners treat the ‘cloud’ and the security of the ‘cloud’ the same way that they treated their on-premises networks: In short, they don’t care.

They assume that ‘someone else is taking care of the security.’This mindset is extremely dangerous. In the traditional model of on-premises IT infrastructure, it was the responsibility of IT to secure the perimeter of the network. Essentially, that involved installing a good firewall, only opening ports that were needed, purchase good security software – rinse and repeat.With the cloud – this has all changed. While the security of your network is important, in many cases, the network is just the mechanism you use to get out to the cloud, where your data is now physically located.

The Shift

In the old world, we had to secure the perimeter so we could secure the data.

In the new world, we no longer have a perimeter, so how do we secure the data?

When working with businesses, we focus primarily on two areas of the business where we can have the most significant impact: employees and their identities.

Driving Employee Awareness

Almost all phishing and account security attacks happen as a result of user action: a user is tricked into giving away their credentials, clicks on a malicious link, or uses poor password hygiene. You can spend a ton of money on building fences around your information – but if you leave the front door open, you have wasted your money.

This all starts with regular user training and awareness. Test your employees’ ability to spot email-based attacks, like phishing. Share articles after significant breaches (like the recent Equifax breach) to make it real for your team members. Include examples of what to look for in phishing attacks in your regularly scheduled security training. Don’t forget about your new hires – make security awareness part of their on-boarding.

Protecting User Identity

Right behind driving user awareness is protecting user identity. Since so much of our information is stored in the cloud, protecting the user’s account (or identity) from being stolen is critical. Brute force attacks on user accounts (where hackers try to guess the password) are widespread. Or, in many cases, users will re-use the same password across all their accounts – making it easier for hackers to gain access to their accounts.

At the very least, you should deploy multi-factor authentication (MFA – sometimes called dual-factor authentication). MFA protects an account, even when the password is compromised. An MFA protected account requires the password AND a physical action (such as approval from a mobile device or a code from a text message) before the account can be accessed.

Want to see it in action? Watch this on-demand webinar about multi-factor authentication.

We also recommend deploying services that help flag and prevent risky account behavior. Azure Identity Protection Manager uses machine learning to flag risky account behavior (such as a login from an unusual location for that user). Azure Privileged Identity Manager goes a step further by putting restrictions on administrator accounts.

If you own a business or are responsible for a department of a company – please do not treat the security of your data stored in the cloud the same you treated the security of your network. Data security can longer just be the responsibility of only the IT team. While your IT team should no doubt be managing the tools and leading the charge, data security needs to be a team effort. Your business may depend on it.

If you’re in the Brisbane area and would like to find out more about this or other IT topics, please don’t delay — Contact QCS Group, at 1300 858 723 or by sending us an email to: [email protected]

managed it services - Why Do I Need Managed IT Services?

Why Do I Need Managed IT Services?

By | QCS Group Blog

By 2019, the managed-services market is projected to grow by $193 billion. Both small, medium and large businesses are becoming very aware of the reasons to choose the managed-services business model, and the demand is strong. Here’s an outline of some of the reasons why your business should choose IT managed-services.

Enhanced Security and Compliance

Today, security and compliance are a major concern for all businesses. Operating systems, smartphones, tablets, laptops and other types of technology store and transmit important data. This makes security critical. Falling victim to a security breach or hacker is a common fear. A breach can cost companies a loss in reputation and a huge loss in dollars. Managed service providers help protect businesses from a security breach event and take quick action if one does occur. All businesses must be compliant with regulations specific to their industry, especially the legal and health industries. A managed service provider can supplement additional policies, protocols, and procedures to ensure compliance.

Efficient and Reliable IT Operations

This is one of the most important reasons businesses need managed IT services. Lack of employees with the knowledge and skills to handle an entire network and an overburdened IT staff just leads to inefficiency and unreliability. It’s difficult to negate the value of having an IT provider. It’s a partnership that is collaborative that leads to more efficient and reliable IT operations. While it doesn’t replace an in-house IT staff, it enhances its capabilities. Not only do issues get resolved quickly, businesses have the benefits of the latest technology and innovative solutions to maximise up time and profitability. These technologies include cloud computing, backup and disaster recovery and remote monitoring and management. The need to keep the entire IT infrastructure efficient and reliable is a big reason for managed IT services.

