Office 365 Vs GSuite

Whether you are an individual trader or the owner of a small business, both Microsoft’s Office 365 and Google’s GSuite provide you with access to the essential office software that you need for your business. For many years, Microsoft was virtually unchallenged in this space, but now it faces competition from several directions. GSuite is its main competitor and the rivalry between the two office suites has influenced how their respective developers approach maintaining and upgrading them.

What Do They Do?

Both Office 365 and GSuite are productivity suites that contain the full range of software that businesses need on a day to day basis. Among the bundled software packages are word processors, spreadsheet makers, and email clients. Both Office 365 and GSuite contain more or less the same tools, and they feel very similar to use, although there are some key differences that we will come on to.

Pricing

You can try out most of the individual components of GSuite for free. For example, you can use Google Docs, Google Sheets, and Gmail for free. If you are a sole trader or one-person business then you might be able to access all the tools you need free of charge. However, if you are running a small business and want to take advantage of collaborative and communications tools, you will want to look at a GSuite subscription.

Microsoft doesn’t offer its products for free, but it does offer a free trial that you can take advantage of to make sure that MS Office is right for you.

Gsuite costs £9.20 per user per month. Microsoft makes Office 365 available for £9.40. Microsoft does offer a couple more basic packages, but these won’t provide parity with GSuite.

File Storage

Both GSuite and Office 365 provide their users with cloud storage. Microsoft is more generous in this regard, providing 1 TB of cloud storage to users even on their most basic plan. Google, on the other hand, provides 30 GB of storage on its most basic plan. However, if you’re willing to spend more Google can provide you with access to unlimited cloud storage.

How much storage you need will depend on the kind of business you are running. Some businesses will burn trough 1 TB (1,024 GB) with surprising speed. However, the majority of smaller businesses will find 1 TB more than enough. If you’re only handling text files, spreadsheets and the like, this will be plenty.

Email

With regards to email storage, both Microsoft and Google offer their email services for free, via Outlook and Gmail respectively. However, they both also offer premium variations on their email clients for users who buy a subscription.

On paper, Gmail offers users more storage. If you are paying for five or more users each month, your Gmail will come with unlimited storage. However, while Microsofts’s Outlook doesn’t officially offer unlimited storage, their ‘auto-expanding archiving’ feature means that old emails are archived in an archive that does offer effectively limitless storage.

Gmail has a range of third-party apps available that enhance its functionality in a number of ways, something that Outlook doesn’t offer. However, Outlook is a major selling point of Office 365, and with good reason. You will find it much easier to keep your emails organized using Outlook. Whereas Google’s entire GSuite, including Gmail, is cloud-based, Microsoft offers an offline desktop client for Outlook – something that isn’t available with the free account.

Cloud Vs Desktop

One of the most important factors in deciding whether Office 365 or GSuite is right for you is whether you are happy with an entirely cloud-based solution. All of Google’s services are hosted online. You can download mobile apps that enable you to create and edit documents and spreadsheets, but on a desktop or laptop, you will access Google’s services through your web browser.

While it is hard to envisage a situation where Google becomes unavailable, temporary outages are not unheard of. If you opt for GSuite and Google suffers technical issues then you won’t be able to use their office apps. With Office 365, you download the software to your desktop and can use it offline.

Both GSuite and Office 365 allow the user to save their files locally, as well as taking advantage of cloud storage. If you choose to store your files in the cloud then you will be relying on the service providers keeping things up and running. If the service does go down, you will lose access to online files.

So, which one is better overall? It comes down to both personal preference and the nature of your business. However, Microsoft has much more experience in this area and while Google’s GSuite is perfectly suited for many businesses, it is not quite as refined an offering as Microsoft has crafted. Office 365 has a notable advantage in terms of its communications apps, including both email and video conferencing. On that basis alone, it gets our vote.

