Bold-ICT

Bold-ICT Bold-ICT was founded on the belief that all businesses can take advantage of technology to do busine

Don’t treat OneDrive or Google Drive as your backup.A lot of people assume that if ransomware hits, they can just roll b...
01/06/2026

Don’t treat OneDrive or Google Drive as your backup.

A lot of people assume that if ransomware hits, they can just roll back to an earlier version in the cloud. In reality, it doesn’t work like that anymore.

Modern ransomware is smarter. Once it gets onto a synced device, it encrypts the files and those changes get pushed straight into your cloud storage. Clean versions get overwritten, and in some cases the malware will go after version history and recycle bins before you even realise what’s happened.

The damage doesn’t stay on one laptop. Syncing is doing exactly what it’s designed to do and pushing those encrypted files everywhere.

Cloud storage connects your data. It doesn’t protect it.

If you actually want a safety net, you need a proper backup that’s separate and isolated. Something offline or locked down so a compromised account can’t touch it, delete it, or encrypt it.

Anything less, and you’re taking a gamble.

The Most Dangerous Words in IT: “It Still Works”It's usually a worry when you hear the phrase “Don’t touch that” in a se...
29/05/2026

The Most Dangerous Words in IT: “It Still Works”

It's usually a worry when you hear the phrase “Don’t touch that” in a server room.

It’s usually said with a half-joke and a grimace. Everyone knows it’s referring to the old box that “still works”, runs something important, and has survived so many fixes and workarounds that no one feels confident touching it anymore.

That’s legacy debt.

Not just “old tech”, but old tech that’s become a dependency. The kind that quietly builds up risk until it eventually turns into downtime, a security issue, or an emergency upgrade at the worst possible time.

A legacy debt audit is a fast way to bring that risk back into the light.

What Legacy Debt Really Looks Like
Legacy debt isn’t just “old gear”. It’s old gear that’s become normal.

It’s the server running a critical app. The edge device no one remembers buying. The workaround that somehow turned into a permanent fix (that's a whole topic in itself - there's nothing more permanent than a temporary fix). Over time, it all stacks up quietly.

The problem is easy to ignore until it isn’t.

Legacy debt creeps in even in well-managed environments. It slowly adds constraints, increases cost, and limits your ability to respond when something goes wrong.

The real risk shows up when “old” becomes “unpatchable”.

Once something can’t be updated, its weaknesses don’t go away. They just sit there, waiting for the wrong day. There’s no clever workaround that makes an unsupported system truly safe, only ways to reduce risk until you replace it.

You also start to see it in the basics slipping.

Patching becomes inconsistent. Logs aren’t reviewed. Services stay running that no one actually needs. Backups exist, but haven’t been tested. When these fundamentals drift, legacy debt turns into a reliability and incident-response problem, not to mention a security one.

And more often than not, the highest risk is sitting right at the edge, exposed to the internet.

The 3 Oldest Risks to Find First
If you’re running a legacy debt audit, don’t overcomplicate it. Start with the areas where age and impact overlap.

These are the ones that tend to hurt the most.

Risk #1: End-of-support edge devices
If you’re looking for high-impact legacy debt, start at the edge.

Firewalls, VPN gateways, and routers are your front door. When they hit end-of-support, they don’t just become outdated. They become harder to defend because security updates stop arriving.

They might still be doing their job, but without a safety net.

What to check in your audit:

List every edge device (firewalls, VPNs, routers) and confirm its support status
Identify which ones are internet-facing and what services are exposed
Flag anything that can’t run current firmware or no longer receives updates

Risk #2: Obsolete systems that can’t be fixed
Legacy debt in its purest form is systems that are still running but no longer supported.

Once support ends, every new vulnerability becomes permanent.

There’s no smart workaround that makes an unsupported system “safe”. At best, you’re managing risk until you can replace it.

What to check in your audit:

Identify anything past support: server operating systems, appliances, hypervisors, and line-of-business apps
Flag systems that rely on exceptions (old protocols, weak authentication, special firewall rules)
Highlight anything that’s both business-critical and unsupported

Risk #3: “It still works” servers with neglected basics
This is the sneakiest one, because it looks completely normal.

The server is supported. The hardware runs fine. No one’s complaining.

But underneath, the basics have drifted.

Patching is inconsistent. Unnecessary services are still running. Permissions have crept wider over time. Backups exist, but no one’s proven they actually work when it counts.

These are the kinds of gaps that turn small issues into bigger outages.