Cost Effectiveness and Return on Investment

Working with a managed IT service provider benefits companies financially. It’s a considerable cost saving. It helps control outgoing expenses and increases return on investment. Typically, an IT budget consists of many things like IT labor, maintenance costs, software and network infrastructure and hardware costs. Using outdated software negatively impacts return on investment. Plus, managed IT services provide scalability and flexibility to grow in a manner that internal IT teams cannot provide. Businesses can easily project IT expenses on a monthly basis and can plan for improvements and larger projects. IT services play an instrumental role in cost-effectiveness and return on investment.

A Proactive Approach to Maintenance

This is another major reason to work with a managed IT service provider. Businesses no longer have to waste time thinking about its IT infrastructure. There’s no need to worry about daily things like the speed of network connections and dependability. With a managed IT service provider, businesses are given the luxury of an all-day, every day around the clock coverage. Security and service solutions are always at work detecting potential disturbances, vulnerabilities, and threats. Issues and bugs can most likely be detected and fixed before the business is even aware of a problem. And data management on the cloud with a service provider yields more revenue. IT service providers offer a proactive community with regular and encrypted backups, virtualisation and cloud computing.

Free Up Internal IT Staff to Concentrate on Strategic Projects

Often, businesses need their own internal staff to focus their energy on other tasks. It’s a good reason to work with an IT managed provider. Projects and other needed tasks get the time and attention needed. It maximises the company’s IT budget. Think about it. It doesn’t make any practical sense to have an internal IT team handling things like migrating over to Microsoft Office 365 when it can be expertly handled by a provider. With specialised services, managed service providers take the pressure off the internal IT team.


Technology is transforming the world of business. But it changes fast and is a complex industry. Most companies today want to streamline its IT operations and turn to managed IT service providers to accomplish that goal.

If you’re in the Brisbane area and would like to find out more about this or other IT topics, please don’t delay — Contact QCS Group, at 1300 858 723 or by sending us an email to: [email protected]

What is shadow IT 1024x651 - What is Shadow IT?

What is Shadow IT?

By | QCS Group Blog

There’s probably a massive hole in your cyber security. It’s probably been there for years. You probably already know about it – you may even be the main culprit behind it. And you probably don’t even realise it’s a security risk: Shadow IT.

Shadow IT refers to the use of any hardware or software in a company that is not approved by the IT department. Examples include: employees using different software to edit photos, storing company files on their personal flash drives, or simply using a different internet browser to check their email.

It’s estimated up to 80% of employees use Shadow IT at work to complete their daily tasks. Shadow IT is a widespread occurrence in the workplace and should be prevented whenever possible because of the many problems it creates.

Why It’s Risky

It may not seem like a big deal for an employee to use different software or hardware at work, but it can create many problems for a company. The main problem is security – if your IT team doesn’t know about it, they can’t keep it secure. Software that has not been approved by the IT department may have vulnerabilities that would allow a hacker to gain access to the company network and view all company data.

Even safe, legitimate software and apps can have security holes and vulnerabilities that need to be patched. Again, if your IT doesn’t know it’s there, they can’t install the necessary patches to close the holes.

Another reason shadow IT is dangerous is that it can prevent data from flowing freely to all who need it in a company (example: an employee may be using personal software or hardware to store company data). This is particularly dangerous because the IT department cannot make sure all this data is being backed up in case of data loss.

Why Employees Use It

Shadow IT poses a severe risk, but employees do not use Shadow IT with malicious intent. Instead, employees use Shadow IT because they view different software or hardware as able to make their jobs easier and more efficient.

Employees grow frustrated with the software that they are given and find better ways to accomplish a task. Sometimes this is because the tools they have just aren’t up to the task. It can also happen because of a lack of training. You can give your employees the best tools in the world to do their job, but if they don’t know how to use them, it’s as good as no tools.

How to Prevent It

The best way to prevent Shadow IT is to give employees the right tools and the right training to do their job.

A great way to make sure employees have the necessary tools is to listen to what they are saying about the tools that they have been given. Employees often know of software or hardware that can make their work more efficient, and they should be listened to about these tools.

