Search Results

< News Migrating from MOVEit 8 July 2024 The rapid escalation of cybercrime is causing many organisations across the Asia-Pacific region to upgrade to more advanced file transfer solutions. That includes replacing Managed File Transfer (MFT) systems such as MOVEit with the class-leading GoAnywhere MFT suite. As our region’s local experts in MFT, at Generic Systems Australia we’re adept at helping customers simply, quickly and affordably migrate from their existing data transfer approaches. Many Options - but only one of them “Best” There are plenty of options when it comes to selecting a file transfer solution… from free, unsecure methods to the fully-featured market leader. However, as cybercrime continues to surge, many companies are concluding that the benefits of upgrading to the class-leading MFT more than justify the relatively minor investment required. They understand that maintaining a ‘circle of trust’ with their customers and supply chains is paramount to their business’s ongoing profitability. So, why is GoAnywhere MFT consistently declared by independent studies to be the leading MFT …? Superior Security “Robust Security” is most often the top of mind consideration for companies seeking the optimal MFT solution. GoAnywhere MFT takes all aspects of data security seriously, protecting your sensitive data both “in motion” and “at rest”. Maintaining GoAnywhere’s security is a primary focus for its software development team. They consistently stay across the latest security standards and threat monitoring to ensure up-to-date compliance with regulations, frameworks, and standards. Easy Centralised Control MOVEit requires you to install two products (MOVEit Automation and MOVEit Transfer) to enable full MFT functionality. Most companies find GoAnywhere’s centralised, browser-based dashboard - an intuitive “one stop shop” - a more efficient means of managing their data flows. The Need for Speed Included in GoAnywhere is GoFast, a file transfer acceleration protocol which can transmit data considerably faster than traditional FTP. The patented technology in GoFast takes the best of UDP’s speed and adds reliability and rate control. Drag & Drop Workflows Scripting (as required by MOVEit for some tasks) is clunky, time consuming and confusing for non-expert users. Through its breadth of Automated Workflows capabilities, GoAnywhere enables end users to quickly and easily build workflows. Manual and automated tasks can even be combined into one master workflow. Further, GoAnywhere provides easy reporting on partner Service Level Agreements, alerting you to any workflow issues before your trading partners do. Advanced Auditability GoAnywhere not only moves and shares data securely, it also provides full auditability of transfers. Logging full audit trails of all user events and file activity, it can also generate reports of file transfer activity, user statistics, and completed jobs – all from within its central management console. Modular, Multi-Platform Flexibility Organisations managing multiple operating systems appreciate how GoAnywhere flexibly supports any protocol, any platform, and any deployment, including Microsoft Azure, AWS, Linux, and more. Further, GoAnywhere’s capabilities can be significantly extended through the availability of a broad array of licensable modules , satisfying a wide variety of specialised file transfer needs. And More… Beyond the advantages above, former MOVEit users are often delighted to discover GoAnywhere’s advanced capabilities in: High availability and clustering, providing true active-active support and load balancing to distribute workloads across multiple systems; Remote agents - lightweight applications managed through the GoAnywhere interface which enable configuring and scheduling of file transfers throughout an enterprise; and Secure Forms - customised forms or files that which contain data other tasks can automatically process. If you’d like to discuss how your organisation can migrate to the leading MFT solution, please feel welcome to contact me, Bradley Copson ( mailto:bradley@gensys.com.au ) . I’m always happy to have an obligation-free discussion, explain how simple the transition can be, and offer you a zero-cost Proof of Concept. At Generic Systems Australia , we’re your local experts in secure Managed File Transfer. Previous Next

< News Use APIs to accelerate your MFT’s ROI 26 Nov 2024 Leveraging APIs alongside your Managed File Transfer (MFT) solution is a great way to boost the return on investment from your MFT, and scale its deployment more broadly across your organisation. Here’s how to use APIs to add further automation, integration, scalability, and customisation to your MFT. APIs…? APIs (Application Programming Interfaces) help software applications communicate with another. Enabling APIs with a robust MFT solution is a simple way to add new functionality to your data transfer software, and accelerate the productivity and efficiency gains it offers. APIs will help you integrate your organisation’s data transfers with the many applications your organisation already use daily - CRM platforms, business intelligence tools, ERP systems and more. In doing so, you can synchronise data across your organisation and provide your team with more secure collaboration. Flexible MFT solutions that support APIs also enable you to further customise and automate your file transfers for your unique business and operational needs. Enhanced Security Of particular value is the way APIs can boost an organisation’s cyber defences by integrating their MFT solution with other data-centric security systems. For example, Generic Systems Australia’s Advanced Threat Protection Bundle layers an organisation’s protective measures with the security features of Fortra’s GoAnywhere MFT to further secure sensitive data. The added flexibility to evolve and scale as your needs change can be a game changer for IT teams seeking to maximise user experience and organisational ROI. Better Workflows Automated file transfer workflows can be “supercharged” using APIs. Here are seven specific API features and techniques organisations can leverage to maximise the value they derive from their managed file transfer solution. In each of these examples, we’ll feature API integration with GoAnywhere, the independently-assessed class-leading MFT. GoAnywhere not only provides APIs, it can also consume third-party APIs, and act as middleman, or API gateway, between other applications. 