Play, Work, and Educate Safely
Tom Mroz | 09/01/2020
Securing your home network
With the combination of working from home, and now kids going back to school in all kinds of combinations, it's vital that we keep our home networks secure. The mixture of personal, corporate, and now school owned devices increases the appetite for bad actors to prey on less secure home networks, potentially gaining access to a plethora of organizations and devices from one central location.
The good new is, there are ways we can protect ourselves, and it doesn't have to cost a lot.
Here are some ways to improve
Sr. Solutions Architect
Brian began his career at Ingram Micro in 2012, specializing in network security and cybersecurity. Over the past few years, he has held several roles in the company, including pre-sales engineer, technical account manager and solutions architect. Brian’s current focus is MDR, SOCaas, Fortinet (MSSP program development) and NormShield (SME).
Think ransomware is so “last year”? Not so fast.
Ransomware remains a popular attack method in the public sector, where aging antimalware solutions struggle to keep up. It’s also been reported that “state-linked adversaries will likely increasingly abuse IoT devices to further espionage efforts.”*
Solution? Talk with your state and local government customers about steps they’re taking to protect against ransomware, and as always, maintain cold backups.
State actors and state-sponsored attackers are looking to take a bite out of the energy sector, and recent attacks on the U.S. power grid show efforts to conduct battle space preparation. Are you up to snuff on industrial control systems (ICS) and how to keep them safe?
Solution? Contact Ingram Micro’s Partner Technical Enablement group to learn how to engage with customers in the industrial controls space and become a trusted advisor.
Phishing and other forms of con artistry (aka social engineering) remain the most popular tools for attacking organizations, with the attack vector being responsible for 98% of breaches in 2018.
Solution? Talk to your customers today about email defense products and user awareness training tools.
Subcontractors for major organizations are becoming hot targets for attack, as they help an attacker gain access to the “big fish” that they’re really after. Take the 2013 Target breach for example, where the HVAC vendor was initially compromised to gain access to Target’s primary systems. In the end, every organization has something that attackers can use for their own gain.
Solution? Ensure that policy and governance measures are in place to protect both your organization and subcontractors from hacking efforts.
*Source: 2019 Cyber Threat Outlook, Booz Allen Hamilton
We're in it. Now what?
Tom Mroz - 05/06/2020
During this COVID-19 lockdown, many business are supporting Work From Home and actively using on-site resources. While this is great and we hope the transition was seamless and properly migrated, many companies don't have the staff to support or implement ideal tools to fully support a long term WFH strategy.
Below you will find some tools, ideas, and general topics to consider during this time, and preparing for the future.
Review current security policies and implementations for flaws
Many states implemented strict rules and enforced essential work only policies, causing many businesses to deploy remote workers for most if not all of their organization. Due to this short amount of time to prepare, hardware has been difficult to acquire for some, forcing employees to use personal devices for work. This is an understandable solution, but by no means ideal. Allowing users to access company information, from any device, especially a personal device, needs to have a strong security policy wrapped around its access. Reviewing your current state of WFH security policies and taking a close look at what and how users are accessing data should be considered a high priority.
Utilizing VDI and RDP solutions to access corporate resources on a BYOD will greatly increase security posture and reduces the risk of compromise. To learn more about these solutions, please view our Remote Work Solutions Cheat Sheet.
Update and implement tools to make WFH security easier
Now that you have reviewed your policies and identified any gaps in our security posture, its time to find and implement new tools to secure, while enabling the end users. Our Security Line Card, categorized by NIST Cyber Security Framework, can help you identify products, vendors, and Ingram Micro Contacts to get you started.
Plan for long term WFH and new hire remote roll-outs
Current estimates on societal restrictions points to the possibility of rolling lock-downs through 2021 or even into 2022. This not only means that workforces will likely remain remote for the coming months, but that any new additions to your teams will require them to be remotely deployed.
For both cases, a follow-up policy should be in place to determine that the employee has received their equipment and can successfully connect to company resources. Certain team members with access to privileged capabilities (such as conducting financial transactions and access to sensitive data) should be required to conduct verbal check-ins on certain levels of activity, such as authorizing a large wire transfer. These measures are to prevent abuse by malicious actors trying to mimic a remote employee.
Plan for the return to office
Once you have a secure and solid remote work force, its time to start planning for the migration back into the office. This migration may seem easy at first, but we have a few things to watch out for before we open the doors and start letting workers back into the office.
Ask for help
At Ingram Micro we have various programs for Financing, Education/Training, Professional Services, as well as numerous Reseller and Vendor Partnerships to assist any business of any size succeed in accomplishing their goals. If you need assistance with anything mentioned above, please do not hesitate to contact us for deeper discussions.