Once IT is aware of the software or hardware that employees want to use, they can take the necessary steps to make sure these tools are safe to use for company work. Make this a quick turn around process, though. If it takes weeks for the IT team to approve a new app or software, though, people will be more likely go around it.

One more extreme way to enforce this is to only give admin accounts on computers the rights to download programs.

Shadow IT is common, and many do not see the harm in using unapproved programs or hardware in their work. However, shadow IT is not as innocent as these people think. Shadow IT creates security risks to your network, stops data from being backed up, as well as prevents other employees in your company from being able to access data they need.

Employees need to understand the risks that are involved in using unapproved software or hardware, and need to be educated on how to use the software or hardware they are expected to work with.

Shadow IT can be a significant security risk, or it can be an opportunity for a company to grow as it better learns how its employees work, and how to supply them with tools to make their work more efficient.

If you’re in the Brisbane area and would like to find out more about this or other IT topics, please don’t delay — Contact QCS Group, at 1300 858 723 or by sending us an email to: [email protected]

business continuity - What Is Business Continuity?

What Is Business Continuity?

By | QCS Group Blog

For Those Wondering “What is Business Continuity?”  Here’s What Business Continuity Is – and Isn’t

The difference between having a disaster recovery plan in place and having a working business continuity plan is a subject of some confusion for people. There is a difference between a disaster recovery plan (DR plan) and having sound business continuity planning (BCP Plan, or BCP plan) in place. That difference will be outlaid in this article.

Disaster Preparedness and Business Continuity

Is your business truly prepared for disasters of all types?  To reach a place of optimum disaster readiness, you need both a DR plan along with a viable business continuity plan in place to ensure that your business survival and recovery is fast and seamless.

Some key points your BCP plan should cover are:

  • Access to Disaster Recovery (DR) plans
  • Alerting key DR plan participants
  • Safety – Ensuring safe evacuation or shelter
  • Alternate business/work site
  • All office systems – phone, computers, connectivity etc.
  • Management decision makers – who and how
  • Communications – internal and external
  • Insurance, suppliers, customers – Do you have staff assigned to speak to each group?

Creating a Winning Business Continuity Plan

It takes dedicated, qualified business IT specialists to help you create a winning BCP plan. If your organisation doesn’t already have a BCP plan in place, you’ll want to put it at the top of your to-do list. If you feel you have a substandard BCP Plan, you’ll also want to mark it for re-evaluation and possible overhaul.

Here are the six main steps in creating a solid BCP Plan:

  1. Identify the scope of the plan.
  2. Identify your key business areas
  3. Identify critical functions
  4. Identify discrepancies between various business areas and functions.
  5. Determine acceptable downtime for each critical function.
  6. Create a master BCP Plan to maintain operations through any crisis.

You also need to have a business continuity checklist that includes equipment and supplies, the location of all data backup sites, where the BCP plan will be kept accessible, and who should guard it. You’ll also want to keep contact info for emergency responders, key personnel, and backup site service providers.

Remember that your disaster recovery plan is an integral part of the larger BCP plan, so you will want to make sure your IT department has planned accordingly for the two.

Testing Out Your BCP Plan

After you’ve drafted your BCP plan (with our help, of course), it must be rigorously tested so you’ll know it’ll be effective in case of disaster. Generally, most BCP plan testing consists of:

Table-top or conference room exercises. Team members go over a physical draft of the plan at a conference table and identify and repair any flaws in the plan.

Structured walk-through. Each team member individually goes over his or her part of the BCP plan in detail, IDing any faults and correcting any weaknesses.

Comprehensive disaster simulation testing. Performed annually, an environment is created that simulates an actual disaster which includes all equipment, supplies, and personnel that will play a part in the plan. The purpose of this step is to find out if your critical business functions can be carried out successfully in the event of an actual disaster.


Statistics on Small Business Disaster Recovery

  • 75 percent of small businesses don’t have emergency operating plans.
  • 40 to 60 percent of businesses NEVER return to doing business after a major disaster. (They didn’t have a proper continuity plan in place, no doubt.)

Let’s let all that sink in a bit, shall we?

