Tag Archive for: Best Practices

IT Security for Working at Home

Unfortunately, due to the Coronavirus many employees have been forced to work from home, or may be working from home in the near future. If you find yourself in this situation it’s important to remember to follow the best IT security practices when working from home to not put your company at risk of an online virus or cyberattack.

Working remotely can be challenging because you likely don’t have the same security safeguards in place at home as you do in the office. In addition, most people have multiple devices connected to their home Wifi, including personal computers, smartphones, game consoles, etc. These can all offer hackers a gateway into your home Wifi which can then give them a backdoor into the corporate device you are working from. It’s up to you to implement your own layers of security controls at home to prevent your company’s data from being breached.

 

Cyber criminals love to prey on companies when they are most vulnerable, and one of the weak spots they look for is employees who are not following the best IT security practices for working remotely.

Below is a list of things you can do to prevent cyberattacks while working remotely. You should follow these guidelines whenever you are logged into a corporate laptop or phone, even if it’s just to check a few emails.

IT Security Checklist for Remote Employees

Only Use Secure Wifi

  • Avoid using Public WiFi
  • Use a VPN (Virtual Private Network)
  • Change the default Wifi router passwords to something more secure
  • Update router firmware

Protect Your Workspace

  • Don’t use your personal computer for work
  • Don’t let anyone eavesdrop on what you are working on
  • Encrypt sensitive data in emails
  • Don’t use the same passwords on work devices as you do personal devices
  • Update software for all devices that are connected to your home network (this includes personal computers, television services, game consoles, thermostats, etc.)

Secure Your Devices

  • Update firmware
  • Create strong passwords using multi-factor authentication
  • Review and follow corporate policies and procedures
  • Don’t leave your work devices unaccompanied in a vehicle
  • Keep your home or apartment securely locked

Read about having a secure bring your own device policy >>

Use Common Sense

  • Don’t share your work devices with family or friends
  • Don’t post business itineraries or corporate information online. This includes posting photos that may show addresses, client information, or any other personal or business information in the background
  • Don’t let your guard down. It’s easy to feel comfortable at home but practice the same IT security best practices at home as you would at work

Report Any Security Issues Immediately

  • Don’t wait until it’s too late. If you fear your work computer has been breached contact an IT professional within your company immediately

 

Want to learn more about working from home safely? Read about Threat Remediation while working from home >> 

Fill out the form below or contact PCR Business Systems if you have any questions about setting up a secure workspace for your remote employees.

 

11 ways business owners can keep an eye on their IT

There are two critical mistakes that I see business owners and executives make when it comes to their company’s information technology, both of which can cripple a thriving business in the matter of minutes.

Mistake #1- Thinking a data security breach or system failure can’t happen to you. It can, it does, and if you let your guard down, it will. We see data breaches happen to small and medium size businesses every month, and business owners or CEOs all say the same thing—”we didn’t think it could happen to us.”

Mistake #2- Assuming that everything is set up properly, up-to-date, or that your employees are following the rules. It’s imperative that you are familiar with your IT so that you can make sure everything is in place and working the way it should. It’s just as important to educate your employees on best practices so they don’t do anything to jeopardize your network’s security.

Below are 11 critical IT components that you need to be sure are in place and working properly.

  1. Backups: Be certain your backups are doing their jobs. Know how to test them and be an active part of the process. This exercise will show you how long it would take to recover.
  2. Incidence Response: If there were to be a breach where is it most likely to occur? How will you recover? Who will it affect (which business operation(s)? How much downtime/data loss are you looking at? Is the sensitive data of your customers at risk? If their data is compromised what will you need to communicate? Will you need a layer? Will law enforcement be involved?
  3. Sensitive Data: What kind of data does your company store? Where is it stored? Is remote sharing like Dropbox™ allowed? Is it controlled, or is data being shared over hundreds of personal accounts?
  4. Licensing: Is all your software licensed? Compare agreements to all user accounts.
  5. Inactive users: Make sure inactive users are disabled and not continuously logged on. Make sure to review this periodically
  6. Permissions: Make sure users only have permission to access the data critical for their jobs. Review this periodically as well.
  7. Be Proactive: What steps are you taking to be proactive in ensuring a breach or data loss doesn’t occur? Are you providing user-awareness training? Do you use MultiFactor Authentication for all remote applications (e.g., VPNs, Office365, SalesForce, all web logins, etc).
  8. Patch Reporting: Make sure to receive and review all patch management reports. These will show the machines that have been updated monthly.
  9. Vulnerability reports: Review these at least monthly to assess vulnerabilities in your network and find resolutions.
  10. Review elevated credentials: Ensure only appropriate people have elevated credentials and that they don’t log into these account 24/7/365. Elevated permissions are for making changes only; not for everyday logins.
  11. Engage a 3rd party to do a best practice audit: This is not to question or discredit your IT team, but simply to get additional sets of eyes on your systems. IT systems can almost always be improved but there are costs involved. IT managers will often let items go after being told “no.” You can also think of a 3rd party audit as a proofreader for your network. Great writers never proof their own work. Why? Because it’s extremely difficult to catch your own mistakes.

