How To Archives | Anderson Technologies

Consider offering employees a hybrid solution to their work from home choices

Work From Home – Who’s Flipping to Hybrid?

March 4, 2021/in How To, Managed Services, Special Projects /by Marcia Spicer

After nearly a year of pandemic-related roadblocks, business owners may feel like circumstances have taught them everything about telework and managing employees both near and far. On the other hand, some business owners may still gravitate towards a strictly on-site model for better collaboration and simpler secure IT. As workers slowly shift to the “new normal” moving forward, and make their long-term needs clear, it may be time to consider a permanent hybrid workforce option.

Download our Work From Home Checklist to learn more about implementing WFH securely.

A May 2020 study of US workers concluded that 55% want some mixture of home and office working in the future. Workers identified that working from home can be easier on employees who have long commutes, require flexible scheduling, or work better outside normal office hours. This is one of many reasons why global companies like Microsoft, Google, Facebook, Dropbox, and Box have all created hybrid work-from-home programs that allow their employees more versatility. Whether your temporary telework solution has been successful or you’re just coming to terms with a partially remote work future, it is time to consider adopting a hybrid remote work model.

How does a hybrid work-from-home model differ from more traditional remote or flexible work models?

Planning is the main key difference between a hybrid model and fully remote or flexible models. The hybrid work-from-home model is not the stop-gap options hastily built in early 2020 to cope with changing regulations. A hybrid work-from-home offering is a permanent option for employees and should be implemented with the care and caution necessary for this shift.

Hybrid telework models look different from company to company, but the universal idea is to allow versatility and autonomy relative to your business’s individual needs. Some workers may find working from home most days and coming into the office one or two days a week works best for them, while others may alternate one week in-house and the next week at home.

You can also implement a hybrid model by department. This could look like hands-on workers and management working from the office while your marketing or accounting teams remain at home where everything they need is accessible remotely.

Hybrid models can significantly reduce overhead, as employees not physically present at the office aren’t using electricity and other resources—including internet bandwidth, depending on your telework model. This can be a helpful way for businesses to right-size their office space and technological needs.

A few things to keep in mind when considering a hybrid telework model:

Scheduling: Keeping a company-wide calendar through a service like Office 365 will help you to schedule meetings, trainings, orientations, and other collaborative events on days when remote employees will be in the office. This will reserve workdays at home for more in-depth, solo work, while also maintaining employee relationships and company culture.
Documenting: Create policy with telework in mind. This means taking into consideration the needs of both office and home workers, like adjusting expected response times for emails or messages and instead calling if something is urgent. It also means remembering your in-office workers are only a part of the team, and decisions, projects, or options may need more than impromptu in-office meetings.
Checking in: Communication is the most essential part of any telework model. Make sure your communication style and methods work for everyone, not just those at home or in-house. A lack of inclusive communication—or a lack of communication in general—will lead to team members feeling, and often being, out of the loop. Communication methods that worked when everyone was working remotely might not be as effective in a hybrid model. Continue to make adjustments as needed.
Maintaining security: At the office, everyone knows to check with a coworker if you receive a sketchy-looking email, but mindsets can be vastly different at home. A shift in work environments still needs to maintain the same continuity of cyber security as the brick-and-mortar office. This means doing due diligence about each employee’s home office hardware and ensuring that security measures like MFA and cyber security training are implemented for your team.
Technology: While employees may have been able to BYOD (bring your own device) during a temporary or emergency work-from-home period, planning for a long-term hybrid approach should include upgrades to necessary hardware. For employees regularly spending time both remote and in the office, a company-owned laptop with a dock in the office is a solution that extends enterprise-security effectively and removes many of the risk-introducing variables of BYOD.

Working from home is unlikely to disappear anytime soon. Building an effective hybrid model means preparing for the possibility that what works for employees right now might be different in six months’ time. Whether you’re fully remote or transitioning to a hybrid telework model, setting up the essential infrastructure and knowing what your team needs should be the biggest factors in creating a hybrid model that works for everyone.

Do you want to implement a secure hybrid telework model but aren’t sure where to begin? Check out our telework guide and connect with us today!

Byte-Size Tech: Don’t Get Zoom-Bombed!

February 25, 2021/in Data Security, How To, Technology Alert, Video /by Marcia Spicer

Mark Anderson and Libby Powers chat about Zoom best practices and share the story of a client who recently got Zoom-bombed after posting the details of their call publicly. Zoom has some security features baked in, but be sure to toggle them and use the tips Mark and Libby share to ensure you have the best Zoom experience! And if you’d like to read more about these tips, check out our blog on the subject!

