Select Page
Mobile Device Theft Prevention Tips

Mobile Device Theft Prevention Tips

by | Jun 3, 2020 | Business Consulting, Managed IT Services, Security

Estes

Cell Phone Theft Prevention: Digital Assets vs. Liabilities

With more people working outside of the office, companies need to prepare their employees for the possibility that company and personal mobile devices could be lost to theft or misplacement. Remotely securing users can be a challenge for small companies and large companies alike. Fortunately, there are easy ways that companies and employees can prepare and prevent the loss or theft of devices before it happens. Whether you have a mobile device or a hardwired PC, these device prevention tips can ensure that your phones and laptops are assets, rather than liabilities.

mobile theft
Security

Step 1: Make sure your device is locked and so are the apps!

 

In this day and age, most laptops and other portable devices can be locked (both physically and by using a passcode). Yet, anyone hanging out at a coffee shop will notice many people going to the restroom, paying for food or going outside to take a call with their devices left unattended and unlocked. Don’t be that person and become the victim of theft or loss (or even a drive-by malware install). The likelihood of theft in such public and transient locations tends to be high, and relying on the video camera of the theft doesn’t guarantee the return of the device. Take your devices in a bag with you if you leave the location any reason and also when you don’t have a direct line of sight on you and your company’s belongings.

 

When walking in crowded locations make sure to close all of your bag openings (lock them if you can) and be aware of how easily a device could be taken without your knowledge. Visible and unsecured devices are targets of thieves and could fall out of whatever you are holding them inside. Having a cell phone with critical information in the back pocket of your jeans is an invitation for accidents or worse to happen. Cell phone theft prevention needs to be proactive. Know where your device is at all times and know how to prevent both physical and digital theft.

Step 2: Know where your devices are located.

 

Most phones have the capability to track where you might have left it or where someone has taken it. These features are great but you can also step it up a notch with 3rd-party tools made for this purpose. A simple search will yield a number of location security applications built for business consumers.

 

In addition to 3rd-party applications that can help you find devices, if you want to add another layer of security there are a few physical GPS devices available. These small devices are not prohibitively expensive and can be slipped into a phone/tablet case, a briefcase or a backpack for an extra layer to identify where a device is located.

world

Step 3: Consider having the device engraved or having return information placed on the device

 

Another tip that is overlooked but important is to have devices engraved so you can add return (and reward) information in the event that a device is misplaced. If engraving is not possible, a sticker with your contact details is also another useful option. Not everyone is out to steal your device. Mobile device theft prevention savvy also protects you from your data ending up in a lost & found box. Sometimes we simply misplace our laptops or phones, so leaving contact details in the event of a loss will facilitate the return of your device.

Step 4: Encrypt or remove sensitive information

 

Luckily there are plenty of options to encrypt information on your devices. Not only do many operating systems provide you with encryption options, but there are also many 3rd-party applications to help you.  VeraCrypt is a free/open-source disk encryption software that’s worth considering if you are looking for free options.

 

Beyond encrypting sensitive data, developing a mindset of being rigorous about the removal of sensitive data (that includes photos of sensitive information) will help you avoid unwanted access to your devices that might hold sensitive information.

Shield

Cyber Thieves vs. Cyber Peace

While loss prevention isn’t always avoidable, these tips will help to reduce the probability of loss or theft and ensure we are doing everything to prevent our devices and the sensitive data (like information protected by HIPAA) from being accessed by unwanted individuals, hackers, or dark web cybercriminals. If you do become a victim of device theft, or if you lose your device, then EstesCloud BDR, or a similar disaster recovery solution, can help return cyber peace to your world of data. Cell phone theft prevention is becoming a more critical issue for businesses because remote workers often install work apps on their iPhones, Samsung Galaxies, or other competing brands.

 

IT Strategies for Remote Teams (Video)

IT Strategies for Remote Teams (Video)

by | May 26, 2020 | Leadership, Managed IT Services, Network Security, Security, Software

Brad Feakes Director Professional Services
Brad Feakes

SVP Epicor Services, Professional Services

Daryl Sirota – Director, Technical Services
Daryl Sirota

Technical Services Director

Brad and Daryl talk about IT strategies for remote teams

 

Brad and Daryl sit down this week for a Q&A style chat to unravel a few of the complex IT issues in today’s work from home (WFH) environment.  At a high level, Daryl emphasizes how we should not make the mistake of trying to plug pieces of cloud software together expecting them to work properly.  That is almost impossible to do effectively without the appropriate policy to guide the technology.  You will need to understand how you will provide guidance to your end users faced with a variety of remote work environments (working for a cafe, home office, etc) and the new tools you will use to manage staff.

 

They move on to talking about some of the end-user WFH problems from asking the question “what does work from home mean?”  to discussing what technology can be used to help get users up and running while also creating business efficiencies.

 

Throughout the discussion, Daryl covers a variety of other topics such as data security, public vs. home wifi, two-factor authentication, remote access vs. remote control utilities, data access, machine vulnerabilities and many other topics.