Windows 7 End of Life

All good things must eventually come to an end and operating systems are no different. Once they reach the end of their lifespan, outdated operating systems will continue to work but will no longer be officially supported. When an operating system reaches the end of its life, that means that Microsoft will no longer provide technical assistance or release new security updates for the operating system.

Microsoft’s operating systems are usually supported for around 10 years and with Windows 7 having celebrated its 10th birthday in July of this year, Microsoft is now preparing to wind down support for the OS officially. If your business is still using Windows 7, it is important to understand what the implications of its end of life are and what you need to do as a business to ensure that you don’t suffer as a result.

When Does Support End?

Windows 7’s end of life will begin midway through January 2020, January 14th to be exact. Until we reach this date, the operating system will be in what Microsoft calls ‘extended support’. At a certain point, it no longer makes sense to continue to pour the necessary resources into an operating system to keep it properly maintained. As well as the financial and resource cost, it also requires an ongoing time investment to maintain an OS, time that can be better spent maintaining the newer iterations of the OS.

Microsoft has already ended the main phase of Windows 7, which officially drew to a close on January 13^th, 2015. Since this date, no new features have been added, nor has Microsoft been accepting warranty claims. But until now, Windows 7 has continued to receive updates and support.

What Happens Next?

Starting January 14^th, 2020, Microsoft will no longer be releasing any new security updates or patches for its OS. Should you run into any issues after this date, you will likely find that Microsoft is unable or unwilling to provide you with technical support. The operating system will continue to work after this date, but it is safer for businesses to upgrade to a newer version of Windows, one that is being actively supported.

Businesses need to consider the fact that no new patches or updates mean that using an outdated operating system can represent a serious security vulnerability. If any exploits for Windows 7 are discovered after it reaches its end of life, these won’t be patched or fixed. That means that once those exploits are in the wild, every system still running the old OS will now be at risk of being attacked.

If lots of businesses keep using Windows 7 beyond its end of life then it will present a tempting target for attackers. Just because you can continue to use Windows 7, that doesn’t mean that you should. It definitely isn’t a risk that any business should be taking without a very good reason.

Why You Should Upgrade

Upgrading your operating system to the latest version of Windows – Windows 10 – will offer a number of benefits. First and foremost, you will be able to take advantage of regular security updates to ensure that your business remains secure from outside attacks. You will also find the upgrade simple to do because you are moving from one version of Windows to another version of Windows.

Upgrading to the latest version of Windows will keep you protected from cyber-attacks while also ensuring that your systems are ready and able to handle all the latest software. Once Microsoft announces the end of life for an operating system, this is usually the signal for developers to wind down their projects and instead focus on ensuring they are compatible with the new version of Windows.

Contact us today to discuss your IT systems and how we can help your business to upgrade so that all your machines are running the latest version of Windows. All it takes is one system within your business to be using an outdated operating system that lacks the latest security updates and your entire network can become compromised. Texaport can take all the stress and difficulty out of updating your operating system and make the whole process as slow as possible.

In just a few months, Windows 7 will no longer be officially supported by Microsoft. From this date forward, any device using Windows 7 should be considered vulnerable. Researchers will continue to poke and prod and discover new security vulnerabilities. These will be disclosed to the community as normal, but with the knowledge that Microsoft is going to do nothing to address them.

Don’t put your business systems are risk needlessly, upgrade to the latest version of Windows as soon as you can and you will be able to continue to enjoy official support and regular security updates from Microsoft, as well as the ability to run the latest software and hardware.

Health Check Your IT

While Texaport offer initial audits of potential clients and regular audits for existing clients, there are numerous options for individuals and businesses to gauge their defences independently. We have combined some of the least intrusive tools which provide valuable information to enhance the understanding and awareness of businesses and individuals alike.

Updates

These should be enabled by default in most modern operating systems and applications, windows users can run system updates from the control panel or system settings panel within the start menu, while Mac users can check the App Store for the latest updates.

As well as up-to-date Operating Systems, browsers and plugins can introduce vulnerabilities due to compromised or ageing software.