5 Tips for Security-Conscious Zooming

February 23, 2021/in Data Security, How To, Technology Alert /by Marcia Spicer

Last year when the COVID-19 pandemic restricted our ability to connect in person, we all became very familiar with the video conferencing software Zoom. No one could have predicted that a significant chunk of business in 2020 would be conducted through webcams and video calls. Schools, universities, and businesses have chosen Zoom out of the handful of similar services for years, but now more people than ever have adopted this technology as an essential part of virtual life.

Anderson Technologies has written about the risks that come with working from home, but as we move into the new year, more and more people are choosing to work remotely now that their businesses are working to put infrastructure in place to make a long term remote workforce more secure. This means Zoom will continue to be a linchpin in the business landscape for the foreseeable future.

Still creating your work from home systems and want to make sure you’re doing it right? Take a look at our in-depth guide to working from home securely and then give us a call.

What is Zoom and How Does It Work?

In case you’ve only ever received a Zoom invitation link for a video chat and didn’t look further into the platform, it’s important to understand what this service is before you use it. Zoom is a cloud-based video and voice call service software that works on almost every device and operating system. The basic platform is free, but if you want larger groups and longer meetings, you’ll have to pay for a plan.

Users can access the platform by downloading and installing the Zoom mobile app or desktop client. Anyone can be invited to a Zoom meeting with a link, but only users with a Zoom account can create and control a meeting. The host of a meeting can also require authenticated Zoom profiles, which means everyone attending would need to have a Zoom account.

Is Zoom Secure?

In most cases, yes, though there are some common exceptions. Zoom’s platform offers many meeting settings that allow a user to control the security of a meeting according to their specific needs. The important thing to remember is that you’ll need to review all meeting settings before it begins so that you don’t have any interruptions.

Over the last year especially, Zoom has been the subject of a number of headlines and scandals regarding their security practices. Because of its sudden boom in 2020, lots of Zoom’s security vulnerabilities have risen to the surface, specifically Zoom’s former practice of stating the platform had end-to-end encryption when it did not—an issue for its HIPAA-compliant users.

For more information on Zoom’s security and privacy practices, visit their site. Zoom also offers a deliverable PDF of best practices if you’d like to provide your team with a physical copy.

Public, unsecured meetings are subject to “Zoom bombing,” in which uninvited participants hop into random meetings and cause chaos. Students and teachers using Zoom often found themselves barraged by interruptions ranging from harmless to inappropriate and criminal. A recent analysis of zoom bombings during the first seven months of 2020 found that the majority of incidences were executed by other students or insiders with access to these meetings. This means that users should consider taking more than the bare minimum precautions when using Zoom.

5 Zoom Security Tips

As we continue to rely on Zoom and its digital counterparts to keep businesses on track, here are five easy tips to keep you and your virtual connections safe.

Avoid using your Personal Meeting ID for public meetings. Zoom’s default setting makes repeated meetings and connections easier to schedule with a Personal Meeting ID. If you decide to have an impromptu video chat with your team, it might be tempting to use this one-click feature, but know that doing so leaves your meetings and profile vulnerable to uninvited eyes.
Password-protect all meetings. Creating a Zoom meeting without a password for participants is like leaving your front door open, and this vulnerability has already been taken advantage of since its rise to popularity. Zoom offers an administrator setting that requires a password when scheduling a meeting, so be sure to choose a strong password and share it with the participants using a secure method, like encrypted email or iMessage.
Require meeting participants to create a Zoom account, when possible. This is the only guaranteed way to prevent zoom bombing from outside or inside your organization. Creating a Zoom user account ties a participant’s access to their individual information, which generates a personalized meeting link only that participant can use. Unless a user’s account security has been compromised, no outside interruptions are possible. This isn’t always a practical option for large-scale or public meetings, so in those cases Zoom offers a video webinar with pared-down participation features.
Adjust participant settings. There are many participant features you can toggle, even in the middle of a meeting. This makes it easy to mute a noisy attendee (or all attendees), control who can share their screen, and disable Zoom’s chat feature. These come in handy if you often have public-facing video meetings or meetings with large groups. Zoom’s latest release includes a security feature that can remove and report participants for disruptive behavior, and a host can enable that setting for other participants to use as well. You can also set up a waiting room for meetings. This will allow the meeting host to admit participants on an individual basis, meaning you have full control over who you let into a meeting.
Utilize MFA. If your password is compromised, so are your video conferences. Use MFA (multi-factor authentication) to keep your entire Zoom account and login information secure. Using MFA whenever possible boosts your security across the board.

