Brad and Daryl talk about IT strategies for remote teams
Brad and Daryl sit down this week for a Q&A style chat to unravel a few of the complex IT issues in today’s work from home (WFH) environment. At a high level, Daryl emphasizes how we should not make the mistake of trying to plug pieces of cloud software together expecting them to work properly. That is almost impossible to do effectively without the appropriate policy to guide the technology. You will need to understand how you will provide guidance to your end users faced with a variety of remote work environments (working for a cafe, home office, etc) and the new tools you will use to manage staff.
They move on to talking about some of the end-user WFH problems from asking the question “what does work from home mean?” to discussing what technology can be used to help get users up and running while also creating business efficiencies.
Throughout the discussion, Daryl covers a variety of other topics such as data security, public vs. home wifi, two-factor authentication, remote access vs. remote control utilities, data access, machine vulnerabilities and many other topics.
Brad and Daryl do an excellent job of taking some big, complex issues around WFH and explain the issues that every business owner needs to be aware of as they navigate moving their staff into the cloud and potentially hiring a company like EstesGroup to help them with their remote IT management.
Of course, you can always reach out to our managed IT services team. We’ll help you throughout the entire process of moving your company into the cloud and help you avoid the costly mistakes that can put your entire business at risk.
Are you having issues with or have questions about your current IT management? Contact us today.
Recent “Work From Home” (WFH) mandates have quickly pushed manufacturing and distribution employees out of the familiarity of their work offices and into a new realm of IT security needs. Currently, statistics are saying that 70% of the workforce that can work from home is and, after this crisis is over, more than 40% will STAY at home. With this transition, IT security principles become part of a critical conversation, especially for companies with remote workers supporting on-site manufacturing or distribution activities.
What is your WFH IT security policy?
Many distributed businesses have responded to the telecommute directive without many changes, especially those companies with data residing in the cloud. These companies have already established work-at-home policies and invested in the remote access/remote desktop technology to enable telecommuting with IT security in place. Folks who invested fully in the Office 365 space are feeling little pain, but businesses with legacy on-premise servers, workstations and printers are probably still scrambling.
Don’t be fooled—the hackers have followed you home! The increase in suspicious emails, bad websites, and malicious advertisements has skyrocketed, and the cybercrime community is just waiting for your users to click on something to ransom your hard-earned data away.
Without a written and agreed upon IT security policy, you are at the mercy of your users’ good intentions. Imagine a home PC with a saved password left on the VPN all day while the kids are stuck at home from school. The amount of data that could be lost or compromised is staggering! At a minimum, make sure you have a document that instructs your WFH users to lock the keyboard when they step away (or implement a screen saver with a password). Ensure your users don’t download documents to their local hard drive or USB drives. The list goes on, but the human element is the riskiest of all!
If a home user gets infected on the VPN, their malware is the company’s malware! Let me write that again: If a home user gets infected on the VPN, their malware is the company’s malware.
How to connect securely to your enterprise data?
Many businesses have NOT invested in expensive VPN or Remote Desktop solutions, and now it might seem either too late or too expensive. You need a low-cost, secure, and easy-to-deploy strategy to connect your home users with their corporate data: desktops, servers, and printers at the office. Many options exist, but without a budget and a vision, you’ll get lost in the storm.
Keeping your home PC safe!
Home computers are more vulnerable than corporate PCs. Home PCs tend to fall behind on patches and updates. Moreover, the computer might get repurposed for things like the kids’ Xbox. Home firewalls never measure up to those provided by your IT department. Most have no web filtering to speak of, and bad websites abound! You’ll need that enterprise class security in a mobile-friendly package.
Productivity
Another blog could certainly be written about home offices, with a good webcam and a quiet space, but that’s for another page. People are people, and the distractions from working from home are numerous and easy to fall prey to. We recommend easy-to-deploy software to ensure that your users arrive to their home office on time and ready to work (even if it’s in their PJ’s), ensuring that they are productive and not on YouTube or getting the latest Amazon order completed.
You already know you need protection from the cybersecurity threats circulating the market, but you might not have the time to know the specifics—like what endpoint security is or why you need it. If you have devices accessing a network, then you have an endpoint that needs protection. This elusive endpoint is simply any device that interacts with your network—the touchpoint between your network’s perimeter and the outside world. The bring-your-own-device (BYOD) movement that’s currently shaping the business world makes network security challenging because it creates a high demand for comprehensive endpoint security. You need to protect your customers and your business by protecting your team, and this begins with endpoint security.
Bring Your Own Disaster
The BYOD movement introduces a number of specific challenges in securing networks. The proliferation of devices interacting with a network, both in kind and in number, increases the number of endpoints and thus also increases the potential vulnerability of a network. Each new endpoint is a potentially exploitable gateway. The propagation of vulnerabilities demands a solution that can address this new circumstance. The solution that companies are increasingly utilizing to address their evolving needs has come to be known as endpoint security. Endpoint security helps ensure that all devices interacting with a network are compliant to the necessary security standards, protecting both the network and the devices themselves.
