Category: IT Solutions

KnowBe4 Free Course: WFH Internet Security

 

Free Course: Internet Security When You Work From Home

With this module we help you understand the challenges and how to stay safe and secure online while working from home.

By the end of this training module, you will:

  • Understand some common technology problems when preparing to work from home.
  • Understand basic necessary steps to take while preparing and securing your home environment for remote work.
  • Know essential best practices to implement for success while working remotely.

    KnowBe4

 

Begin the course by clicking here: https://www.knowbe4.com/wfhinternetsecurity

No password needed

 

Click to learn how Morefield can help better educate your workforce in cyber security

 

Podcast: Small Business Resource Show

Are You Prepared for a Cyber Attack with Alex Thomas

Alex Thomas is the vCIO at Morefield Communications. He identifies and translates business challenges into IT solutions. Organizes and facilitates steering committees, and assists with the review and approval of IT budgets and strategic plans.

Alex develops and maintains IT project portfolios, and oversees the architecture of IT projects and solutions. He audits clients environments and assist with compliance adherence or remediation efforts. Continuous evaluation of market trends and disruptive technologies, to serve as a mentor for my team, and champion the development of new technologies.

http://sbrashow.libsyn.com/are-you-prepared-for-a-cyber-attack-with-alex-thomas

WFH: Keeping your team connected & your information secure

We are all realizing this is the new normal for a bit longer. At Morefield, we want to make sure that your organization can be effective and efficient in this new environment. We are working with all of our strategic partners to provide elongated free trials and special pricing of collaboration tools, remote working solutions & connectivity options to all of clients. Together we will come through this. Please let us know how we can help your organization weather the storm. Please contact us if you would like to discuss any of the available options below.

 

What Can Morefield Help Me Implement Today?

Remote Working Tools:

  • Mitel’s MiCloud Connect
    • 3 months free
    • Web, audio and video conferencing, screen sharing, softphone, file sharing, messaging, SMS, mobile apps and more
    • Morefield discounted services rates to get your team up and running as soon as possible – 2 available options
  • Cisco Webex allows employees to stay connected to their teams and continue their business operations.
  • Zoom for Business – remote meeting solutions
  • Microsoft Teams can help maintain connectivity to aid in information sharing, even while working remotely, even if you work for a business that isn’t currently licensed for Teams.
    • Document sharing with One Drive, conferencing with Skype, messaging and sharing with Teams.
  • Discounted pricing available on laptops, desktop & workstations
  • Single number reach, cloud voice, and smartphone access use a single corporate number to be reached at the office, at their home office, or on their mobile device.

Virtual Learning:

  • Webex is providing special features for virtual learning education during this time.

IT Security:

  • Cisco Umbrella protects users from malicious Internet destinations whether they are on or off the network. Existing customers are able to exceed their user limit to support an increase in remote workers & new customers can access a free license.
  • Duo Security enables organizations to verify users’ identities and establish device trust before granting access to applications. Existing customers are able to exceed their user limit to support an increase in remote workers, and new customers can access a free license.
  • Cisco AnyConnect Secure Mobility Client empowers employees to work from anywhere on company laptops or personal mobile devices. It also provides the visibility and control security teams need to identify who and which devices are accessing their infrastructure. Existing AnyConnect customers can exceed their user limit to support an increase in remote workers, and new customers can access a free license.
  • Cisco Advanced Malware Protection (AMP) for Endpoints gives you a detailed assessment to find, stop and remove malicious content with effective tools that are simple to use. Get started now with our 2 to 4-week trial at no cost to you.

Physical Security & Resident Notification Solutions:

Status Solutions SARA system:

  • Notifications and alerts in or outside your facility
  • Digital Signage integration
  • Pre-recorded paging announcements
  • Resident tracking
  • Door lockdown/monitoring

Status Solutions CATIE:

  • Social connections for your residents are so important during this time. There is a free of charge web portal available from Status Solutions called CATIE-Web that allows your residents to receive community messages, while they stay connected to the happenings and services in your community. This can be set up remotely without the need to come on site. See https://www.statussolutions.com/catie-web-offer.