1. RESTful API An interface used by two computer systems to securely exchange information over the internet, REST (Representational State Transfer) can be used to manage users, groups, triggers, projects, and schedules. This simplifies new user onboarding and migrating systems and environments. For example, you can use the REST API to create a new web user programmatically and eliminate the manual tasks often needed for on-boarding new trading partners. You can also start/stop file transfer jobs and query the status of active jobs. 2. REST Enable a Secure Form Within the GoAnywhere dashboard you can select REST Enable Secure Forms to trigger more complex API calls on the backend of Advanced Workflows . Then, using standard REST calls you can invoke the secure form and its underlying project. Rest Enabled Secure Forms can also act as a REST API gateway to computing resources normally not available to public internet users. The GoAnywhere server can be deployed on the secure network and the solution’s Secure Gateway can act as the link to the public internet in the DMZ. An administrator can enable curated access to internal REST APIs that would normally be available only via VPN or by a dedicated network connection. Comprehensive audit logs and fine-grained user access controls can turn GoAnywhere MFT into a complete API gateway. The Method createPayload (GET https://localhost:6443/rest/forms/v1/ticket/payload ) will insert the payload. The Method uploadAttachments (POST https://localhost:6443/rest/forms/v1/ticket/payload/ :payloadId /file ) will upload one attachment at a time. The Method submitPayload (POST https://localhost:6443/rest/forms/v1/ticket/payload/ :payloadId /submit ) will submit the payload. The Method downloadAttachment (GET https://localhost:6443/rest/forms/v1/ticket/payload/ :payloadId /file/ :fileId ) will download one attachment at a time. 3. GoAnywhere HTTPS You can use GoAnywhere HTTPS project tasks to automate file transfers, create Secure Mail Packages, or programmatically place files in Secure Folders for uploading or downloading For example, if you need to send a large, automatically generated report to a user, you can enable the GoAnywhere HTTPS Send Package task in GoAnywhere. Simply create a project to automatically pick a file (or files) and send a package as a link via Secure Mail. You can protect that package with a password, track the number of downloads, or prevent further downloads after 24 hours. Another GoAnywhere HTTPS task is the ability to set up programmable uploads to GoDrive, a solution which provides Enterprise File Sync and Sharing (EFSS) services for employees and partners. 4. Quick Uploads Enabling Quick Uploads in HTTP Service enables you to turn GoAnywhere into a REST endpoint for file exchange. Quick Uploads (which requires a POST Method with Authentication) allows the solution to upload files to GoAnywhere via REST, effectively turning your GoAnywhere Secure Folders feature into a REST-enabled file exchange gateway. REST-enabled file exchange is very useful for other applications to have a place to store and exchange files. The end users don’t really know what is happening under the hood, but it allows application developers to provide lots of flexibility and build easy-to-use applications. 5. Project Run Mode You can start a project in the background in the dashboard's triggers, schedules, and within the project designer’s Call Project task. For example, if you need to start a long-running job, you simply start a job in Batch mode, which will run in the background, and the system will be automatically notified when it is finished. Need to copy a huge file set? Then run a Job that spawns multiple Batch Jobs. For example, every sub folder in your file set could be sent as separately spawned batch jobs. Running multiple jobs in the background in parallel will help optimise your computing resources, increase your throughput, and spread the workload to other nodes in your GoAnywhere cluster. In addition to setting the run mode, you can also set the priority and the job queue. For example, some long-running CPU intensive jobs, such as archiving or backup, can be set to run on a lower priority status or on a lower priority queue so that your core MFT operations remain more responsive. 6. Consume Third-Party APIs Consuming APIs is the process by which an application developer accesses the various APIs that are exposed by the API provider and then uses those APIs to develop one’s own software applications and products. Within GoAnywhere you can use HTTP/HTTP Post and GET Project tasks or Webservices REST tasks to call third-party APIs. For example, once a file is uploaded, you can create a trigger that will automatically import the file into third-party applications, such as a CRM or trouble ticketing system. Additionally, GoAnywhere offers Cloud Connectors to the most popular applications in the industry. (If you cannot find a cloud connector for the application you need, use the Project Webservices or HTTP/HTTPS POST Project tasks to connect via REST to the application of your choice.) 7. Promote Features Continuous Integration and Delivery CI/CD functions are important in every large IT Project. GoAnywhere delivers the ability to promote every user, project, schedule, trigger, secure form etc, from development to staging to production. You can use “Promote” REST API calls to automatically migrate your configurations from development to staging to production. Working on a live production system presents additional challenges. Even the most diligent administrators can make mistakes and accidentally delete or rename configurations which take an entire system offline. Using GoAnywhere’s Promote features, either via GUI or as an API call, is required to maintain maximum system stability and reliability. If you do not have a test system yet, consider deploying one to minimise the risk of human error. API Options to Boost Automation GoAnywhere offers many powerful API options that can seamlessly automate basic file transfer tasks for IT teams and users. You can mix and match the seven techniques above to create a next-generation automation framework that goes far beyond standard MFT functionality. Need Help? It’s Here - Locally! If you’d like help using APIs to boost your MFT’s ROI and your team’s productivity, please feel welcome to get in touch with me . I’m always happy to have an obligation-free discussion. At Generic Systems Australia , we’re your local experts in Secure Managed File Transfer. Previous Next