What to check in your audit:

Patch reality: how current are you, and how often do updates slip?
Service sprawl: what’s running that doesn’t need to be?
Accounts and access: where are the shared credentials or overly broad permissions?
Backup confidence: when was the last restore test, and did it actually succeed?
Change control: who can make changes, and how are they tracked?

Stop Carrying Silent Risk
Legacy debt doesn’t make noise.

It sits quietly in the background until the day it turns into downtime, exposure, or an upgrade you’re forced to rush.

A legacy debt audit gives you control back.

It turns “we should deal with that someday” into a short, practical list you can actually act on.

Start with the highest-risk areas:

End-of-support edge devices
Obsolete systems that can’t be patched
Servers where the basics have drifted

Then assign owners, set dates, and work through them one at a time, moving each item from “too risky to touch” to “sorted”.

If you need a hand running a legacy debt audit or figuring out where to start, get in touch.

If you run a business, it’s surprisingly easy for an employee to email your client list to their personal account.Someti...
25/05/2026

If you run a business, it’s surprisingly easy for an employee to email your client list to their personal account.

Sometimes it’s an accident. Sometimes it’s not.

Most businesses just rely on trust.

The problem is, trust doesn’t stop data leaving your environment.

You need a control in place that actually prevents it.

If you’re on Microsoft 365, this is where Microsoft Purview comes in. You can set up Data Loss Prevention (DLP) rules that actively monitor what’s leaving your business.

Once it’s configured, it’s not just emails.

It checks Teams messages, SharePoint and OneDrive files, endpoint activity, browser sessions, and even Copilot prompts.

If it detects sensitive data like credit card details, Medicare numbers, or even your own internal classifications, it can stop it on the way out.

No manual monitoring. No relying on someone noticing it later.

It just doesn’t leave.

That’s the difference between hoping it won’t happen, and actually controlling it.

If a website ever tells you to press Windows key + R, don’t do it.Just close the tab.That one instruction is the dead gi...
13/05/2026

If a website ever tells you to press Windows key + R, don’t do it.
Just close the tab.

That one instruction is the dead giveaway for a fast‑growing scam called ClickFix, which has been responsible for a big wave of infostealer infections this year.

An infostealer is nasty stuff. It quietly grabs saved passwords, browser cookies and session tokens, and stored credit card details

Here’s how the scam usually plays out:

You click a Google result and land on a compromised website.

A very convincing fake CAPTCHA pops up and asks you to:
1. Press Windows key + R
2. Press Ctrl + V
3. Hit Enter to “prove you’re human”

The moment you hit Enter, you’ve installed the malware yourself.

That’s why this attack works so well. No file is downloaded, so antivirus has nothing obvious to scan
The browser doesn’t throw a warning.
From Windows’ point of view, you simply typed a command, the same as any admin doing real work

A few practical things you can do this week:
✅ Tell your team: if any website asks them to use Win + R or paste anything into the Run box, close the tab and report it. No exceptions.
✅ Lock down PowerShell for non‑IT staff using AppLocker or Windows Defender Application Control. Most office users should never need it.
✅ Make sure your endpoint protection is doing behaviour‑based detection, not just signature scanning. Microsoft Defender for Endpoint (and most modern EDR tools) already have rules for this attack chain.

There’s no shame in falling for a fake CAPTCHA. They’re designed to look legitimate.

But once your team knows the keystroke trick, this scam stops working on them altogether.

Stay safe out there.

Chances are you’ve emailed internal comments to a client at some point, without realising it.When you edit a document in...
04/03/2026

Chances are you’ve emailed internal comments to a client at some point, without realising it.

When you edit a document in Word or PDF, the file keeps metadata. That can include the author’s name, editing time, and even deleted comments.

Contract negotiations can fall over because a client used Inspect Document and uncovered internal notes or pricing discussions hidden in the file history.

Before you attach a document to an email, take 30 seconds to check it:

1. Go to File > Info
2. Click Check for Issues
3. Select Inspect Document

This removes hidden properties, personal information, and version history, so you’re only sending what you actually intend to share.

A small step, but an important one.

Smishing attacks are getting harder to spot.If you’re wondering what smishing is, it’s basically phishing – but through ...
05/01/2026

Smishing attacks are getting harder to spot.

If you’re wondering what smishing is, it’s basically phishing – but through text messages.

The aim? To pinch your login details or credit card info.

It used to be pretty easy to pick these scams, but the crooks have stepped up their game:

• They’ll use your real name so it feels legit.
• The links look genuine – even with HTTPS and that little padlock icon (which doesn’t guarantee safety anymore).
• They time messages around real events like tax time or parcel deliveries.
• Some even try to trick you into downloading a dodgy app or calling a fake support number.