COVID-19 business continuity

How Morefield can help Ensure Business Continuity during COVID-19

Each day, we help organizations evolve their business technology and introduce new forms of collaboration and mobility into their workforce. We have been ready to assist our partners in past times of uncertainty; we are here for you today and we will continue to be here for our clients in the future. Morefield has a long and stable history you can count on in uncertain times. Please let us know how we can assist your organization. We are here for you and our thoughts are with all those who are impacted. by COVID-19.

 

What Can Morefield Help Me Implement Today?

Remote Working Tools:

  • Cisco Webex allows employees to stay connected to their teams and continue their business operations.
    • Free 90-day licenses to businesses
    • Enabling existing customers by expanding their usage at no additional cost
    • Discounted pricing available
  • Microsoft Office is perfectly built for document sharing with One Drive, conferencing with Skype, messaging and sharing with Teams. Microsoft Teams can help maintain connectivity to aid in information sharing, even while working remotely, even if you work for a business that isn’t currently licensed for Teams.
  • Discounted pricing available on laptops, desktop & workstations
  • Single number reach, cloud voice, and smartphone access use a single corporate number to be reached at the office, at their home office, or on their mobile device.

Virtual Learning:

  • Webex is providing special features for virtual learning education during this time.

IT Security:

  • Cisco Umbrella protects users from malicious Internet destinations whether they are on or off the network. Existing customers are able to exceed their user limit to support an increase in remote workers & new customers can access a free license.
  • Duo Security enables organizations to verify users’ identities and establish device trust before granting access to applications. Existing customers are able to exceed their user limit to support an increase in remote workers, and new customers can access a free license.
  • Cisco AnyConnect Secure Mobility Client empowers employees to work from anywhere on company laptops or personal mobile devices. It also provides the visibility and control security teams need to identify who and which devices are accessing their infrastructure. Existing AnyConnect customers can exceed their user limit to support an increase in remote workers, and new customers can access a free license.

Physical Security:

Who should use these tools?

With today’s developing situation, we would stress preparedness to ensure business continuity. Depending on your organization’s size and need to work remotely different tools are available to ensure secure connectivity and collaboration. Mobile work tools are available to be used in all industries and for organizations of every size. If you aren’t sure where to begin, please give us a call and our experts will help you.

I didn’t plan to deploy remote working solutions in my 2020 IT budget. What should I do?

We understand that many 2020 IT budgets did not include COVID-19 contingency plans and we are happy to extend special pricing, financing and several free collaboration and secure remote connectivity tools during this time. Let’s discuss what you need and how we can help you.

Are there precautions I should take with my access control?

In times of caution, streamlining entrances and exits become essential to many organizations. Access control and CCTV can help you keep only authorized personal entering your facility and campus. Controlling who comes in contact with your staff, members, patients or students is extremely important at this time to limit possible exposure.

Ask us about:

Other Technology Options to Consider

 

Contact Morefield Communications with questions on business continuity during COVID-19.

IT Security Checklist

There’s no shortage of opportunities for small- and medium-sized businesses (SMBs) to tighten their IT security infrastructure — and no lack of reasons they should.

Only 35 percent of Chief Information Security Officers surveyed this year said they were comfortable with their organization’s ability to identify, contain and correct a security compromise. Nearly 30 percent also said they suffered from “cyber-fatigue,” the hamster-wheel exhaustion of responding to the seemingly mounting list of cybersecurity threats while still feeling exposed.

With IT departments so often siloed, security best practices must balance users, networks, data, apps and endpoints. It’s no small undertaking, but it’s essential in guarding an organization’s reputation.

We’ve compiled what should be on an IT security checklist for small businesses — the core practices moving IT teams off the hamster wheel and into proactive, not reactive, IT enterprise security.

Business IT Security Checklist: What Are the Top Network Security Concerns Facing Organizations?

Business IT security checklists aim to address these top malicious cybersecurity incidents and attacks before they become mission-critical, non-recoverable breaches.

1. Malware

Downloading malicious software is one of the most common user behaviors at fault for enterprise data loss and system attacks. Malware wreaks havoc when users mistake computer apps, programs, links, files or entire websites as their benign versions. In reality, these applications are corruptions, designed to look and even act like the real thing. Employees, unaware of all this, then conduct regular activity on or through these programs, providing an opening for the malware to infect desktops, laptops, mobile devices and even the entire network.