< News New Cyber Laws Passed – What Australian Businesses Need to Know and Do 27 Nov 2024 Earlier this week, the Australian Parliament passed a suite of legislative reforms designed to enhance Australia’s cyber security. The reforms include a raft of new requirements and obligations on Australian businesses. About the Legislation Based on recommendations by the Parliamentary Joint Committee on Intelligence and Security, the new legislation addresses a number of proposals initially set out in Australia’s 2023 – 2030 Cyber Security Strategy, and spans three separate Acts: 1. the Cyber Security Act 2024 (Cyber Security Act); 2. the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 ; and 3. the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Act 2024 (SOCI Amendment Act). Mandatory reporting of ransom payments, and the introduction of a new voluntary information sharing regime, will have the most immediate impact on organisations. Mandatory Reporting of Ransomware Payments Ransomware attacks are rife across Australia. The Australian Signals Directorate (ASD) reported that this form of cyber extortion accounted for 11% of all cyber incidents to it in 2023-2024, up from 8% in the previous year. The Government had previously pursued a ban on ransom payments. However, its position has since moderated somewhat. The Cyber Security Act only requires organisations to report ransomware payments to the Department of Home Affairs and the ASD. This new reporting obligation will commence at latest six months after the Act receives royal assent (potentially earlier by proclamation) and applies broadly to: · organisations which are a responsible entity for a critical infrastructure asset; and · other private sector organisations which conduct business in Australia with an annual turnover exceeding a threshold (to be specified - likely to be A$3M). Ransomware reports are required to be made within 72 hours of making a payment (not the receipt of a demand or the discovery of a ransomware attack). Difficult Decisions The requirement to report payments will need to be taken into account by Boards when considering whether to pay a ransom. The Government’s general view on ransoms continues to be that organisations should not pay them. It reasons that payments don’t guarantee the recovery or confidentiality of stolen data, but do encourage cyber attacks to proliferate. Organisations in receipt of ransom demands are left to ponder several competing considerations… · Paying a ransom could potentially contravene sanctions (such as the one imposed on Aleksandr Ermakov, the individual responsible for the 2022 Medibank data breach) or anti-money laundering laws. · Company Directors fulfilling the duty of care to act in the best interests of their organisation will need to balance the risks of payment - commercial damage, incentive to re-target, uncertainty of data recovery – against the risks of not paying - loss of systems data, reputational damage, third party claims, lost customers and business disruption. If a ransom payment is made, then the new mandatory reporting obligation will be in addition to other applicable reporting requirements an organisation is subject to. These could include the Privacy Act 1988 , the SOCI Act , and continuous disclosure obligations under the ASX Listing Rules and CPS 234. In fact, it’s important that Cyber Incident Response plans developed by organisations specifically address these overlapping requirements, taking into account the various regulators and timeframes of each. Be aware that, for any entities regulated under the SOCI Act , it’s also conceivable that the Government could use its directions power to direct an entity to pay - or not pay - a ransom. An organisation which fails to comply with mandatory ransom reporting will incur a civil penalty of 60 penalty units (currently A$93,900). Voluntary reporting regime A new National Cyber Security Coordinator (NCSC) is being established under the Cyber Security Act to lead a whole-of-government response to significant cyber security incidents. The Act provides a framework for the voluntary disclosure of information by any organisation operating in Australia, or any responsible entity under the SOCI Act , to the NCSC relating to cyber security incidents. However, it imposes various limitations on how the NCSC may further use and disclose information voluntarily provided by entities, depending on the significance of the incident. Non-significant cyber security incidents: Information can be used for limited purposes such as directing the reporting entity to assistance services, coordinating a government response, and informing Ministers. Significant cyber security incidents: Information can be used for broader ‘Permitted Cyber Security Purposes’. These include preventing or mitigating risks to critical infrastructure or national security, and supporting intelligence or enforcement agencies. A cyber security incident is deemed “significant” if: there is a material risk that the incident has seriously prejudiced, is seriously prejudicing or could reasonably be expected to prejudice the social or economic stability of Australia or its people, the defence of Australia or national security; or the incident is, or could reasonably be expected to be, of serious concern to the Australian people. Information voluntarily provided by organisations to the NCSC is subject to limited use protections similar to those which apply to information disclosed as part of a ransomware payment report. The new voluntary reporting regime and corresponding limited use protection has come into immediate effect. Limited use protection The Cyber Security Act outlines how businesses should work with the NCSC and other government agencies to obtain assistance and guidance when responding to cyber incidents. It also provides businesses with certain limited use protections when collaborating with the government’s cyber security agencies - a legislative foundation for the CISA Traffic Light Protocol government agencies have recently offered when assisting