​Play, Work, and Educate Safely

Tom Mroz | 09/01/2020

Securing your home network

With the combination of working from home, and now kids going back to school in all kinds of combinations, it's vital that we keep our home networks secure. The mixture of personal, corporate, and now school owned devices increases the appetite for bad actors to prey on less secure home networks, potentially gaining access to a plethora of organizations and devices from one central location. 

The good new is, there are ways we can protect ourselves, and it doesn't have to cost a lot. 

Here are some ways to improve
your cybersecurity posture

Cybersecurity Awareness is key for protecting home networks. Without the budget and staff to maintain a secure network, you need to stay vigilant on the latest trends and techniques bad actors use to gain access to networks.

​With the #1 threat vector being though email, it's critical we educate users (children included) on cyber security, to ensure they are aware of common email phishing scams, like checking for misspellings in the senders email address, hovering over links to validate the address before clicking, and never downloading unknown files or sending out personal information. A good rule to follow is if it sounds too good to be true, it probably is.

Checking for system updates and using Anti-malware software to keep up on the latest protection is also going to play a big role in home network security. By keeping patches up to date, you minimize the number of vulnerabilities  available for bad actors to take advantage of.

Using a strong anti-malware product will also help protect your devices from hackers. Anti-malware products often contain a lot more features than just AV scanning. Look for a tool that will provide additional protection like machine learning, webcam/mic monitoring, URL filtering/firewall, anti-spam, and vulnerability assessments. 

​Ensure you are using strong, unique passwords and two-factor authentication when available. According to the Verizon Data Breach Investigations Report, 80% of hacking-related breaches are tied to passwords. This relates back to security awareness and phishing scams. If a user a user mistakenly gives out their password, they will still be protected by the required second form of authentication, like an SMS code, fingerprint, or other form of verification, and will help ensure only the authorized user is allowed to log into the application or website.

Network Segmentation will also help keep devices secure. If your router has a guest network option, you should use it for the corporate and school devices. This will keep the traffic from those devices separate from each other, as well as your personal devices on the network. This helps reduce the ability for malware to spread laterally across the network onto those other devices, that shouldn't be communicating with personal devices anyway. 

Lastly, update your DNS setting on your router. By using a free DNS services like Cloud Flare for Families, you can block malware and adult content at the DNS level for free. This is especially great for IoT and Mobile devices that you cant always install software on to protect.

And as always, if you need any additional assistance, please feel free to contact any of our security experts here at Ingram Micro.
cybersecurity@ingrammicro.com
Brian Rauls
Sr. Solutions Architect
Brian.Rauls@ingrammicro.com


Brian began his career at Ingram Micro in 2012, specializing in network security and cybersecurity. Over the past few years, he has held several roles in the company, including pre-sales engineer, technical account manager and solutions architect. Brian’s current focus is MDR, SOCaas, Fortinet (MSSP program development) and NormShield (SME).
Think ransomware is so “last year”? Not so fast.

Ransomware remains a popular attack method in the public sector, where aging antimalware solutions struggle to keep up. It’s also been reported that “state-linked adversaries will likely increasingly abuse IoT devices to further espionage efforts.”*

Solution? Talk with your state and local government customers about steps they’re taking to protect against ransomware, and as always, maintain cold backups.
State actors and state-sponsored attackers are looking to take a bite out of the energy sector, and recent attacks on the U.S. power grid show efforts to conduct battle space preparation. Are you up to snuff on industrial control systems (ICS) and how to keep them safe?

Solution? Contact Ingram Micro’s Partner Technical Enablement group to learn how to engage with customers in the industrial controls space and become a trusted advisor.
Phishing and other forms of con artistry (aka social engineering) remain the most popular tools for attacking organizations, with the attack vector being responsible for 98% of breaches in 2018.

​Solution? Talk to your customers today about email defense products and user awareness training tools.
Subcontractors for major organizations are becoming hot targets for attack, as they help an attacker gain access to the “big fish” that they’re really after. Take the 2013 Target breach for example, where the HVAC vendor was initially compromised to gain access to Target’s primary systems. In the end, every organization has something that attackers can use for their own gain.