If you have questions or are interested in having a professional team of experts “get eyes” on your IT, give me a call directly at (330) 572-7526 x 1001 or email me at pat@pcrbusiness.com.

Pat Carroll President PCR Business Systems

Pat Carroll
President, PCR Business Systems

PCR Business Systems is the leading technology solutions provider for small and medium size businesses in Northeast Ohio. We are currently offering a free Network & Data Security Check-up for area businesses who want to be certain their network is set up and working properly.

In-House or Outsourced IT: what’s right for your business?

PCR Business Systems provides outsourced IT services for business that don’t have their own IT department. Each of the businesses we work with find that outsourcing their IT is more cost-effective and also more comprehensive as we have an entire team of dedicated professionals (and the most current IT tools) to help manage their IT.

Yet even though our business focuses on providing outsourced IT, that doesn’t mean that outsourced IT is right for everyone. Some businesses may find that having their own in-house IT department makes more sense for their them.

We’ve created this questionnaire to answer that question for you—what’s right for your business, in-house or outsourced IT? These 11 questions will provide you with an unbiased opinion of what we think will work best for your business at this time.

Click here to begin

Best Practice Approach to Data Security

Below is a summary of the presentation given by PCR Business Systems president, Pat Carroll, at the 2019 Day Ketterer CyberSecurity Seminar. For more information on protecting your business from cyber attacks, or if you have any doubts about your network security you can contact Pat directly at pat@pcrbusiness.com or (330) 572-7526 x 1001.

PCR is also offering Northeast Ohio businesses a free network security audit to make sure you have the proper cybersecurity measures in place. Remember, it’s much easier to prevent a cyber attack than it is to recover from one.


Simple things that companies can do to guard against cyber attacks. These items need to be in place before anything else:

  • Centrally controlled, monitored Antivirus
  • Device control with routine patching – not just Windows, all programs – java, adobe etc
  • Unique user IDs with central control
  • Modern Backup – no tapes

Preventative measures that all companies need to implement:

  • No users with admin rights to computers
  • No elevated permissions logging in for normal computer use – domain admin or 365 admin etc
  • User awareness training – people are the easy target
  • Best in class, properly configured email security – .js, .exe, .zip should never get through
  • Multifactor authentication on all web facing logins – Office365 is a must

Know your risks and review at least annually:

  • Where is sensitive data stored?
  • Typical – PII, EHI
  • Trade Secrets
  • Non-Typical

In addition, schedule periodic reviews of accounts, permissions and don’t allow access if it is not needed.

Know how an attacker is most likely to strike:

  • Use information
  • Trick users to send money
  • Demand a ransom
  • Expose your information?

You have been attacked, what will save you?

Properly configured backup

  • Test it
  • Attack it – test permissions, try to get to it

Properly configured firewall

UTM FEATURES

  • Intrusion Detection with alerting configured
  • IP Reputation
  • Content Filtering
  • Look for suspicious activity leaving the network

Misc:

  • Banking – Know your exposure. Consider Positive Pay on checks and ACH
  • Cyber Liability Insurance
  • Be careful on the questions they require
  • Know what they won’t cover

 

 

 

Pat Carroll 

pat@pcrbusiness.com  (330) 572-7526 x 1001

 

 

Network Security Risk Assessment

Is your business at risk for a Cyber Security Attack?

Our questionnaire will assess your Cyber Security risks and help prevent attacks from ever occurring.