organisations. Such protections were requested by business lobby groups. They provided feedback during the public consultation period that disclosing information about a data breach could risk exposing an organisation to further regulatory or enforcement action, adverse publicity and litigation. Further, if disclosing a cyber incident was determined to be against an organisation’s best interests, its directors could potentially be in breach of their duties in approving the disclosure. That could in turn expose directors to enforcement action from ASIC. Counterweighing these concerns, the Government believes that sharing information on current threats and incidents can help other organisations avoid similar incidents. In balancing these competing interests, the Cyber Security Act limits the purposes for which information contained in a ransomware payment report or voluntarily report provided to the NCSC can be used or disclosed. The NCSC (and any Government agency it coordinates with) cannot record, use or disclose the information provided for the purposes of investigating or enforcing or assisting in the investigation or enforcement of any contravention of a Commonwealth, State or Territory law. An important exemption from the limited use protections are that crimes and breaches of the limited use protections created by the Act. In this way, the protections stop short of being a full “safe harbour”. Information provided under these protections isn’t admissible in evidence against the disclosing entity, including criminal, civil penalty and civil proceedings (including a breach of the common law). And the provision of information to the NSCS does not affect any claim of legal professional privilege over the information contained in that information. These limited use protections will be of value to organisations disclosing information to the Government about cyber incidents. However, directors should bear in mind the notable gaps in the protection they provide. For example: Information provided can’t be used or disclosed for the purposes of investigating or enforcing any contravention by the reporting entity of another law (whether federal, state or territory), other than a law that imposes a penalty or sanction for a criminal offence. This means that if the ransomware report indicates that a payment was made in breach of relevant sanctions laws, then the limited use protection will not prevent the use of the report in a subsequent investigation or enforcement action. While information provided to the NCSC cannot be obtained from the NSCS by regulators or government agencies, the protection offered under this Act does not prevent regulators from obtaining the underlying information through other means, including via regulatory investigatory powers or where provided under other mandatory reporting regimes, such as those in the Privacy Act 1988 , the SOCI Act, the Telecommunications Act 1997 and the ASX Listing Rules continuous disclosure obligations. So, cyber incident notifications provided to the ACSC under the SOCI Act are not captured by the limited use protection, even if that information is also voluntarily provided to the NCSC or detailed in a mandatory ransomware report. A similar limited use protection has been introduced via the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 for cyber incident information voluntarily shared with the ASD. Other Inclusions in the Legislation This article has focused on developments within the new Cyber Security legislative reforms which will most impact companies and organisations. However, in the interests of completeness, here is a brief overview of other key developments covered in the legislation: Mandated Security Standards for Internet of Things (IOT) Devices. These standards will be detailed in legislative rules, with suppliers required to provide a statement of compliance for devices supplied to the Australian market. New Cyber Incident Review Board. This independent advisory body will be empowered to conduct no-fault, post-incident reviews of significant cyber security incidents and provide recommendations and information to both the private and public sector. It will have the power to compel entities to provide information about significant cyber security incidents. Critical Infrastructure definition expanded. Data storage systems which hold business critical data have been added to the definition of critical infrastructure assets. This closes a gap in the regulations which became apparent in the aftermath of the Optus and Medibank data breaches. Expanded Incident Response Powers. The Government will now have the power to direct an entity to take, or not take a specific action, in the event of a cyber incident affecting critical infrastructure. Security and incident notification obligations moved from the Telecommunications Act 1997 to the SOCI Act , consolidating the cyber obligations of telecommunication carriers and carriage service providers under a single piece of legislation. What Organisations Should Do Cyber security response plans should now be reassessed and upgraded to ensure they align to the new mandatory ransomware reporting requirements. Playbooks and procedures should take account of how an organisation plans to engage with cyber security authorities, bearing in mind the extent - and limitations - of the defined limited use protections. Focus on preventing cyber incidents - not just responding to them . A Managed File Transfer (MFT) solution such as GoAnywhere MFT can encrypt data at rest and in transit, complying with the highest data security standards. It manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols and encryption to protect your data. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection facilitates safe collaboration with external parties, helping to prevent malware from entering an organisation, and reducing the risk of employees losing or mishandling sensitive data. Finally, organisations should seek professional legal counsel in determining and responding to their obligations and responsibilities under the new Cyber Security legislative reforms. The information provided in this article has been general in nature, and the interpretations and advice outlined above should not be interpreted as professional legal advice. Previous Next