Best tip? Never tap on a link in a text – even if it feels urgent.

If you’re worried about an account, open your official banking app or type the website in yourself. If there’s a real issue, you’ll see it there.

Stay sharp out there!

Had enough of juggling tricky tasks across a bunch of different apps? Good news!Microsoft has rolled out Agent Mode and ...
17/11/2025

Had enough of juggling tricky tasks across a bunch of different apps? Good news!

Microsoft has rolled out Agent Mode and Office Agent in Microsoft 365 Copilot – and it’s a game-changer.

Think of it like having your own AI sidekick that takes care of the heavy lifting. Start a chat, and Office Agent can whip up full PowerPoint decks or Word docs – even doing its own web research while you grab a cuppa.

Inside apps like Excel and Word, Agent Mode gives you a conversational way to crunch data or draft content. It’s a simple upgrade that saves time and cuts down on mistakes.

Now, anyone can tap into expert-level capabilities, and seasoned pros can move faster with fewer errors. Whether you’re creating presentations, analysing data, or drafting documents, this update makes Office a whole lot easier to use.

So, what will you try first?

Here’s something we’re seeing more often: team members copying emails, contracts, and internal notes into free AI tools ...
14/10/2025

Here’s something we’re seeing more often: team members copying emails, contracts, and internal notes into free AI tools they’ve found online.

Most of these apps store data overseas. Some quietly link up with other services. Others keep and reuse whatever you upload.

This kind of thing is known as Shadow IT.

Even one unapproved tool can land you in hot water—breaking a client’s NDA, causing a data breach, or triggering legal headaches you didn’t see coming.

So, what can you do?

✅ Have a chat with your team – ask what AI tools they’ve used or tested.

✅ Check the data policies – especially around where info is stored and who can access it.

✅ Block risky tools – at the firewall or browser level if needed.

✅ Write a quick policy – spell out what’s okay, what’s not, and who to talk to before trying something new.

If you’d like help figuring out what’s already in use, or need a hand locking things down, we’ve got you covered. Quick and easy.

Copilot just got a major upgrade — and it’s a game changer.You can now drop in a PDF, PowerPoint or Word doc and ask Cop...
06/10/2025

Copilot just got a major upgrade — and it’s a game changer.
You can now drop in a PDF, PowerPoint or Word doc and ask Copilot things like:

“What’s in the image on page 4?”
“What’s this chart showing?”
“What’s changed between this and the last version?”

Yep, Copilot will actually look at the visuals and give you a clear, written answer.
Even better — if you’re working on something visual like a marketing concept or a slide mock-up, you can now edit images using plain English.
Say things like:

“Change the red cube to purple”
“Make the background white”
“Add a few people in the corner”

Copilot will make the change and show you a visual snippet of what’s been updated. No more jumping between apps just to make simple edits.
Honestly, it’s one of the most useful updates we’ve seen in ages — especially if you’re working on reports, proposals or anything client-facing.
Give it a go and let us know what you think!

Free Wi-Fi could cost you more than you bargained for.You’re at your local café, laptop open, and you connect to “Cafe G...
01/10/2025

Free Wi-Fi could cost you more than you bargained for.

You’re at your local café, laptop open, and you connect to “Cafe Guest WiFi.”
All seems fine, right?

Here’s the catch: anyone can name a Wi-Fi network whatever they like.
It’s ridiculously easy for someone dodgy to set up a fake hotspot called “Cafe WiFi” or “Airport_Free_WiFi”...

Then they just sit back and wait for you to connect, watching what you type, pinching your login details, or quietly installing malware without you even noticing.

This kind of thing happens all the time in co-working spaces, hotels, airports, and even your favourite café down the road.

It takes less than a minute for them to grab what they need.

Not ideal.

So, if you or your team work on the go, here are a few simple ways to stay safe:

🔒 Use your mobile hotspot whenever you can
🛡️ If you have to use public Wi-Fi, connect through a VPN
🚫 Avoid logging into sensitive accounts (like banking or admin panels) on open networks
✅ Always double-check the exact network name with staff before connecting

Stay smart, stay secure — and keep your data out of the wrong hands.

Address

70 Breen Street
Bendigo, VIC
3550

Opening Hours

Monday 8:30am - 5pm
Tuesday 8:30am - 5pm
Wednesday 8:30am - 5pm
Thursday 8:30am - 5pm
Friday 8:30am - 5pm

Website

Alerts

Be the first to know and let us send you an email when Bold-ICT posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Bold-ICT:

Shortcuts

Share

Category