What Is – and Is NOT – a Business Continuity Plan

Having data backup and a disaster recovery plan do NOT constitute a continuity plan, in and of themselves. Indeed, total disaster avoidance is incomplete without true business continuity planning in place.

Many businesses these days are getting by with only a disaster recovery plan, and are leaving out a full business continuity plan and the “total business survival assurance” that goes along with it. This is only going halfway in meeting your total continuity requirements BEFORE disaster strikes.

In helping our clients meet their business continuity planning needs, we take disaster recovery services to a higher level than most do, which keeps them not only open for business, but thriving, following a hurricane, flood, fire, power outage, or other unforeseen threat to a business’ future.

For us, business continuity management isn’t just about recovering data or disaster recovery itself – it’s having multiple IT systems and a workable post-disaster contingency plan up and running precisely when you need it.

THAT’S good Business Continuity Planning.

And, since we’ve aligned our business IT goals with our clients and fellow small business owners, we can all agree on what works – and, what doesn’t.

As we’re fond of informing our prospective customers, you can have multiple forms of data backup going, and have an IT company who can recover a hard drive or do a server backup in an ongoing way, but if a hurricane, fire, or flood were to hit your brick-and-mortar business – you don’t truly have what could be called a true business continuity policy in place.

The difference between a disaster recovery plan and a business continuity plan, then, involves some key strategic differences. And although they appear to be one and the same for many business owners, not knowing the difference – and failing to remedy that by having both elements of continuity in play – could be devastating.

Putting a Real Continuity Strategy into Play

Don’t wait another day while your business survival hangs in the balance – call a QCS Group disaster recovery and continuity pro – and begin setting the groundwork for a resilient business continuity plan today.

You need Brisbane IT specialists who understand how to plan for disaster and keep your critical systems functioning through any catastrophe, power outage, fire, flood, storm, hurricane, other contingency.

You need QCS Group to get you the business continuity plan in Brisbane you and your business truly deserve!

Our Business IT Consultants Can Get You Truly Prepared

QCS Group consists of IT consultants who are the best, brightest, and most able tech support specialists in Brisbane

If you’re in the Brisbane area and would like to find out more about this or other IT topics, please don’t delay — Contact QCS Group, at 1300 858 723 or by sending us an email to: [email protected]

law it support - When Law Firms Should Swich to Managed Services

When Law Firms Should Swich to Managed Services

By | QCS Group Blog

Technology is ever-changing, and law firms need it to run a business.  But, a lot of things can go wrong, such as security breaches and forgotten passwords.  Some law firms have a small IT staff, but there may be signs that it’s time to hire outside managed services.  At what point is it time to partner up with a managed service provider?

Inefficient Integration of Line of Business Applications (LOB)

With LOB applications constantly growing, so do the challenges to these tools.  Cost recovery systems, document management systems and more are vital to law firms. These applications need to work synergistic-ally with Adobe Creative Cloud, Microsoft Office Suite, and other standard tools.  When LOB applications seem like they are resulting in less efficiency than expected, it’s time that a managed service provider is in order.

Substantial Downtime

A red flag is waving if there’s a critical software application or server failure that’s not responding.  Users can’t access the needed data.  The industry of law is time-sensitive, and law firms can’t afford to have significant downtime.  Time equals money in the law industry.

Underperforming Applications

If attorneys are sitting there tapping on their desk with a sluggish application, work is put on hold.  Law firms need technology that works fast every day of the week.  When things aren’t working fast enough, it’s time to consider hiring a managed service provider.  If it’s broke, it needs to be fixed.

Lagging Behind the IT Security Curve

Protecting the sensitive information of clients and cases is paramount to law firms.  IT security cannot lag.  Today, law firms often find themselves trailing behind the IT security curve.  And with new threats every day, law firms can best implement the best security practices.  Plus, compliance issues can cause a lot of headaches for law firms.

Access to Needed IT Support

Some law firms have in-house IT managers and staff.  Yet, these employees are often overwhelmed by the complexity of the changing IT landscape.  Too much time is spent on tactical things instead of what really needs to be done.  In-house IT teams cannot provide the 24/7/365 IT support to provide support for the challenges law firms face with technology.  With a managed service provider, law firms get IT support for the entire IT infrastructure at all times and when it’s needed most.