2. Phishing Schemes

Phishing schemes target organizations via email. They attempt to mimic important organizational stakeholders — upper management, other team members, business vendors, etc. — to elicit sensitive or personal information. Employees untrained or not fluent in identifying phishing red flags pose a severe threat to enterprise data and access control security.

3. Spyware

Spyware is a type of malware specifically designed to enter devices and track internet usage, account usernames and passwords. Cybercriminals use the information gleaned from tracking to hack business accounts or pose as prominent organization members, often to extract further sensitive enterprise data.

4. Ransomware

Ransomware takes extortion tactics digital. Entering a network through traditional malware — clicked links, downloadable attachments, newly installed software, etc. — ransomware can shut down or block access to essential files or systems until an organization pays a ransom or hands over demanded data.

5. Mobile Malware

Mobile malware are a type of malware virus-coded to infect mobile devices such as smartphones, tablets and tech wearables. This IT threat continues to mount as more and more organizations grow lenient with their bring-your-own-device (BYOD) policies yet increase their dependency on mobile- or remote-device infrastructure. Plus, with the inevitability of the Internet of Things, mobile devices pose a higher security risk in their very interconnected nature — even for businesses with thorough network and device defenses.

6. Improper File Sharing

While not a cybersecurity threat in the traditional sense, business network leaders have identified careless file sharing as a core concern underpinning several of the direct attack categories above. Many organizations struggle to standardize acceptable use policies or internet access policies, which are meant to curb file-sharing and file-access risks — if they have these policies at all.

IT security checklist for small businesses

What Are IT Security Best Practices?

While there are numerous approaches to small business network security best practices, their guiding philosophy remains the same: Institutionalize a series of practical, everyday activities and technologies that position a business to identify and handle cybersecurity threats in their infancy, before they become existential business failures.

For the majority of SMBs, this philosophy breaks down into five main practice categories.

  • 24/7/365 monitoring
  • Threat Detection
  • Response
  • Remediation
  • Backup recovery and data reinstation

Note: IT security best practices do not mean avoiding all breaches or attacks. That is an impossible goal, one likely to result in cyber-fatigue. Likewise, a small business’ security checklist can’t implement everything at once, even if strategic goal alignment and enterprise resources are there. That, too, leads to IT employee burnout and the increased chance of skipped or forgotten best practices.

Talk to a Cybersecurity Expert

Business Risk of Not Instituting a Cyber Security Checklist

There is a myriad of risks organizations expose themselves to without diligent IT infrastructure security.

Risks of not instituting a network security checklist

1. Financial Loss

Nearly 47 percent of cybersecurity breaches will end up costing a business around $500,000 to remedy. What’s more, cybersecurity incidents force one out of every two SMBs to permanently close its doors, the financial toll too steep to overcome.

2. Operational Halts

Security breaches can shut down “business as usual” while teams and IT departments scramble to mitigate the damage. From receiving a security alert to manually reviewing, escalating and addressing its source, turnaround times for business IT security can be a few hours to a few weeks, depending on the severity and type of cyberattack. Can your business afford to halt operations that long?

3. Lost Customers and Clients

Seven out of 10 consumers say they would stop doing business with a company that misused or under-protected their data. With the recent — and significant — user data mismanagement examples of major organizations like Facebook and Equifax, businesses today must prove their customers’ data is a priority, not an afterthought. Neglecting to do so risks losing your very customer base.

4. Culpability With Investors and Shareholders

Companies must balance consumer trust as well as stakeholder trust. A cybersecurity incident can shake stakeholders’ confidence, with investors, shareholders, partners and any other parties that hold a vested interest in the company’s future needing assurance that IT infrastructure does indeed uphold contemporary best practices.

5. Damaged Reputation

Operational disruptions, investor dissatisfaction and loss of customer trust will ultimately take a toll on a brand’s perception. Cybersecurity negligence defines, if not taints, company reputations. It can take years — and massive PR work — to overcome the negative perceptions and turn a new branding chapter.

6. Regulatory Retaliation

Depending on the scope of a cybersecurity breach and the industry your organization is in, network security negligence can open the doors to regulatory fines. If they are severe enough, government agencies may even press for legal repercussions for culpable parties.