Prevention… In the NFL, it’s a defensive scheme designed to guard against the big play. Except, it seems every time I watch a team go into the prevent defense the opponent drives down the field in a matter of seconds and kicks the game-winning field goal.

Maybe I’ve watched too many Browns games over the years, but this conservative approach to winning always seems to end poorly. I like a coach who goes after the quarterback when the game is on the line—a coach who brings the heat and always keeps the offense off-balance.

I feel the same way about defending against hackers. As soon as you relax your cyber security defense, hackers will find a way to attack where you’re most vulnerable.

 

Free Cyber Security Assessment for Small Businesses

Prevention is key to preventing a cyber attack, but it’s not as simple as putting a few security measures in place to guard against the big attack. You must have a proactive prevention plan in place, you must stay up-to-date on the latest cyber security risks, and you must keep the pressure on hackers by constantly updating and monitoring your network to let them know not to mess with your business.

As we’ve written about in our Cyber Crime Files, cyber attacks can happen to any size business. That includes yours.

So what can you do to actively prevent a cyber attack? You can start by taking this cyber security network assessment to see if your business is prepared.

We designed this high-level cyber security assessment exclusively for small businesses owners so that you can assess your cyber security risks and conclude if you have the proper preventative measures in place.

We hope you find value in our cyber security assessment. If you have any questions please feel free to reach out and we’ll be happy to help your business set up the best defense against cyber criminals.

Should you allow employees to check social media at work?

Here are 4 reasons why we think you should!

Several studies have been conducted on the amount of time employees “waste” on social media at work. One study estimates that over $15 billion in productivity is lost annually due to workers flipping through Instagram photos or browsing Facebook updates while on the job. Additional research concludes that employees between the ages of 18-34 spend 70 minutes EACH DAY on their mobile devices!

These numbers are downright alarming to a small business owner.

But do these studies mean you should rush out and purchase the latest software to monitor and regulate your employees’ social media habits? We say “not so fast.” There are other factors to consider before pulling the plug on social media in the workplace. In fact, we’ve found that you can use the time your employees spend on social platforms to actually promote your company. You just need to offer a little guidance on how it should be done.

Here are 4 reasons why we think it’s wise to allow your employees to check social media at work.

1). They’re Going To Do It Anyway

Let’s be honest, for many of us browsing social media has become a part of our daily lives. We wake up, hop in the shower, have a cup of coffee, and click on our favorite social app to see if we have any important updates.

If we went all day without checking social feeds our heads would likely explode. Employees need their fix so that their minds aren’t distracted thinking about all they’re missing. Give them a few minutes a day of “free time” to log on and see what’s happening in their digital worlds. But encourage them to be brief.  Having an open dialogue with your employees about social media at work can go a long way in boosting employee morale.

2). Create Brand Ambassadors

Most small businesses do not have large marketing budgets. So why not allow your employees to promote your business for you? According to Shannon Gausepohl, “content shared by employees gets eight times more engagement, on average, than content shared by brand channels- and is re-shared 25 times more frequently.”

That’s because posts shared by personal accounts often reach a higher percentage of people than messages shared on your business page. Furthermore, people tend to respond better towards personal endorsements than they do sales pitches from companies.

Just be sure to coach your employees on what they should and should not post to prevent sensitive company data and private information from being shared. (Read more about having the proper social media privacy policy in place).

3). Recruit New Talent

Employee-oriented platforms such as LinkedIn offer valuable personal networking assets not only for people searching for jobs, but also for companies looking to hire the right employees. Social media platforms allow you to reach a large audience through your job postings and can also help you zero in on specific candidates.

Your employees are likely already networking with like-minded professionals in their similar fields. So if you’re looking to hire a new outside salesperson, for example, look no further than your current outside sales team and their social media connections. Your employees already know the right people to recruit through their online social interactions with peers at other businesses.

4). Focus On Your Own Work

Trying to monitor the time your employees spend on social media at work can being expensive and tedious. Your time is much better spent growing your business and building your client base than babysitting your staff’s online behavior.

By putting the proper social media privacy policies in place, coaching your team on what they should and should not post, and giving them a little leniency when it comes to allowing them to spend a few minutes seeing what their friends are up to, you’ll have more time to dedicate to running your business.

For more small business tips please check out the PCR Business Systems blog.