IT Costs Too High

Both small and large law firms need to keep a very close eye on operating expenses.  The cost to employ IT support can easily exceed $100,000 per year.  Not only can that team be available 24/7, it’s likely they won’t have the depth and knowledge required to support different technologies.  In the long run, it’s more cost-effective to hire a managed service provider because the cost to implement and maintain an in-house solution is cost-prohibitive for most law firms.  Law firms are beginning to realise that a managed service provider has invested the time and money to provide expert IT support, and they can leverage their expertise at a fraction of the cost with an in-house IT team. Let these professionals save your law firm money.  Like any other industry, the bottom line for law firms is turning a profit.

Not Getting What Your Firm Needs

Most law firms cannot get everything they need from in-house IT staff.  Case calendars, document management, billing contacts, email encryption and case management software have created more of a need for reliability, infrastructure security, and performance.  And with mobile devices, document collaboration and video conferencing, law firms just need more from their own IT internal staff.  If you’re an attorney and not getting everything you need from your own in-house IT team, it’s time to turn to a managed service provider.  Their expertise and knowledge of the law industry can serve your firm well.

Seeking a Holistic Approach

If your law firm is seeking a holistic approach to the deployment and operation of an IT legal environment, this is a wake-up call that a managed service provider is in order.  A managed service provider can handle everything.  These IT professionals offer:

  • A flat-fee structure, so there’s no worries with costly billable hours
  • A highly predictable cost structure
  • Better ROI on IT cost
  • Privacy, compliance, and security
  • A scalable IT infrastructure

Inefficient integration of LOB apps, substantial downtime, under performing systems, IT security curve, IT support, IT costs and getting your IT needs to be met are all indicators that it may be time to consult with a professional and experienced IT managed provider.  With a managed service provider, law firms can operate more efficiently, avoid security breaches and better serve their clients.

If you’re in the Brisbane area and would like to find out more about this or other IT topics, please don’t delay — Contact QCS Group, at 1300 858 723 or by sending us an email to: [email protected]

Office 365 Migration - 5 Steps for a Successful Office 365 Migration

5 Steps for a Successful Office 365 Migration

By | QCS Group Blog

One of the best ways to set yourself up for success when moving your business to Office 365 is a seamless migration with no downtime for employees. We’ve helped hundreds of companies migrate to Office 365 and have picked up some tricks along the way.

Follow these steps for a successful migration:

Determine your needs and priorities

The first step in migrating your business to the cloud is to determine your needs and priorities. The overarching question is what do you want to put in the cloud? Is it just email, or are you also trying to move documents and file shares?

You also need to know what your requirements are. For example, if you have specific compliance requirements, you’ll need to know what those are. If your business is heavily dependent on specific programs (like your ERP system) make a list of those, too.

Not everyone in your organisation has the same requirements to perform their job: some are desk-less workers that only check email on their mobile devices, others use the full suite of Microsoft Office products on their desktop. Get input from key contributors up front so you can incorporate it into your plan.

Regardless of your answer, our suggestion is to go ahead and choose an Office 365 plan that includes file storage (SharePoint and OneDrive). Whether you plan on implementing a file plan in SharePoint or not, everyone should take advantage of OneDrive – each user gets 1TB of space to backup and secure their files. Also, purchasing a bundle of services is cheaper than subscribing to individual service.

Get a Microsoft Partner

This step is optional, though we recommend it. If you have a tech-savvy team, you may be able to handle the migration yourself. But if you don’t have much experience with this, it’s better to get an experienced Microsoft Partner involved up front – even if it’s just to help you with the planning phase.

A Microsoft Partner should help answer your questions (including which plans to get), plan your migration, help you purchase your licenses, perform the migration (at a time that isn’t disruptive to your business), and provide post-migration support.

You will want to find a partner with experience moving a company similar to yours (ideally, you’ll find a partner with experience moving companies of all sizes), both in size and requirements.

If a company has lots of experience, but only with migrations from large companies using a corporate email system, they may not know the best migration path for a smaller company and vice versa.

Pick a Plan – or Plans

After you know your requirements, you’ll need to choose your plan(s) based on the requirements you determined. If you’re not sure what to get, your Microsoft partner can help you choose the plans that best fit your needs.