< News Balancing Cyber Security with Frictionless Customer Experience 17 June 2025 Cyber thieves are stealing more from businesses than “just” data and money. They’re stealing customer trust. Research shows that customers are increasingly worried about how well companies are protecting their data. And those worries are hurting companies’ bottom lines. Fears Realised Nearly 2 in 5 customers have been the victim of two or more data breaches, according to S&P Global Market Intelligence. A third of the victims of identity theft have experienced it within the past three years. Stuart Vaeth, SVP of strategic business development at Trua, said cyber theft incidents weaken customer trust and brand reputation. “The result can be lost business. It absolutely impacts the reputation of the service provider,” he said. “Obviously, it erodes trust. People may not come back to your site if your data has been breached.” Research by S&P Global Market Intelligence shows that more than three-quarters of customers are concerned about the risk of trying digital experiences or products that require sharing personal data online. This is a serious challenge for businesses who recognise that customer data is essential to providing personalised purchasing experiences. Cyber Security Integral to Customer Experience The safety of customer data is as much a customer experience issue as it is a cyber security one. Sheryl Kingstone, research director of customer experience and commerce at S&P Global Market Intelligence, said that a mistake many businesses make is to look at their customer data “in a silo”. “When we do take a look at things like what CISOs want or what privacy experts want versus what marketing and customer experience teams want, it becomes very complicated, because we need to mind the gaps,” Kingstone said. “There are trade-offs between compliance and the customer experience.” “Security compliance teams look at ensuring risk and compliance. CX leaders want to reduce customer friction points,” she said. Businesses need to balance customer experience with risk and compliance. Vaeth said that, while CX leaders generally aim for zero friction to prevent drop off, some friction can be beneficial. Collecting customer data directly or asking customers for verification can provide reassurance and need not impact drop off rates. Earning Customer Trust One way to earn customer trust and assure customers you take data protection seriously is to show them your credentials. For example, you can display them on your website and in marketing materials. Another way to demonstrate your “cybertrustworthiness” is to let your customers know when you’re investing in new technologies, improving processes and gaining certifications. It demonstrates you’re on a path of continual improvement that can differentiate you from your competitors. Protecting Customer Data Stepping up to the needs of customer data guardianship requires both technology solutions and sound business practices. Layered defences, with integrated solutions that address encryption, threat protection, and data loss prevention, enable safe collaboration without risking malware, mishandled data, breaches and non-compliance. Given most breaches involve a human element, technology solutions need to be automated and easy for employees to use. Software needs to be able to manage: How access to data is granted; How access is authenticated; How access is tracked and controlled; and How access can be speedily revoked, when needed. Layered Protection A standalone managed file transfer (MFT) solution – such as GoAnywhere MFT - is a great first layer of defence. It provides security for files at rest and in-transit. However, integrating Threat Protection as an additional layer enables you to take appropriate action when there’s customer data moving in and out of your organisation. Based on rules you predefine, Generic Systems Australia’s Advanced Threat Protection Bundle can mask, remove, or permit customer data to be moved within your organisation and beyond, via a Secure ICAP Gateway. On Hand to Help At Generic Systems Australia we’re the Asia-Pacific region’s experts in deploying Managed File Transfer and Advanced Threat Protection. We’ve assisted dozens of organisations to protect their customer data and secure their file transfers, while keeping their businesses running smoothly. If you’d like to discuss how we can help you, please feel welcome to contact me . I’m always happy to have an obligation-free chat and explain how simply we can help you maintain your customers’ trust. Attribution: This article includes quotes from an interview originally published on cybersecuritydive.com . Previous Next

< News Data Breach Costs Escalate in 2024 14 Aug 2024 $4.26M! That’s the average cost of a data breach in Australia in 2024, according to new research released by IBM. The figure – a record high – represents a whopping 27% increase since 2020. However, while the average cost of a data breach continues to escalate, the types of cyber breaches experienced by Australian organisations continue to be the usual suspects. Under Attack IBM’s research found that Phishing continues to be the most common type of attack vector , with 22% of breaches starting this way. Stolen or compromised credentials were the second most common, accounting for 17% of breaches. Malicious insiders were responsible for the most costly attacks, at 8% of incidents. It took Australian companies on average 266 days to identify/contain cyber incidents. This lengthy period contributed to high detection and escalation costs , which remain the most expensive aspect of a breach, with post-breach response and lost business the second most costly. Almost a third of data breaches involved data stored across multiple environments : public cloud, private cloud, and on-premises systems. Breaches across multiple environments took 13% longer to identify and contain. Organisations with too few cybersecurity staff paid the heaviest price, with an average cost per breach $2.7M higher than organisations with less exposure. However, involving law enforcement saved some ransomware victims as much as $1.5M in costs. Automated Defences Help Companies which didn’t use security AI and automation experienced significantly higher breach costs ($5.21M) than those which did, and it also took them an additional 99 days to identify and contain breaches. The research found that 65% of surveyed Australian organisations leveraged these technologies. However, attackers too are exploiting new opportunities presented by AI. For example, increasingly convincing deepfakes are enabling ever more effective social engineering attacks. Avoiding Costly Cyber Breaches To protect an organisation’s valuable data, it must be protected when it’s stored and while it’s “in motion”. As the research found, automation can ensure this takes place with the entirety of an organisation’s data transfers. Managed File Transfer (MFT) solutions such as the class-leading GoAnywhere MFT encrypt data at rest and in transit, complying with the highest data security standards (including the US’s and Europe’s HIPAA, HITECH, PCI DSS, SOX, and GDPR). MFT manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols such as SFTP, FTPS, and AS2 to send files securely, and encryption standards such as Open PGP and AES to protect data in transit and at rest. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection enables safe collaboration with external parties, preventing malware from entering your organisation, and reducing opportunities for employees to lose or mishandle sensitive data. Local Expertise Ready to Help Generic Systems Australia are your local experts in Managed File Transfer and Advanced Threat Protection. We’ve assisted hundreds of organisations across the Asia-Pacific region to secure their data and keep cybercriminals at bay. If you’d like to discuss improving your cybersecurity, please feel welcome to contact me , Bradley Copson. I’m always happy to have an obligation-free discussion, explain how simply we can transition you from outdated software and approaches, and offer you a zero-cost Proof of Concept. Previous Next

< News WTH is MFT…? 31 Mar 2025 In an industry overrun by acronyms, you may be wondering “WTH is MFT?” FWIW, here’s a brief overview. “MFT” is the abbreviation of Managed File Transfer - a powerful technology which comprehensively addresses the risks and challenges of moving information both within an organisation, and externally, to suppliers, partners and customers. MFT simplifies the complexities of data transfer by providing centralised control, encryption, and auditing capabilities. Unlike traditional approaches such as FTP, MFT offers enhanced security protocols, ensuring data privacy during transmission and storage. The best MFT solutions do all this via a user-friendly interface, which is easy to use for even non-technical employees. WHY MFT? The reasons organisations initially adopt MFT solutions are many and varied. However, every organisation which employs the technology soon realises its many and varied benefits. Security MFT employs robust encryption algorithms, reducing the risk of data breaches during transit. Features like Access Control, and Multi-factor Authentication, safeguard sensitive information from unauthorised access. Efficiency MFT automates repetitive tasks. This not only reduces human error, it saves significant staff time. Through scheduling of file transfers, monitoring of progress, and automatic error-handling, it enables a significant boost to operational efficiency. Compliance In industries with strict regulatory requirements, MFT helps companies meet compliance standards (e.g. HIPAA and GDPR) by automatically maintaining detailed logs and audit trails. Scalability Through its ability to handle large file transfers and an ever-growing number of users, MFT is able to grow in sync with an organisation's needs, while maintaining superior performance. Collaboration In addition to improving business processes within an organisation, MFT facilitates seamless collaboration with external partners, suppliers, and customers, fostering strong relationships built on shared trust and reliability. W2 MFT? If all that’s TMI, then the TL;DR is: MFT provides organisations a secure and efficient way to transfer their data. And if you’d like to know more about MFT, then LMK and we can jump OTP. B4N! 😉 Previous Next

< News GoAnywhere V7.7 released – with Fortra Threat Brain protection 13 Dec 2024 Great news for our GoAnywhere MFT customers, with your software now able to leverage insights from Fortra Threat Brain to further protect your managed file transfers. Fortra Threat Brain is a comprehensive cyber security information hub, fed by telemetry from the Fortra’s expansive portfolio of products as well as insights from across the dark web, social media, and law enforcement. It brings together a team of threat intelligence analysts and partners, an expansive portfolio of AI-enabled cybersecurity products, and a vast array of intelligence sources, to provide even stronger protection for your valuable data. The up-to-date threat intelligence from Fortra Threat Brain enables GoAnywhere to reject HTTP/S service connections flagged as malicious. That includes connections to GoAnywhere’s Web Client, AS2, AS4, and any other endpoints that run on the HTTPS service. Extended file transfer protection is just one of many enhancements available in GoAnywhere Version 7.7, now released to customers for download. (And if you’d like our help with upgrading, be sure to check out our GSA Annual Upgrade & Health Check Service .) Previous Next

Advanced Threat Protection Take your secure file transfers to the next level. Seamlessly integrate your managed file transfers with advanced threat protection and adaptive data loss prevention to keep your sensitive data secure. The SFT Threat Protection bundle enables you to collaborate safely without malware entering your organisation, and without your employees losing or mishandling data. What Does Advanced Threat Protection Do? Sharing information incurs risks… There’s the risk of opening your systems to threats, such as malware or even threats hidden within file transfers. There’s the risk of exposing the wrong content, whether sent by mistake or hidden in metadata. Advanced Threat Protection enables you to inspect managed file transfer content for threats as well as leakage. Seamless integration between Fortra's GoAnywhere MFT and the Clearswift Secure ICAP Gateway features: Anti-virus and malware protection Deep content inspection Adaptive data loss prevention Media type protection 3 Ways to Enhance File Transfer Security Prevent Files with Malware from being Shared. Simply check a box in GoAnywhere to turn on easy