Qualys BrowserCheck can analyse your browser and plugins and alert you of outdated or compromised versions.

Securing Internet Connection

Your internet should be filtered through a secure router or a dedicated security appliance as well as the built in software on most computers, tablets and mobiles. To ensure your firewall is secure and all relevant ports have been secured GRC ShieldsUp can probe and analyse your connection.

Passwords

We write regularly about the vulnerabilities that passwords can introduce to organisations and individual IT estates.

A key point of this is the re-use of passwords across multiple services as one compromised password could open all of your services to a potential attacker.

We use Have I Been Pwned? To highlight this risk to our clients and it can assist in ensuring your potentially compromised passwords are changed as well.

If you want to check the strength and complexity of your passwords, How Secure Is My Password is a great solution.

Security Software

Most businesses and individuals are aware of the importance of security software in the form of anti-virus and anti-malware solutions. To ensure yours is performing appropriately the Anti-Malware Testing Standards Organisation has created a safe test for these programs. Please note that the Mac versions of anti-virus and anti-malware may appear to fail and will not prevent downloads, but they will prevent them from “self running” or being opened.

User Awareness

It’s important that user awareness and training is employed as well as technical protective measures. As such BT’s Security Savvy Test and OpenDNS’ Phishing Quiz help to highlight any potential misunderstandings or opportunities to improve understanding.

For companies seeking a more comprehensive test of their security, as well as a detailed audit of the assets and network, Texaport’s initial audit provides potential clients with actionable intelligence about their IT estate. For more information email cybersecurity@texaport.co.uk

Passwords

According to a 2017 survey carried out by consumer password management company LastPass, the average business employee keeps track of and has access to 191 passwords. 61% of those employees use one password or iterations of that one password everywhere, putting convenience over known security vulnerabilities. It’s not surprising that 81% of data breaches are the result of a compromised login. So how does a company keep credentials, users, logins and business data secure? By using a Password Manager.

The Danger

1. As noted in

previous blog posts

passwords can be breached by a determined criminal.

When using one password across several services the impact of one password being stolen or compromised by a criminal increases exponentially.

With commonly used passwords throughout the organisation, it’s impractical to change these every time an individual leaves the business to prevent fraud or theft.

With GDPR fines exceeding €20million, any personal data controlled or processed by the company that is breached could prove disastrous.

Better password management.

It’s clearly unfeasible to expect users to create and remember 191 unique passwords in their business lives, coupled with the passwords used in their personal lives this becomes a much bigger number. The management of these is complicated by the expectation that some service logins need to be shared amongst a group of users within the organisation. So how is this kept track of? Who has access to which passwords? Where is a record kept? What happens when a password needs to be changed?

Password Managers

Password Managers help to answer these questions, allowing users to store passwords in a secure method in a safe space and share access to communal resources. There are several solutions available through a quick online search but recognising the best solution for your business is more complicated. This is combined with identifying and building an appropriate management structure with the password manager, ensuring access is available to the applicable team members have access to the required passwords.

Building the structure for password management is the first big hurdle to be faced, how do you break down access levels and individual access? How does the team share passwords when required? Who is responsible for ensuring information accuracy and maintaining audit logs for changes? How do you lock down access for departing employees?

Businesses can lose a lot of productivity time answering such questions in order to implement an appropriate solution, but Texaport can help.

Texaport Password Management

Texaport’s web-based Password Management platform is centrally managed by Texaport with access managed, monitored, updated and enforced by our technicians. Security is of the highest priority, and engineers do not have visibility of passwords within our clients’ system, while being able to assist in the reset and access privileges of individuals and teams.

Each user has access to their own vault for storage and management of individual passwords, encouraging secure password practices in their personal lives as well as granular access to the company vault, which is managed by custom security groups.