One of the great things about Office 365 is the ability to mix and match plans within your organisation and easily move between plans. If you later determine an employee needs a different plan, you can switch them to a different license at any time.

There are a few options to choose from (even more when you consider add-ons and Microsoft 365). Microsoft also has comparisons of small business and enterprise plans.

Some notes about plans:

  • If you just want to move your email to the Cloud, you can get an Exchange Online plan. But Office 365 Business Essentials starts at $7/user/month. It may be worth looking at paying the extra $1-2 month per user to get the online storage and other apps.
  • Office 365 Business Premium includes the Office 365 Business Center with apps you can’t get on any other plans (including the more expensive plans).
  • Business plans have a maximum limit of 300 of each license type.
  • If you need more advanced features, like PSTN conferencing or advanced security features, you may need Office 365 Enterprise E5.
  • There are additional features, like Advanced Threat Protection and Exchange Online Archiving available as add-ons.
  • If you need to upgrade operating systems, or if security is a top priority for you, you may also want to consider Microsoft 365, which includes Office 365, Enterprise Mobility + Security, and Windows 10 Enterprise.

Not sure which plan works best for you? Book a time to talk to our expert to help determine the best fit.

Plan Your Migration

After you’ve picked your licenses, the next step is to plan your migration. Planning your migration, whether you work with a Partner or do it yourself, is one of, if not the most critical steps. Without a plan, you’re more likely to miss something. It’s much harder to fix something in the middle of a migration than it is to take the extra time to create a plan from the beginning.


The first step in creating a successful plan is to look at how your email/data is currently set up and the way your users access the services. This will help you determine the best way to move your data. It can be done manually or by using an automated migration tool.

During the discovery phase, your partner will also confirm where your current domain and mail records are hosted.

Clean Up

During the planning phase, you’ll need to review and delete any data or old accounts that you do not require. You’ll also need to map out any new workflows, process changes, or compliance settings that will be used with Office 365.

Your migration will likely involve moving some of your data to SharePoint or OneDrive for Business. One of the biggest mistakes we see companies make is just to pick up your files from your physical server and dump them into SharePoint or OneDrive.

If you’re meticulous about file organisation now, that may work for you. But if your company struggles with file organisation on a physical server, just moving everything over as is isn’t going to change anything. Work on your file organisation BEFORE migrating it over. SharePoint includes features like keywords and metadata that can help.

Communication Plan

It is best to work out a solid communication plan to send out to all your users. Your communication plan should include what the users should expect the weeks and days leading up to the migration, what to expect the day of the migration, and after the migration is complete.

Make the Change

Once you have your plan in place, you can make the move. On the move date (which should be predetermined in your plan), you or your Microsoft Partner will actually migrate your information over and make the switch from your old service to Office 365.

The process will vary some from company to company, depending on what data you’re migrating over, but typically the actual migration process looks like this:

  1. Set up new Office 365 accounts.
  2. Copy mail (including contacts and calendars) over to Office 365 accounts
  3. Move any other data over (like stored filed being migrated over to SharePoint or OneDrive). This step is typically where there is the most variation based on what data you’re moving.
  4. Cut your MX records (your mail records) over to Office 365.

Note: This plan is for a basic migration. Some migrations, especially migrations with customer SharePoint work, will have more steps.

Your users should be able to log in to their new Office 365 account on the next business day with all their old mail already populated in their new account.

That’s it! You’re done with your migration and your business can start using Office 365.

If you’re in the Brisbane area and would like to find out more about this or other IT topics, please don’t delay — Contact QCS Group, at 1300 858 723 or by sending us an email to: [email protected]


Top 10 Reasons for O365 1030x357 1024x355 - Top 10 Reasons to Move to Office 365

Top 10 Reasons to Move to Office 365

By | QCS Group Blog

There are a lot of reasons that most businesses should consider moving to Office 365, and a few things to think about when making the jump.

Office 365 can be a huge productivity boost for businesses, and has a lot of great features that can streamline their workflows.  It offers advantages in server maintenance, scale ability, productivity gains, cost savings, security and more.