anti-virus protection through the Secure ICAP Gateway to scan all inbound file transfers. Detect and automatically strip out active content like embedded malware, triggered executables, scripts, or macros used to extract or hold sensitive data hostage. Advanced Threat Protection sanitises — without delay in delivery — as only the malicious active content is removed, allowing the file transfer to continue unhindered. This morph-free protection guards against today's leading malware and ransomware (i.e. CryptoLocker, CryptoWall, TorrentLocker, Dridex Dyre, BlackEnergy, etc.) and tomorrow's even more sophisticated threat variants. Block Sensitive Data from Being Shared. Prevent files with Personal Identifiable Information (PII) or other sensitive data from being transferred. GoAnywhere Threat Protection can inspect file contents, then stop and block files from being shared, based on policy. Redact Sensitive Information from Files Before Transfer. Ensure sensitive data is not transmitted or received. Detect or remove geotags, document properties, email addresses, or other metadata from documents, replacing sensitive text with asterisks. Detect and remove text contained in scanned images with Optical Character Recognition. Detect and remove offending content with text redaction. Encryption Isn’t Enough Encrypting sensitive file transfers is vital for ensuring the privacy and integrity of your data and complying with data governance regulations. However, while encryption can protect your files, you can do more to ensure your messaging security, by staying aware of what is being transmitted. Adding threat protection to GoAnywhere enables you to empower some senior individuals the power to transmit PII, while excluding others. Further, even if your transmission process is secure, you may want to audit who is sending what. The Secure ICAP Gateway enhances your encryption by limiting both who can transfer data, and what that data contains. Two Leading Solutions, Seamlessly Integrated The Clearswift Secure ICAP Gateway adds significant value to GoAnywhere MFT because of its threat protection, deep content inspection engine, adaptive data redaction, and flexible policy settings, while managed file transfer makes defining file movements a breeze. Additional features you can add to your file transfer process are structural sanitisation, document sanitisation, data redaction, anti-steganography, and optical character recognition. It’s the best and most thorough security for file transfers. Other Ways Clearswift Can Help You Integrating Clearswift’s core ICAP Gateway and threat protection with SFT can resolve gaps in your process and provide additional benefits. It can audit and control data in file transfers, for example, detecting when customer, employee, or patient records in a file are uploaded to SFT, counting the records, and maintaining an audit log of what data was shared with whom. When you add Clearswift solutions to your SFT instance, you get Lexical Expression Qualifiers, which can detect records based on multi-field matches, and trigger different actions based on number of records detected (e.g., audit, refer to sender, redact, block). Clearswift can also ensure you accept only the correct file types, by enforcing "True Type" controls which ensure you don't receive binaries, executables, scripts, or other unwanted file types. Clearswift solutions defend your system based on file byte pattern rather than by name. And, it works with nested files over 50 levels deep!

< News Ad-Hoc Filesharing Services Add Risk 27 May 2025 Make no mistake - unintentional errors by employees and supply chain partners are a leading cause of data breaches. The uncontrolled use of ad-hoc file sharing services (e.g. WeTransfer, Dropbox, Google Workspace, Cerberus FTP Server, and ShareFile) significantly increases the risk of employees making mistakes and for those mistakes to go unnoticed. Here then are seven reasons why organisations should reconsider their use of ad-hoc cloud file sharing services. 1. They may not enforce automatic file encryption. A key means of preventing your data falling into the wrong hands is to ensure it’s always encrypted, both in transit, as well as when it’s being stored. A secure Managed File Transfer (MFT) solution can automatically encrypt your data. 2. Dubious key and certificate management. Beyond encryption of the file being transferred, some cloud applications leave files open to malicious intent by failing to maintain strong keys and certificates. 3. They may create compliance gaps. Not all cloud platforms meet regulatory requirements around file transfers, leaving your organisation liable for financial, legal, and reputational damages. 4. Limited data control. Unsupervised file sharing and collaboration can lead to files being sent to or accessed by unauthorised individuals. With many cloud-based solutions, once files are transferred, there’s no ongoing control over their use. A secure MFT provides ongoing safeguards with tight controls on who can access, edit, and transfer files, and for how long. 5. No workflow automation. MFT solutions such as GoAnywhere MFT simplify and automate file transfer processes, with multi-step workflows to execute repetitive, manual tasks. "Projects" can be easily created by dragging and dropping modules which define business processes to seamlessly transfer files, eliminating the need for complicated scripting or programming. For example: a Project can be created to retrieve encrypted data from a server, decrypt it, read file contents and submit them to a downstream internal application. The file can also be altered, added to, re-encrypted, and then sent to another external SFTP server. 6. Lack of centralised user management. Cloud file sharing solutions may not provide a comprehensive and easy to use dashboard for administrators to control access, authentication, and encryption of sensitive files. The more tools and applications that must be coordinated, the greater the risk of human or systems error. A robust MFT solution manages all types of file-send situations, including ad-hoc emails, large files, and batch files. 7. Threat detection and management. Protecting your organisation from viruses, malware, ransomware, Advanced Persistent Threats, and banned media types requires constant vigilance. Our Advanced Threat Protection can automatically block these threats and remove the element of human error from your risk profile. Local Expertise Available If you’d like to discuss removing the risk of ad-hoc file sharing applications from your organisation, please feel welcome to contact me . I’m always happy to have an obligation-free discussion, demonstrate the capabilities of the world’s most advanced MFT, and even offer you a zero-cost Proof of Concept. At Generic Systems Australia , we’re your local experts in secure Managed File Transfer. Previous Next