Password Managers – A Summary

Password security and management is the biggest vulnerability present in all businesses, but it needn’t be such a weak point in defences. The right password manager can prevent unauthorised access to sensitive resources while improving the complexity and variety of passwords within the business. Ensure your company is doing all it can to prevent compromise through poor credential security and management and you can avoid becoming a painful statistic.

Anatomy of a Cyber Attack

Between November 27th, 2013 and December 15th, 2013, over 40 million credit and debit card details were compromised and around 70 million confidential customer records were copied from Target (a massive US retailer) servers. So how did this happen and how could it have been prevented? What lessons can be learned to prevent smaller businesses who may be less equipped from falling victim to this type of attack?

A detailed SANS report is available online with appropriate references and justifications for further reading.

Target was deliberately attacked by cyber criminals who had been exploring potential vulnerabilities. Search engines provided valuable information and resources for the criminals including:

• Target’s vendor portal
• Target’s vendors
• Target’s case study on Microsoft’s website

While Target’s IT team would have implemented security controls for the organisation, these would not prove to be sufficient against dedicated individuals seeking to exploit a vulnerable supply chain with unfettered access to Target systems.

Microsoft had published a detailed Case Study concerning Target’s use of technology throughout the organisation, highlighting the communication between sites and central management of services and devices.

The cybercriminals researched the vendors relied upon by Target who would have access to Target’s vendor portal. The vendor identified and exploited by the criminals in this instance was an HVAC supplier “Fazio Mechanical”. An email was containing malicious software was sent prior to the breach which stole credentials used to access Target’s online vendor portal.

Fazio Mechanical’s credentials were exploited and, once past Target’s “Boundary” security protocols, the criminals moved laterally through the network using common network tools to perform reconnaissance.

From here, custom malware was deployed to point of sales systems which remained undetected until after the campaign. This software proceeded to gather credit card information, saving it to small data files shared throughout the network. Once enough of this data was gathered the criminals retrieved it using the default username and password for the performance monitoring and analysing software managing Target’s servers.

This resulted in massive repercussions for Target, it’s customers, employees, and banks. As well as the CEO and CIO losing their jobs, directors were threatened with removal and Banks refunded more than $200million for cards and refunds. Profits dropped 46% in the fourth quarter of 2013 during the historically lucrative holiday season.

Both Target and Fazio Mechanical had passed PCI compliance audits and checks, being certified against these regulations prior to the attack and while individual measures could have protected against a brute force attack, this directed attack would have required a more comprehensive approach.

Preventing an attack like this.

• • 1.

  Mail Filtering

Fazio Mechanical could have been protected from the malicious email through mail filtering which would have prevented the rogue sender from having their email received.

• 2. User Awareness

• • User awareness training for Fazio Mechanical would have ensured knowledge of

  phishing attacks

  and the dangers of credential exposure resulting in a reduced likelihood of divulging these.

• 3. Anti-Malware

An effective anti-malware agent may have detected and removed the software which compromised their credentials for Target’s vendor portal.

• 4. Multi-Factor Authentication

Target’s vendor portal could have been enabled for multi-factor authentication, adding an extra layer of verification for vendors accessing Target’s portal.

• 5. Whitelisted Applications

A secure whitelist of approved applications would have potentially prevented the installation of unknown software agents, protecting the POS endpoints.

• 6. Point to Point Encryption

Encrypting data between the pin pad and the decryption environment would have prevented Credit and Debit card data being scraped when stored in POS memory during transactions.

• 7. Privilege Management

Ensuring that administrative accounts are securely locked down and not used for anything other than administrative purposes. Access, passwords and users should be monitored and logged. This could have prevented remote use and access for general purposes.

Protecting any company from a targeted criminal attack requires a multi-layered Holistic approach to security. As highlighted in the Target scenario, the supply chain must be evaluated when considering IT and data security as anyone with access could be compromised.

The UK Government and National Cyber Security Centre have produced guideline measures in the form of Cyber Essentials which companies can self-evaluate themselves against, certify with a Certification Body to prove their commitment or align themselves with a supporting IT company to help them through the process towards embedding security more deeply into the organisation.