 

Brad and Daryl do an excellent job of taking some big, complex issues around WFH and explain the issues that every business owner needs to be aware of as they navigate moving their staff into the cloud and potentially hiring a company like EstesGroup to help them with their remote IT management.

 

Of course, you can always reach out to our managed IT services team.  We’ll help you throughout the entire process of moving your company into the cloud and help you avoid the costly mistakes that can put your entire business at risk.

 

Are you having issues with or have questions about your current IT management? Contact us today.

5 Ways EstesGroup Helps with Your CMMC Compliance

by | Jan 5, 2020 | Epicor, Epicor 10, Managed IT Services, Prophet 21, Security, Uncategorized

You might be reading this post if you are researching Cybersecurity Maturity Model Certification (CMMC), your company needs to become compliant, or your company is already compliant with CMMC but you have need of more IT services. In 2019 the Department of Defense announced a new cybersecurity protocol named CMMC that all DoD contractors (and some of their supply chains) would need to adhere to starting in 2020. There are 5 Levels of CMMC Certification, and EstesGroup can be an asset to companies in any of the levels.

 

5 Ways EstesGroup Helps with Your CMMC Compliance

  1. EstesGroup helps you identify the technology and/or services you need to meet your CMMC Level Requirements.  
  2. EstesGroup can improve your Process Maturity by helping evaluate your Procedures, Policies, or Practices. Once we’ve reviewed those processes, we can help update them to ensure you meet your CMMC Level and other compliance requirements. 
  3. There are 17 Domains that CMMC is built on. EstesGroup has the experience, tools, and services to support your business across nearly all of these domains.  
    • EstesGroup routinely deploys tools and managed services that directly support these CMMC domains: 
      • Access Control, Asset Management, Audit and Accountability, Configuration Management, Identification and Authentication, Maintenance, Recovery, Risk Management, Security Assessment, Situational Awareness, Systems and Communications Protection, and System and Information Integrity. 
    • EstesGroup can consult on and support technology used in these domains as well, but these domains typically require internal personnel or a third party on-site.  
      • Awareness and Training, Incident Response, Media Protection, Personnel Security, Physical Protection, and Risk Management 
  4. EstesGroup Managed Services (ERP Hosting ECHO & Managed IT) employ many of the standard Cybersecurity measures required for CMMC. We regularly monitor our internal and client assets for threats, perform preventative maintenance, and update technology or processes to meet or exceed cybersecurity requirements.  
  5. EstesCloud Hosting (ECHO) services enable many CMMC requirements without significant impact to you, your users, or your bottom line. By hosting your servers or software solutions in a managed cloud environment, you can compartmentalize your compliant systems and protect them at the highest CMMC levels, without locking down your whole office. For more details, see our page on EstesCloud Hosting for Aerospace & Defense  

 

 

To Learn about CMMC, read our blog What is CMMC: Cybersecurity Maturity Model Certification?”

 

EstesGroup is a Managed Services Provider working with Manufacturing and Distribution companies by providing ERP Hosting (ECHO), Managed IT, Epicor ERP, and Prophet 21 ERP services.

 

Have questions about CMMC or do you want more information on how EstesGroup makes companies more secure? Contact us today!

 

What is CMMC: Cybersecurity Maturity Model Certification?

What is CMMC: Cybersecurity Maturity Model Certification?

by | Jan 5, 2020 | Epicor, Epicor 10, ERP Risks and Challenges, Managed IT Services, Network Administration, Prophet 21, Security

CMMC: The Looming Cyber-Security Certification that Affects 60,000+ Companies

 

In 2019, the U. S. Department of Defense (DoD) announced a new security protocol program for contractors called Cybersecurity Maturity Model Certification (CMMC). CMMC is a DoD Certification process that lays out a contractor’s security requirements, and it is estimated that between 60,000-70,000 companies will need to become CMMC compliant in the next 1-3 years 

 

CMMC is basically a combination and addition to existing regulations in 48 Code of Federal Regulations (CFR) 52.204-21 and the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, and includes practices from National Institute and Technology (NIST) 800-171, the United Kingdoms’ Cyber Essentials, and Australia’s Essential Eight requirements. International Traffic in Arms Regulations (ITAR) will remain a separate certification from CMMC – though companies that are ITAR Compliant will need to adhere to CMMC as well. 

 

CMMC Version 1.0 was released late January 2020. To view the latest CMMC document, visit the CMMC DoD site. To get help now with cybersecurity and compliance regulation, talk to our EstesCare Guard team.

 

CMMC Notables 

  • There are 5 levels of the security maturity process (basic is 1 and most stringent is 5). 
  • Any company that directly (or even some that indirectly) does business with DoD will adhere to CMMC –and that means direct DoD contractors and high-level CMMC companies’ supply chains must also adhere to, at minimum, base level requirements. 
  • There is no self-assessment (unlike NIST), and companies need to get certified through a qualified auditing firm. 
  • DoD will publish all contractor’s certification level requirements. 