< News Stop playing Cyber Security Whack-a-Mole! 27 Aug 2024 The increasing number and sophistication of cyber incursion attempts is stretching corporate IT departments to their limits. No sooner is one attempt identified and blocked, but another pops up. Georgia in Accounts just clicked on a bogus link in a phishing email. Rowan in Marketing is about to send a spreadsheet containing sensitive customer information to a direct marketing agency. Arush from Sales doesn’t realise the bank account details he’s emailing to HR are about to be intercepted in a “man-in-the-middle” attack. The CEO’s personal assistant, Grace, doesn’t realise she’s corresponding with an AI bot designed to cleverly gather identity information about her boss. It’s relentless - a new cyber attack every six minutes! 1 High Stakes The escalating frequency of incursions means a company’s stressed-out IT team must stay vigilant. In this high-stakes game of cyber security Whack-a-Mole, the cost of failure is simply too high: the cost of cybercrime to businesses has increased by 14% year-on-year1. share markets punish companies which fail to safeguard their data2. class actions – by those whose personal data was stolen, and shareholders seeking compensation for share devaluations – ensue3. damaged customer trust stymies revenue and market share growth4. cyber insurance premiums skyrocket5. Ditch that Rubber Mallet Wouldn’t it be great if there was a way your team could opt out of the never-ending game of cyber security Whack-a-Mole…? A way to automate your organisation’s cyber defences, assigning cyber sentries to detect and block cyberthieves, whenever and wherever they pop up? Good news – there is! And it’s surprisingly affordable and effective. A proactive and layered strategy for storing, transferring and securing data is essential for keeping cyberthieves at bay. The foundation of that approach is a technology called “Managed File Transfer”. Paired with secure content engines and secure digital rights management, Managed File Transfer (MFT) is the optimal way to prevent data theft and cyber breaches. An MFT solution such as the class-leading GoAnywhere MFT keeps your organisation’s valuable data safe - at rest, and in transit. Coupled with an Advanced Threat Protection Bundle , it enables organisations to safely collaborate without exposing their systems or team to the risks of malware. This automated defence system protects your data in three important ways: 1. Prevents files containing malware from being shared. GoAnywhere with Advanced Threat Protection scans all inbound file transfers. It can also detect and automatically strip out active content like embedded malware, triggered executables, scripts, or macros used to extract or hold sensitive data hostage. This “sanitisation” of files and emails doesn’t delay delivery, even as it guards against today's leading malware and ransomware (e.g. CryptoLocker, CryptoWall, TorrentLocker, Dridex Dyre, BlackEnergy, etc.) and tomorrow's even more sophisticated threat variants. 2. Blocks sensitive data from being shared. Files with Personal Identifiable Information or other sensitive data can be prevented from being transferred. GoAnywhere with Advanced Threat Protection can inspect file contents, and then stop and block files from being shared, based on policies you define. 3. Redacts sensitive information from files before transfer. GoAnywhere with Advanced Threat Protection can ensure sensitive data is neither transmitted nor received, detecting and/or removing geotags, document properties, email addresses, and other metadata from documents, and replacing sensitive text with asterisks. Using Optical Character Recognition, it can even remove text contained in scanned images. “The only winning move is not to play” 6. In today’s interconnected business environment, ever-increasing cyber attacks are inevitable. However, foiling these attacks no longer requires your IT team to play a never-ending game of cyber security Whack-a-Mole. At Generic Systems Australia , we’ve helped hundreds of business leaders and IT teams across the Asia-Pacific region rest easy, knowing that their valuable data is protected by the automated sentries of GoAnywhere with Advanced Threat Protection. We can do the same for you. It’s surprisingly affordable, and our Migration Services mean you can keep running your business without disruption as we you transition to a more secure approach. In fact, we’re so confident in the capabilities and business case for our MFT solutions that we’re prepared to offer you a zero-cost Proof of Concept. If you’d like to take me up on this offer, or perhaps just discuss how your organisation’s file transfers can be made more efficient and secure, please feel welcome to contact me , Bradley Copson. I’m always happy to have an obligation-free discussion. At Generic Systems Australia , we’re your local experts in Secure Managed File Transfer. Sources: 1. Australian Signals Directorate Cyber Threat Report 2023 2. For example, Medibank Private’s share price plunged more than 20% in the weeks following its loss of the personal information of 9.7m Australians. 3. For example, Medibank Private is facing class actions by both shareholders and consumers alleging “breaches of the company’s duty of care to protect consumer information, manage risks and make timely disclosures to shareholders”. Optus Communications is also subject to a class action alleging “Optus failed to protect, or take reasonable steps to protect, the personal information of its current and former customers”. 4. For example, Optus Communications saw its customer growth halved in the quarter following its systems being breached. 5. Australian Financial Review 12 September 2022: “Cyber insurance premiums soar 80pc as claims surge”. 6. A quote from the 1983 John Badham film, “WarGames”. Previous Next