In-House or Out-Sourced IT Support

An important consideration for all companies as they grow or develop their business and workforce is that of IT support. As systems, users, and business needs change and develop, the relationship with IT deepens. For many small companies, the first option is to hire an IT Support engineer with the hope of growing the team as the business expands. For small and growing companies this often proves to be the costliest and least beneficial choice. To help provide a measure of clarity for businesses in this position and highlight the benefits of each option we have created this breakdown of In-House vs Out-Sourced IT Support.

The advantages of an in-house IT support function:

• 1. Institutional Knowledge

In-House IT teams have a deeper level of knowledge and awareness of existing quirks and processes. Common issues can be addressed quickly.

• 2. Presence

Maintaining an in-house IT function puts a face on the IT support and users will be aware of who they need to go to when something goes wrong.

• 3. Trust

In-House IT teams generally hold a high level of trust throughout the organisation, as they are members of the overall business. As such, they are privy to a higher level of trust from the users.

The advantages of outsourcing the IT support function:

• 1. Cost Reduction

From the cost of the employees to additional training, equipment, licensing, and HR costs, outsourcing to a team of IT professionals will be considerably cheaper than hiring the team and managing them in-house.

Outsourcing IT will allow the business to redistribute the existing IT budget in other areas of the business requiring additional financial support or can be used for greater IT investment to keep ahead of the competition.

• 2. Experience and Wisdom

Qualified engineers can demonstrate aptitude, knowledge, and skill, however wisdom and awareness are gained from experience to which limited in-house teams will not be exposed at the same rate as an outsourced team. Institutional knowledge and awareness can result in acceptance of issues which have not been resolved fully, as well as lack of awareness of larger trends.

Outsourcing your IT support function to a team gives access to a wider range of experience that can be relied upon by your business to resolve every issue.

• 3. Focus

The root cause of business growth is excellence and success in their field. As businesses grow, this focus is diluted as the additional concerns, hires, functions, and tasks to be completed increases.

Outsourcing the IT function and reducing IT consideration allows the business to focus more resource back on their successful “core” business operations and teams.

• 4. Reduced Risk

Consolidating your business’ reliance on the experience and wisdom of internal IT resource introduces a great deal of risk. With larger, more complex, projects or implementations the individuals may not be experienced or well-versed in the processes required to achieve success.

Outsourced teams deal with a variety of clients, allowing them to build the experience and document successful processes for future deployment.

• 5. Project Work

As companies grow their processes and procedures develop, and in the modern age the reliance on technology and tools to achieve growth is only increasing. Moving to a Customer Relationship Manager database or implementing a new Line of Business tool can absorb the entirety of an in-house IT function’s time and resources, reducing the availability of support to the rest of the team.

An outsourced IT support function would be able to delegate project teams to manage this for the business while maintaining the same levels of support.

• 6. Issue tracking

Businesses face issues big and small every day with their IT, most aren’t perceived by users on a surface level.

An outsourced IT support function will have invested in appropriate tools which will track and maintain records of issues faced by the business. This will enable them to proactively resolve issues by addressing any root cause as well as identifying trends and reporting on these to prevent relapse.

The appropriate solution for most businesses may not be as cut and dry, and they will need to work with internal and external resources to create and maintain their optimal environment. Whilst most Out-Sourced providers will prove combative with internal resources, demanding an “all or nothing” approach to support and management, utilising on-site resources can reduce the engineering resource required to support the client. The appropriate solution will vary from business to business.

Texaport work with clients as their trusted partners; regular service review meetings allow for future planning and developments as well as potential issues to be proactively addressed. Working with clients in the capacity of support engineer, project planner, IT Manager and CIO, Texaport ensures that clients are fully catered for, supported and empowered. Texaport will always meet with prospective partners to identify the needs and pains of the business to ensure both parties are aligned in understanding, goals, and expectations.