Solution? Ensure that policy and governance measures are in place to protect both your organization and subcontractors from hacking efforts. 


*Source: 2019 Cyber Threat Outlook, Booz Allen Hamilton


We're in it. Now what?

Tom Mroz - 05/06/2020
 During this COVID-19 lockdown, many business are supporting Work From Home and actively using on-site resources. While this is great and we hope the transition was seamless and properly migrated, many companies don't have the staff to support or implement ideal tools to fully support a long term WFH strategy.

Below you will find some tools, ideas, and general topics to consider during this time, and preparing for the future.

Long Term WFH Security Checks

📧  Phishing attacks continue to increase
  • Phishing attacks have increased by over 600% since the start of COVID-19
    • Targeting "new information" about COVID-19, as well as stimulus check payments
💣  "ZoomBombing" and other collaboration tools will continue to be targeted
  • Ensure users are following safe practices, utilize FAQ docs and online safety resources
  • User privacy and data need to be top of mind for compliance 
😷  Adapt to the new norm of WFH and embrace tools to help you succeed
  • Utilize SaaS tools and 3rd party resources to complete tasks and fill gaps in staffing​
🔬  Assess, analyze and treat risks from current WFH deployment regularly
  • Assess 3rd party cyber security impacts such as cloud services and professional services​
💻 Endpoints on unsecured networks will be easy targets
  • Home networks typically aren't secured by a firewall, ensure a WFH policy has been sent to employees to update IoT devices, personal devices, and change default passwords

WFH Security Tips & Tools

☑️  Endpoint Security
  • Ideally endpoint that supports both Signatures and Machine Learning or AI to prevent zero day threats
  • ​Enable Firewall, USB Port Scanning/Blocking, Web Filtering, Application Control, Data Loss Prevention (DLP), Anti-Ransomware
  • Upgrade to EDR for deeper analysis if budget allows
    • Use MDR services if you don't have the staff to manage or monitor
☑️  E-mail Protection
  • Utilize phishing campaigns for awareness
  • Scan in both directions
    • Detection of compromised devices and prevents clients/customers from receiving spam
    • Turn on DLP to prevent sensitive data from leaving though email
  • Enable URL rewrites to protect against malicious DNS redirects
☑️  Virtual Private Networks (VPN)
  • Assume all non-corporate controlled networks are compromised
  • Use Split Tunnel VPN for non-sensitive websites to reduce overhead on HQ firewall
  • Enable Multi-Factor Authentication to validate access
  • Use VPN to validate device hygiene before granting access
☑️  Single Sign-On (SSO) & 2FA​
  • Eliminate Password Reuse & Complexity
  • Prevent Credential Compromise with 2FA
  • Enable everywhere that supports it, Cloud Apps, VPN, PC Login, etc.
☑️  Mobile Device Management (MDM)
  • Ability to Locate, Lock, Patch, and Wipe devices
☑️  Vulnerability & Patch Management
  • Create a patch management policy with a set schedule & endpoint vulnerability assessment plan
  • Scan and assess network internally & externally
☑️  Enable Encryption
  • Disk: Protects data if a device is lost or stolen
  • File/Folder: If files are shared or removed from the device
☑️  Provide Secure Ways to Backup and Share Files
  • Cloud based backup and file sharing for remote devices
    • ​Ex. OneDrive with time expiring links
  • Enable Version History to restore if case of ransomware attack
☑️  DNS Level Content Filtering
  • Prevent malicious and unwanted content from reaching the endpoint
  • Supports Mobile devices as well
☑️  End user cyber security training
  • Cyber educated employees help reduce the risk of potential compromise
☑️  Create Policies & FAQ Docs for Remote users
  • Review polices if they already exist
  • FAQ doc for end users to help reduce IT service requests
☑️  Review Incident Response Procedure 
  • Tie it all together with a SIEM for advanced threat hunting
    • Use Security Operations Center as a Service (SOCaaS) for 24x7 monitoring
  • Have a plan for remediation and risk management
    • Utilize governance, risk, and compliance (GRC) tools to manage risk
    • Have offline and remote copies in case of ransomware or disasters
Use our Security Line Card to find matching solutions

