Dear Loving Clients,
We Send our Love back to you from the IPSOFACTO, IT Services Family
March 16- March 20 was busy; for new mobile team support and overtaxed home-to-office connectivity. The hackers and computer viruses have seen a 10x increase. (Hackers have nothing better to do right now).
Here at IPSOFACTO, IT Services we are:
- Helping people use and have secure mobile tools
- Rolling out our SAFETY BUNDLE (mobile protections, network speed increases, user efficiency, corporate oversite)
- Redesigning Data Systems (now is a great time to organize files)
- Migrating email and files to safer locations
- Mobile-Speed-Upgrades for hardware (firewalls and Wifi) and for Servers (patches and Virtual software)
- Rolling out new computers for Mobile Staff
- Updating Network Security profiles
Some of our clients are working from home and have seen a slowdown in employee productivity. What seems like a vacation for some sees us doing background security and network upgrades. Right now, many new data filters are rolling out to protect networks from embedded hacks.
We have been rescheduling on-site appointments to off-site.
Our clients have been calling us to ask how to roll out new collaboration software.
All our plans are in full effect. They will be re-evaluated on April 7th. We must pay our salaries here. Humans come first in these difficult times.
For IT Service, please send requests to firstname.lastname@example.org We’re here to keep you up and working.
Steve and the IPSOFACTO, IT Services Family
Many IPSOFACTO, IT Services clients are using this opportunity to:
- Avoid interruptions: We’re working in empty offices to replace old or obsolete networking equipment.
- Outpace competitors: Our gig economy clients are finding ways to take more market share from firms that are not working now.
- Launch new Marketing campaigns: more eyeballs reading more copy right now.
- Support the cause: Focus on clients in Healthcare and delivery services.
- Hire: Find new employees.
- Buy an office, rather than rent: Commercial office prices are down, and the interest rate is 0%. Buy a $1m live-work loft for 3%, 20yrs, $50k down.
- Facilitate Changes: Make the changes you wanted to make in 2019 but were too busy.
- Plan Better: Write up a new business plan for 2020.
- Embrace Yogic Living: This is a time for better health, true information, and strong compassion.
Working Mobile; things you will need
- Security Software
- Recommendation: Install OpenDNS, Webroot Antivirus and MDM on all computers/laptops – this can be done remotely.
- VPN Access
- Recommendation: Meraki networks already support VPN access; setup for all employees – this can be done remotely.
- Cybersecurity Incident Response Plan
- Recommendation: Develop/Update response plan – The increased security risk of remote work reinforces the need to have a plan in place if something goes wrong.
Email email@example.com or call 415-362-2922; to roll-out these changes ASAP. www.ipsofacto.net
Boiler Plate Network Security Guidelines
Additionally, the following is not a comprehensive list of IPSOFACTO, IT Services best practices and some may or may not apply; however, it provides users and organizations with some guidance in managing the cybersecurity risks associated with a remote workforce.
Review your current information security and other similar policies to determine if there are any established security guidelines for remote work and remote access to company information systems. Some organizations may have policies specifically geared for remote work, while others may provide for contingencies in disaster recovery plans, BYOD (bring your own device) polices, and other similar plans and policies. If no relevant plans or policies are in place, this is a good time to establish at least some basic guidelines to address remote access to company information systems and use by employees of personal devices for company business.
Companies should review data breach and incident response plans to ensure that organizations are prepared for responding to a data breach or security incident. Update the plans if necessary, for contact information for the (now) remote incident response team and outside advisors.
In traditional IPSOFACTO, IT Services virtual private networks (VPNs), individuals use VPN client software to establish a secure connection to an internal network to access internal (office) resources (i.e File Share Servers, Virtual Machines, intranet websites, etc.). Organizations should scope VPN access accordingly to ensure the principle of least privilege is maintained. Regardless of which remote access method you offer, multi-factor authentication should be mandatory. Additionally, if remote devices are allowed to connect to your internal network, consider implementing a Network Access Control (NAC) solution to ensure only authorized devices are permitted to connect at IPSOFACTO, IT Services.
Organization-Owned vs Personal Devices:
Many Software as a Service (SaaS) and virtualized applications that IPSOFACTO, IT Services managesmay be securely accessed by remote users through their personal devices if certain security controls are implemented. To reiterate, MFA should be mandatory for remote access to any application, network, or service your organization provides to teleworkers. In addition, organizations must implement controls to ensure sensitive files and information are not downloaded or stored on personal devices or personal cloud storage services. Sensitive data should only be stored on organizationally-controlled devices or authorized cloud storage services. Cloud service providers often offer conditional access controls to prevent the download of data to unauthorized devices. IT departments are advised to enforce these controls. For cloud services at IPSOFACTO, IT Services that do not provide the option to restrict the download of sensitive data, organizations are advised to implement a Cloud Access Security Broker (CASB) solution that provides these security controls.
Irrespective of whether a device is personally owned or organizationally owned, they are exposed to numerous risks when connecting to networks not controlled by the organization. Therefore, implementing strong security controls by IPSOFACTO, IT Services is paramount. This includes controls such as strong authentication, hardening the operating system, and applying the principle of least functionality to limit services, ports, and protocols to only those that are necessary. Protective technologies should be implemented, including anti-virus/anti-malware software, endpoint detection and response software, web content filtering software, host-based firewalls, device and file encryption, and the latest security patches. With a remote workforce, IPSOFACTO, IT Services face a myriad of challenges in providing support, pushing security updates, and providing continuous monitoring and incident reporting and response services for remote devices and users.
Other Remote Work Cyber Security Tips:
- Remind employees of the types of information that they need to safeguard. This often includes information such as confidential business information, trade secrets, protected intellectual property, work product, customer information, employee information, and other personal information (information that identifies a person of household). IPSOFACTO, IT Services can shore this up with data protection services.
- Sensitive information, such as certain types of personal information (e.g., personnel records, medical records, financial records), that is stored on or sent to or from remote devices should be encrypted in transit and at rest on the device and on removable media used by the device. IPSOFACTO, IT Services can shore this up with data protection services.
- Train employees on how to detect and handle phishing attacks and other forms of social engineering involving remote devices and remote access to company information systems. There are an increasing number of Coronavirus-based phishing emails going around, preying on the health concerns of the public. For more information about this particular risk, please see our article. Train your employees using IPSOFACTO, IT Services training programs.
- Do not allow sharing of work computers and other devices. When employees bring work devices home, those devices should not be shared with or used by anyone else in the home. This reduces the risk of unauthorized or inadvertent access to protected company information.
- Company information should never be downloaded or saved to employees’ personal devices or cloud services, including employee computers, thumb drives, or cloud services such as their personal Google Drive or Dropbox accounts. IPSOFACTO, IT Services can shore this up with data protection services such as Saas Backup.
- “Remember password” functions should always be turned off when employees are logging into company information systems and applications from their personal devices. use IPSOFACTO as your password. Nobody can spell it correctly though it’s one of the oldest words still used in the English Language.