Guide to Small Business IT Security

What should be on an IT infrastructure security checklist for SMBs — or any-sized organization seeking bolstered network security management? We’ve outlined practical, actionable suggestions for sharpened business network security.

IT security steps to take

1. Perform a Critical IT Assets Audit

Before any official security checklist can be drafted, SMBs must first take inventory of its most critical IT assets. This includes analyzing its:

  • People: The knowledgeable and dedicated staff that makes up all the teams and domains of your IT department, as well as who those teams report to within the larger organizational structure.
  • Processes: The daily roles, procedures, responsibilities and initiatives helmed by your IT personnel and utilized by all across the SMB.
  • Technology: The physical infrastructure of your network ecosystem, accounting for all pieces of hardware, software, storage methodologies, files, applications and more.

Performing an IT asset audit presents visibility over your business’ entire IT environment. It leaves no stone unturned, providing a guiding compass that’ll steer your ultimate security best practices checklist.

2. Research Leading Security Solutions Providers

Researching industry security leaders is the second step for SMBs and other organizations to begin their network and IT security checklist. Organizations will use their critical IT asset audit to begin vetting security partners with products and services fitting their exact needs.
Today, companies like Cisco make and manufacture leading networking hardware, software, tech security systems and other products related to enterprise IT infrastructure. By partnering with a comprehensive computer networking partner, like Cisco, SMBs can consolidate their security support through a single, convenient vendor — so long as that vendor delivers the range of security mechanisms required of their critical assets.
In other words, partnering with a leading security solution provider like Cisco provides a “one-stop security shop” for business network security, offering products like:

  • Advanced malware protection
  • Advanced firewall defenses
  • Phishing, spoofing and ransomware business email security
  • A central breach alert system
  • Network visibility and segmentation features
  • Secure remote network access solutions
  • Multi-factor authentification technology
  • Cloud security solutions
  • And more

3. Prioritize Patching Outdated, Out-of-Sync Software

Infrequently updated operating systems and software create vulnerabilities across an SMB’s IT mechanisms. This incongruent patchwork stack is ripe for attackers, who can write code to exploit vulnerabilities when devices are not routinely kept up to date.

For software and desktop security, ensure your business network security checklist contains:

  • Audits that inventory all operating systems and versions used in your business — including those that enter your network through BYOD — as well as their physical hardware, locations and IP addresses. The goal in these audits should be to consolidate the number of operating systems and shadow IT in use.
  • Operating system reviews, ensuring you’re using the latest version to remove bugs and vulnerabilities
  • Regularly updated, dynamic anti-virus software
  • Contemporary security controls in your firewalls and routers
  • Frequently refreshed, effective email filters defending employees against spam, phishing and malware

4. Deploy Data Recovery (DR) and Business Continuity Solutions

Regularly backing up enterprise data is an SMB IT best practice, yet over half of SMBs admit they are unprepared for even a minor data-loss incident, from hard-drive malfunctions to an outsider breach.

Whether cloud-based, on-premise or both, data recovery should include standardized efforts like:

  • Regularly performed recovery tests.
  • Weekly tested backup systems.
  • Data categorize into business-critical or strategic, then backed up accordingly. Business-critical data pertains to any information required to keep daily operations running, whereas strategic data is essential to the enterprise as a whole but not accessed or updated daily. It is an industry best practice to have three backup systems for business-critical data, one centralized on site and one backed up remotely every night. Plan semi-regular backups for strategic data.
  • Off-premise data backup, either into the cloud or onto external hard drives not permanently connected to the devices they back.

5. Review External Vendor Relationships

From sourcing raw materials to hiring contractors to maintaining utility contracts, third-party services are a fundamental part of a fully functioning modern business. They’re inevitable, not extraneous.

However, a growing body of research indicates SMBs with fewer external vendors experience fewer security alerts, meaning reduced instances of perceived network threats or inappropriate access. Over half — 63 percent  of organizations with one to five vendors saw fewer than 5,000 alerts a year, as well as remediated 42 percent of those alerts on their own. Only 42 percent of organizations with five to 10 external vendors cited the same alert-remediation flows, indicating that streamlining vendors is an IT network best practice for organizations to consider seriously.