  1. Server Maintenance. For years, many small and medium businesses have been maintaining an exchange server onsite.  There is a continual stream of security updates and service packs.  All of which need a qualified IT professional to administer them.  With the move to office 365 this maintenance is significantly cut down.  You still need to have someone that can administer accounts, but it eliminates the need for patches and updates on an exchange server.
  2. Many small businesses used to use Microsoft’s Small Business Server for email.  It has been discontinued for several years in an effort to push small businesses to their cloud offerings, but when it was still around It had a maximum of 75 users.  If you grew your business past that it represented a significant reinvestment to keep an exchange email solution.   With office 365 there really are not limits on how many users or mailboxes you have.  Simply log into the admin panel and make a new one when you need it.
  3. Productivity Gains. One of the nice features of Office 365 is that it is cross-platform.  That means that it runs just as happily on apple or android as it does on windows.  This is important because more organisations are allowing their employees to bring their own devices.  The next productivity gain is that Office 365 is available anywhere you have internet.  This allows your staff to have a little work life balance, and access needed documents from home or elsewhere.  There are also some nice collaboration features that allow users to track changes to documents across the organisation without generating multiple versions of the same document.  This helps keep everyone on the same page.
  4. Cost Savings. Cost savings are especially significant to small and medium businesses.  In-house exchange servers typically carry significant procurement costs for hardware, software licensing, and labour to configure it all.  There are ongoing server maintenance costs as mentioned.  With Office 365 businesses have the capability to scale their users up and down at any time.  This eliminates waste.  They also have a predictable monthly cost that is straightforward and easy to budget for.  From a cost perspective any business that has 100 employees or less will typically recognise significant savings.  Many larger businesses can also save by a move.
  5. There has been a lot of talk about security in the cloud.  Microsoft’s online services have been designed with security in mind. Office 365 applications are accessed through 128-bit SSL/TSL encryption.  If data was somehow intercepted the bad guys would be unable to read it.  Antivirus signatures are kept up to date, and security measures are applied in accordance with the Microsoft security guidelines. Exchange Online has built in malware protection, and it uses anti-spam filtering and antivirus with multiple virus engines.
  6. One of the great features of office 365 is that it is guaranteed to be up all of the time.  They have a 99.9% uptime commitment to their customers.  That means that the total downtime in a year will not exceed 8.76 hours.
  7. Many businesses have to meet compliance regulations for the industries they work in. Office 365 services have been certified as compliant with ISO 27001 standards.  They have also passed SAS70 audits for security compliance, and even have added controls for clients that need to comply with HIPAA or other industry regulations.
  8. Always up to date. There is a regular life cycle to most software products.  Most businesses end up purchasing new copies of office about every 3 years as they come out.  An office 365 subscription entitles you to the latest version of Microsoft produces as soon as they are released at no extra cost.
  9. Single Sign-on. If your network is running a windows server 2008 or newer you can configure active directory federation services to achieve single sign-on.  This allows users to log on to the domain and be automatically authenticated to office 365.
  10. Office Web Apps. This is another neat feature of Office 365.  It basically offers web based versions of all of your favorite Microsoft products in a browser.  This allows you to make quick edits on the go from any internet connected machine.  You can even get a mobile version of office so that you can access it on a phone or tablet.

With all of the good reasons to move to office 365 there are a few factors that business owners should consider.  Timing of the move can be important.  If your business has just invested significantly in an on premise exchange solution, it may make more sense to wait for that product to be end of life before making the jump.  Some businesses are also strictly regulated about the data that they are allows to store offsite.  This is an important consideration when evaluating a move to office 365.

Other things to consider include the internet connection available at your office, and whether that payment model is a fit for your business.  Not all office locations may have access to a high speed internet connection, and the use of office 365 will definitely increase the load on your existing bandwidth.  Some businesses also operate much better with a capital expense than with ongoing monthly payments.

All of these factors should be considered before making a jump to Office 365.  There are considerable benefits that businesses can gain from making the switch, but it’s important to consider all factors to ensure that it’s the right move for your business.

If you’re in the Brisbane area and would like to find out more about this or other IT topics, please don’t delay — Contact QCS Group, at 1300 858 723 or by sending us an email to: [email protected]

Call Us
Email Us