Is My Business Affected by CMMC? 

 

This is easily answered with a 2-part question: 1) Is your business a direct contractor to the DoD, or 2) does your business do business with a company that is a contractor to the DoD*? If you answered “yes” to question 1, then your business will need to be CMMC compliant. If you answered “yes” to number two, then it is very probable that your company will need to be CMMC compliant. 

What are the CMMC Levels? 

  • Level 1 – “Basic Cyber Hygiene”  
    • Antivirus 
    • Meet safeguard requirements of 48 CFR 52.204-21 
    • Companies might be required to provide Federal Contract Information (FCI) 
  • Level 2 – “Intermediate Cyber Hygiene” 
    • Risk Management 
    • Cybersecurity Continuity plan 
    • User awareness and training 
    • Standard Operating Procedures (SOP) documented 
    • Back-Up / Disaster Recovery (BDR) 
  • Level 3 – “Good Cyber Hygiene”
    • Systems Multi-factor Authentication 
    • Security Compliance with all NIST SP 800-171 Rev 1 Requirements 
    • Security to defend against Advanced Persistent Threats (APTs) 
    • Share incident reports if company subject to DFARS 252.204-7012 
  • Level 4 – “Proactive” 
    • Network Segmentation 
    • Detonation Chambers 
    • Mobile device inclusion 
    • Use of DLP Technologies 
    • Adapt security as needed to address changing tactics, techniques, and procedures (TTPs) in use by APTs 
    • Review & document effectiveness and report to high-level management 
    • Supply Chain Risk Consideration* 
  • Level 5 – “Advanced / Progressive” 
    • 24/7 Security Operations Center (SOC) Operation 
    • Device authentication 
    • Cyber maneuver operations 
    • Organization-wide standardized implementation of security protocols 
    • Real-time assets tracking 

One important thing to note about CMMC is that unlike NIST and other current certifications, CMMC will require certification from an authorized 3rd-party CMMC authorized certification company. Currently, most companies can self-certify for DoD-related securities. EstesGroup is not a CMMC Certification Company, but we can help companies prepare and boost security up to meet new requirements.

For more specifics on CMMC, access the latest DoD’s CMMC revision.

Learn more about CMMC with 5 Ways EstesGroup Helps with Your CMMC Compliance

 

Do you have questions about CMMC or about how EstesGroup can help your company with CMMC or other cybersecurity, compliance or data issues? Contact us or chat with us today.

Can Your Business Survive a Recall? Serial Number & Lot Tracking for Wholesale Distributors & Retailers

Can Your Business Survive a Recall? Serial Number & Lot Tracking for Wholesale Distributors & Retailers

by | Jun 4, 2019 | ERP, ERP Benefits & Features, Prophet 21

Every month there seems to be some sort of mass serial or lot recall.

Take the recent recall for Ford Fusions’ gear selector, BMW’s i3 circuit board which caused sudden auto shutdowns, or even Britax baby gear Bob stroller lawsuit & recall. All of these have some important ramifications for consumers, manufacturers, and even the distributors and retailers in-between.

 

To alleviate and address consumer fears, manufacturers need to initiate the recall and fix the issue which means distributors and retailers need to know who purchased the items, what the affected serial numbers, lot numbers, or potential manufacture/purchase/sales dates are for the affected items. Large companyes may have these capabilities, but how do small to mid-sized retailers or distributors track that vital information? Many times, serial number tracking and lot number tracking is done with disconnected spreadsheets, accounting software not designed for serial and lot tracking, which leads to erroneous information and potential for signification financial impacts.

 

It’s times like these which force midsize supply chain companies to answer the following questions:

  1. Do my current business processes support this level of tracking and recall?
  2. Can my business system provide this information correctly in a timely and economical fashion?
  3. What burdens will this place on my business efficiency?
  4. What is the total financial or legal impact on my business?

If you can’t answer these questions or the answers you come up with point to problems for your business, then now is the time to seriously think about an ERP system . . . before it’s too late.

 

Epicor Prophet 21 ERP (P21) has Serial and Lot Tracking capabilities throughout the system to make sure that distributors and retailers have proper trace-ability and reporting in the following key modules:

  • Supply Chain Management (Inventory & Warehouse Management)
  • Sales Order Management
  • Product Management
  • Production Management (for the Distributor with some Manufacturing requirements)
  • Service and Maintenance Management (includes warranty claims)

The powerful data capture and real-time reporting of Prophet 21 ERP (P21) makes it a great fit solution for many small to midsized distributors. A few specific features of serial and lot tracking are:

  • Instant Information at a Click of the Mouse
  • Search by Full or Partial Serial Numbers or Lot Numbers
  • See Serial Numbers or Lot Numbers by Vendors
  • Trace Production or Movement of Serial Numbers or Lot Numbers
  • See Serial Numbers or Lot Numbers by Customer
  • Mobile Warehouse & Barcoding

 

Contact the EstesGroup to learn more about how Epicor Prophet 21 ERP (P21) serial tracking and lot tracking features can protect your business!