Review current security policies and implementations for flaws

Many states implemented strict rules and enforced essential work only policies, causing many businesses to deploy remote workers for most if not all of their organization. Due to this short amount of time to prepare, hardware has been difficult to acquire for some, forcing  employees to use personal devices for work. This is an understandable solution, but  by no means ideal. Allowing users to access company information, from any device, especially a personal device, needs to have a strong security policy wrapped around its access. Reviewing your current state of WFH security policies and taking a close look at what and how users are accessing data should be considered a high priority.

Utilizing VDI and RDP solutions to access corporate resources on a BYOD will greatly increase security posture and reduces the risk of compromise. To learn more about these solutions, please view our Remote Work Solutions Cheat Sheet.

Update and implement tools to make WFH security easier

Now that you have reviewed your policies and identified any gaps in our security posture, its time to find and implement new tools to secure, while enabling the end users. Our Security Line Card, categorized by NIST Cyber Security Framework, can help you identify products, vendors, and Ingram Micro Contacts to get you started.

Plan for long term WFH and new hire remote roll-outs

Current estimates on societal restrictions points to the possibility of rolling lock-downs through 2021 or even into 2022. This not only means that workforces will likely remain remote for the coming months, but that any new additions to your teams will require them to be remotely deployed. 
  • For existing remotely deployed employees
    • Ensure that remotely deployed laptops and desktops are on a regular patch management cycle.
    • Fill gaps in remote worker equipment needs such as webcams, headsets, and other ergonomic needs that they would normally have access to in an office environment.
    • Have a plan for secure device replacement in the event a system reached end-of-life or requires decommissioning due to damage or system failure.
  • For remotely deployed new hires
    • Create a new policy or modify existing policies for deploying IT to new hires in a timely fashion to ensure no lapse between start date and the employee having access to resources.
    • Modify previously existing ramp-up procedures to remote, including new hire training, team introductions, etc.
    • Determine if additional equipment such as monitors, headsets, keyboards, and mice will be employee or employer provided. These plans can include additional shipment of these supplies or issuance of a stipend to acquire these items.
For both cases, a follow-up policy should be in place to determine that the employee has received their equipment and can successfully connect to company resources. Certain team members with access to privileged capabilities (such as conducting financial transactions and access to sensitive data) should be required to conduct verbal check-ins on certain levels of activity, such as authorizing a large wire transfer. These measures are to prevent abuse by malicious actors trying to mimic a remote employee.

Plan for the return to office

Once you have a secure and solid remote work force, its time to start planning for the migration back into the office. This migration may seem easy at first, but we have a few things to watch out for before we open the doors and start letting workers back into the office.
  • Some employees might be hesitant or unwilling to migrate back to the office
    • Employees may not want to gather in large groups
    • Phase migration into the office in waves, preventing any major disruption should problems occur
    • Many people will enjoy working from home, don't force users back for risk of losing a good employee 
    • Things will likely never be the same at an office like it was before COVID-19 and that's okay
  • Devices that were left at the office will likely need to be updated, patched, and reviewed before its safe to use again
    • If a device was powered off or in a sleep state, it likely hasn't been receiving OS or AV updates
    • Devices that were online, but not used, should be scanned and checked for patches as well
    • Check to ensure devices have working backups
  • Confirm ISPs and backup connections are connected and working
    • If you haven't been connecting back to the HQ for resources, check to make sure your WAN is at 100% functionality
  • Check password policies and credentials haven't expired for necessary resources
    • Make sure users can access the data and applications as needed without disruption

Ask for help

At Ingram Micro we have various programs for Financing, Education/Training, Professional Services, as well as numerous Reseller and Vendor Partnerships to assist any business of any size succeed in accomplishing their goals. If you need assistance with anything mentioned above, please do not hesitate to contact us for deeper discussions.
Site Feedback Encouraged