Alternatives to Zoom

If you’re still searching for the perfect video solution for your business, there are many alternatives available:

Microsoft Teams: This option integrates security features and accounts from other Microsoft products your business may already use.
Google Meet: Formerly known as Google Hangouts, many schools use this if they are already integrated in the Google system. However, it does not offer end-to-end encryption.
Blue Jeans: This service is similar to Zoom but lacks free plans. It does offer seamless integration with Teams, Slack, Workplace, and a customizable API for industry-specific interfaces.
Adobe Connect or GoToMeeting: Though great for presentation-style webinars, these options may be a little clunky for an office chat. GoToMeeting analyzes individual user performance, if that’s something you value.

General Video Safety Tips

No matter which video conference service you choose for your business, there are some general best practices to keep in mind.

Use as much caution with your personal information possible, including one-time meeting links. Keep your login credentials safe. Hackers can use AI to guess passwords typed while on video.
Be aware of what your surroundings reveal, especially on public or unencrypted calls.
Sharing your screen? Prepare the area to display only what is necessary for the call.
Pause before clicking unsolicited video call links. Verify with the sender on another platform if you receive a suspicious invitation, and stay aware of phishing tactics that might mimic Zoom or other video conference services.

Zoom and its counterparts are here to stay, so no matter which video conferencing platform you decide on for your business, it’s important to encourage your team to use best practices even outside the office. As businesses adapt to the changing digital landscape, make sure you keep your employees and your security safeguards ready for anything the future holds.

Need help choosing a video conferencing platform, or have other questions about your remote work security? Anderson Technologies is here to help. Contact us today!

Learn: Battle of the Brands: Microsoft’s Office 365 vs. Google’s Workspace

February 4, 2021/in How To, Managed Services, Technology Alert /by Marcia Spicer

Microsoft and Google are two of the most common technology foundations. Which one you choose can fundamentally change the way you and your employees operate. The decision is a big one and will impact your company for years to come.

Microsoft Office 365 vs. Google Workspace

Busting Business Email Compromise

January 7, 2021/in Client Feature, How To, Managed Services /by Marcia Spicer

In cyber security circles, Ubiquiti Networks, manufacturer of wired and wireless network devices, is infamous for more than their products.

Over a period of 17 days and 14 wire transfers in 2015, $46.7 million was transferred out of Ubiquiti’s coffers to criminals’ bank accounts based on a made-up acquisition in an elaborate Business Email Compromise (BEC) scam. The money disappeared quickly, and the transactions went unquestioned for two months. Time and effort ultimately recovered over $16 million, but lost an additional $39.1 million in professional fees, and countless amounts in reputation.

Business Email Compromise, sometimes known as CEO Fraud, accounts for a sizeable chunk of unwanted spam and fraudulent emails that, according to Kaspersky, make up about 50% of typical inbox contents. Monetary loss related to BEC is more than that of data breach, ransomware, and other malware attacks combined because targets are chosen for their high-level access to information or funds. In their 2019 report, the Internet Crime Complain Center (IC3) estimated that the loss related to BEC totaled about $1.7 billion, which was over half of all cyber crime losses recorded that year. When BEC succeeds, it makes the news.

The Ubiquiti BEC case is one of the most famous and offers insight into criminals’ methods and how to stop BEC attempts in their tracks. Even a major technology firm like Ubiquiti should never assume they are immune to these increasingly sophisticated attacks.

The Ubiquiti Scandal

May 19, 2015: New CFO of Ubiquiti, Rohit Chakravarthy receives two emails after just one month on the job. One appears to be from his boss, Ubiquiti founder and chief executive Robert Pera. Ubiquiti later explains that their own email systems were not compromised, but the email that Chakravarthy receives has all the appropriate indications he sees in in communications with Pera. Faux-Pera explains that Ubiquiti is in the process of a new, confidential

As expected, Chakravarthy receives the first of several emails that appear to be from Latham & Watkins lawyer, Tom Evans. The only thing that seems to be off about this communication is that the email address used is from “consultant.com,” but with the rest of the story matching, Chakravarthy follows the instructions, overruling standard industry procedure and, based on all reports, acts alone.

Over the next 17 days, Chakravarthy makes 14 wire transfers to accounts around the world, in places like Russia, China, Hungary, and Poland. These payments total $46.7 million.

June 5, 2015: The real Robert Pera receives an email from the FBI. They’ve been monitoring one of the accounts Ubiquiti has paid into, and they inform Pera that Ubiquiti has become a victim of business email compromise. This is the first he has heard of these substantial money transfers. The company works with one of their banks to begin legal proceedings and quickly recovers $8.1 million.

August, 2015: Ubiquiti discloses the scam and the money involved to the press. No names are shared at this point, but Chakravarthy resigns.