Endpoint security differs from traditional antivirus in the way that it detects and responds to threats. Traditional antivirus operates by comparing a program’s signature to a database of known malicious programs. Programs flagged as malicious would be stopped by the antivirus agent. This method of threat prevention is, by design, a step behind the attackers. Traditional antivirus can only detect malicious programs that have already been logged in the antivirus agent’s database. This creates problems in detecting new threats—what are sometimes called zero-day attacks. This also creates problems with newer “signatureless” attack methodologies that work to obscure their signatures, to work around the known signatures that antivirus looks for.
The question here is one of prevention vs. one of detection: antivirus focuses on preventing attacks. While this sounds logical, the tools available at its disposal, as we have seen, are limited. Should a malware attack slip through, antivirus is ill-equipped to deal with it once it’s inside the network. This brings in the need for more dynamic, behavioral-based detection methodologies that can leverage artificial intelligence and machine learning to detect suspicious application behaviors and react accordingly.
Leveling Up
Modern endpoint security platforms operate in a multi-level manner, protecting networks and network devices in multiple phases of vulnerability and response.
The pre-execution phase: This level is for threats as they enter the network.
The on-execution phase: This step is for threats that have entered the network and are in the process of acting out their program logic.
The post-execution phase: This involves the steps to mollify threats that have executed.
Combining static prevention with dynamic detection, modern endpoint security platforms leverage machine learning to detect threats on execution. This becomes beneficial, not only for signatureless attacks, but also for “file-less” attacks that are operating exclusively in memory.
As part of our EstesCloud security stack, we work with several vendors to provide broad and comprehensive endpoint detection and response. AI, combined with our SOC (Security Operations Center), provides the level of endpoint security that cannot be addressed by traditional antivirus. Our cybersecurity solution comes with a strong warranty—cyber threat protection provides you with financial support of $1,000 per endpoint, or up to $1 million per company, securing you against the financial implications of a ransomware attack if your company indeed suffers an attack and our team is unable to block or remediate the effects.
This Holiday Season, EstesGroup would like to give you “12 Days of ECHO” tips and tricks for those ERP System Admins out there.
We understand this time of year there is a lot going on for companies, such as: year end preparations, budgeting for the next year, personnel changes, and company shifts, etc. So that being the case, we wanted to bring a bit of humor and help to your holiday.
We’ve all done it, at least once. Some of us maybe more than a couple of times, and I know there’s few that are repeat offenders. You know what I’m talking about – the bane of the security admin’s existence – default passwords.
Those are the usernames and passwords that come with every device. Even in this day and age, most systems don’t REQUIRE you to change the credentials that get you system admin rights. The bad guys know that and use it to their advantage.
When most of our business and personal systems are protected with just a name and a basic password (and maybe a trusted network range?), that’s pretty easy pickings for someone with a brute force tool or a sniffer to find out your secrets. And once the bad guys have your credentials, then what? Well after that is when the real dangers begin.
When’s the last time you changed your voicemail PIN from 0000? Perhaps your home router is still admin/password even though the FBI issued a warning for everyone to change it? And how many ERP users keep system admin “manager” around with the default password of… you guessed it. And those accounts open the door wide to anyone wanting to get in; good and bad.
If you have systems exposed to the bad guys (and we all do!) then this post is for you. STOP IT! Even if you told me “Well, none of those systems are internet exposed”, I’d ask “where are the bad actors in your network?”. If you said “outside the firewall”, I’d respond with something like “I dare you to create a share/folder called “payroll” and see how long some curious netizen (aka employee) fell into that folder looking for something juicy.
Imagine splaying your entire infrastructure wide open to someone who just happened to know that Netgear uses admin/password for all their routers? Or that your company name is NOT a good password?
So what’s a concerned system admin gonna do? It’s easy in theory and hard in practice. Here are some digital security tips that will create a stronger password security strategy:
1. Change the default username and change the default password.
2. Start using stronger passwords, not P@ssw0rd. We recommend pass phrases, or a sentence that you can remember but the bag guys will have a hard time guessing.
3. Enable account lockout so that if “x” bad passwords are guessed in a row, the account is locked FOREVER (not reset after 10 minutes, thank you Microsoft). Helpdesk notification of such a lockout will put you in the know.
4. Remove admin credentials from being used on untrusted networks. Yes, your users are untrusted! Create a management VLAN, or a specific set of IP’s that can RDP, or shutdown the access from outside devices altogether.
5. Enable multi-factor authentication. This can easily be enabled in Office 365 and Active Directory, and if your devices leverage that directory then they automatically get that 2FA protection as well.
6. Hack yourself! Run a network scanner, or hire an outsourced IT firm to investigate for you, find the unsecured devices and fix them before the bad guys do.
7. Let us help you! We can run an ethical scan IT Assessment Detective scan of your systems, attempt to break into your systems, and give you a full reporting of your IT weaknesses. As “they say” knowledge is power.
So, don’t let your next phone call to the EstesGroup be “help me, I got hacked!” And let our managed IT services company help you run your business better with a strong password security strategy – before the bad guys teach you a lesson.
Interested in Outsourcing your IT? Or have a question on data security? Ask us, we would love to chat.
We’ve all done it, at least once. Some of us maybe more than a couple of times, and I know there’s few that are repeat offenders. You know what I’m talking about – the bane of the security admin’s existence – default passwords.