6. Set up Access Controls

Network access controls tier what programs and applications employees can log into, as well as when and how. Employees with “normal” user privileges can only access fundamental programs and must go through a multi-verification approval process for others. Those with “advanced” user privileges can use a broader range of applications while undergoing continuous security training.

Access control best practices include:

  • Setting up unique, single-employee user accounts for all systems, programs and apps — never shared accounts
  • Installing a central login management program, which tracks and logs all program user history
  • Using only one remote-access portal or program, tightening endpoint security for remote or out-of-office workers
  • Automated monitoring of user server use, flagging strange or irregular usage for manual review — g., logins outside of business hours

7. Integrate Security Into Human Resources Operations

Human resources departments can be powerful defenders of your small business network security checklist. Their daily touchpoints with current employees, as well as onboarding and interactions with new and prospective ones, positions them as a critical resource to instill safer technology users throughout the office.

Too often, IT security remains the siloed responsibility of the IT department. While this is understandable, there are many ways HR operations can bolster technical infrastructure with safer human protocols.

  • Draft and maintain an acceptable use policy for office hardware, including desktops, laptops, smartphones and telecom devices.
  • Draft and maintain explicit confidentiality agreements between third-party vendors, freelancers and contractors.
  • Draft and maintain best-practice password rules and procedures. At the bare minimum, employees should be updating passwords every 90 days.
  • Implement mandatory two-factor authentification for certain program logins beyond simple usernames and passwords.
  • Create overall network privacy policies for employees to sign.

8. Review Network Connections, Activity and Configurations

Threat detection begins with basic network monitoring capabilities. SMBs — and businesses of any size — must deploy technology allowing connection activities across all servers, maintaining a clear view into who’s on your network, where they’re accessing it from, when and even why.

  • Review all current network configurations, meaning the connections between business hardware, software and operating systems. Ensure each has a static IP address, a dedicated domain name server (DNS) and even a WINS name if using Windows.
  • Instate an official BYOD policy. Have employees register those devices with your DNS list using out-of-band management best practices.
  • Conduct training on proper email and communications activities, especially to help employees identify spam, malware and more business network threats.
  • Outline acceptable device use and internet access policies.

9. Revamp Remote Network Policies

Better control of remote endpoints is growing more and more critical for today’s SMBs. Whether those endpoints are freelancers working from home, customers ordering online or third-party vendors interfacing with some aspect of your internal network, businesses now court more entry points for malicious cyber-activity.

Luckily, as the need for tighter remote network controls and access has increased, so have the defenses:

  • Use a set virtual private network for remote employee access.
  • Employ LAN or wireless LAN authentication technology  Cisco’s Wireless Security Suite  to allow only approved devices to connect to your wireless internet.
  • Install firewall intrusion detection software for all web connections and portals.
  • Compile secured wireless access connections and modems into your DNS list, ensuring no unauthorized connections pop up.

10. Adopt Data Encryption

Data encryption works by translating stored plaintext information into a new pattern, called ciphertext, according to an encryption key. Only people who have the key can unscramble the data, adding an extra layer of defense against data thieves.

Data encryption is particularly important to protect customer information. Not only is there a growing movement for tighter regulations of consumer PII, but companies have their very reputation to protect when guarding sensitive data, such as:

  • Customer financial information, like credit, debit cards and bank accounts
  • Social Security numbers
  • Medical history
  • Intellectual property or confidential business data
  • Financial reports

11. Institutionalize a Formal Incident Recovery Plan

As a final security measure, businesses must establish an intra- and inter-department plan in the event of a major cybersecurity incident. These are known as incident response and recovery plans, and they are a keen indication of the stability of a business’ overall IT infrastructure management — plus its continuity abilities when incidents do strike.

Response and recovery plans should be fully integrated across systems. The best include continual plan audits, complemented by frequent vulnerability tests aiming to identify systems backdoors and weaknesses well before outsiders can.

Learn More About IT Security Managed Services for Your Small Business

Morefield Communications has been arming best-of-class IT solutions across client networks, IT support, IP telephone systems and premise security for decades. We partner with some of the world’s leading network security providers to bring businesses — like yours — peace of mind.

Reach out online or give us a call at (717) 761-6170 to create your business’ IT security checklist today.

Learn more about IT security from an expert

Sign Up for Our Newsletter