2016: Ubiquiti has recovered a total of $16.7 million.

2020: It does not appear that Ubiquiti has recovered any additional funds, but has lost at least an additional $39 million in fees and bears the unfortunate reputation as a cyber security risk.

Identifying BEC

In a 2016 (but still relevant) public service announcement, the FBI identified five recognizable types of BEC scams to watch out for:

The Bogus Invoice Scheme/Supplier Swindle. Closely matching form and function of known invoices and services, a fraudster—masked as a long-standing supplier or partner—sends an invoice or updated instructions for payment into a new account. The victim is accustomed to fulfilling payments and often does so without question.
CEO Fraud/Wire Fraud. A high-level executive’s email account is compromised through hack or spoofing. This account sends a request for wire transfer to another employee within the company who makes these payments as part of their normal duties. The impersonated executive requests that the payment be made to a different account than normal and provides an excuse that seems reasonable.
Email Account Compromise. An employee’s email account is hacked. This is used to send invoices and payment requests to vendors who are already on the employee’s contact list. The business may be completely unaware of these requests unless a vendor becomes suspicious.
Attorney or Executive Impersonation. The attacker pretends to be from a partner organization or legal firm, one with known connections to the business. The message emphasizes confidentiality and urgency, and might be timed for the end of a business day or work week, forcing the victim to act quickly.
Data Theft. An attacker uses social engineering to target human resources or bookkeeping departments to obtain W2 forms and other personally-identifying information (PII). This information can be used for tax fraud or to hone in on other attacks. These attacks are often combined with Account Compromise, making the victim think that the request is coming from a legitimate source.

Preventing Your Own Ubiquiti

Building and enforcing standards that require checks and balances when sending any money over a certain amount, as well as employee and client data, can circumvent BEC as a matter of course.

As a company, set an acceptable dollar amount for solo-authorized transfers. Any requests over that amount should require second approval via different means of communication. Hitting reply on an email may go back to the criminal’s account.
Any email involving something as important as a company acquisition, merger, million-dollar payment, or PII warrants a follow-up phone call. Build a policy where this is standard, so the recipient knows to expect it in the event of a legitimate request. Don’t just click on phone numbers provided in emails; maintain a master company directory for approvals. If the request comes from a vendor, use contact information from previous billing or that is publicly available on their website.
Enable 2FA/MFA on all accounts, ensuring that the only one accessing your accounts is you. Never provide anyone with these access codes. Include this in official policy.
Undergo annual, company-wide, and at-hire cybersecurity training. Emphasize the best practice of asking questions of peers and superiors, and enable a direct line of communication with IT.

Any question or concern addressed before clicking a link could be the one that stops a BEC attack and saves your company millions, not to mention maintains your reputation.

Is it time to partner with trusted IT experts to address cybersecurity as the viable threat it is to your business? Contact us for a free cyber security/infrastructure audit or employee awareness training.

Want to read more about the Ubiquiti scandal? The following sources provide further insight.

Krebs on Security, “Tech Firm Ubiquiti Suffers $46M Cyberheist.” August 15, 2015.
Vardi, Nathan for Forbes, “How A Tech Billionaire’s Company Misplaced $46.7 Million And Didn’t Know It.” February 8, 2016.
Bakarich, Kathleen M., and Devon Baranek. “Something Phish-y is Going On Here: A Teaching Case on Business Email Compromise.” Current Issues in Auditing. Vol. 14, No. 1, Spring 2020. Pp. A1-A9.

Learn: How to Reduce Risk and Secure Your IoT Devices

December 2, 2020/in Data Security, How To, Technology Alert /by Marcia Spicer

Internet of Things (IoT) devices provide a service to the user, but also provide a glut of information for developers. Developers state that the information collected is a tool for honing services and enhancing user experience, but this information is also worth a lot of money to them for ad targeting and consumer behavior patterns.

Learn How to Make Smart Investments in IoT

Rightsizing Now and for the Future

November 27, 2020/in Client Feature, How To, Managed Services /by Marcia Spicer

COVID-19 has changed the way people live and do business, so it’s more important than ever to take a step back and assess the needs of your company. Do you have too many computers for your employees, or not enough? What products and services are you paying for each month? Whether you need to streamline your resources or you find your business bursting at the seams, having infrastructure that doesn’t fit your needs can cost you money and efficiency.

Audit! Audit! Audit!

The first step to rightsizing your business is to take a long look at what you have already. A thorough audit of what you have, what you’re spending, and what you need provides the necessary information to determine the need for, and to begin, any business restructuring. Anderson Technologies recently helped two clients assess their IT infrastructure and identified several areas that are essential to cover in the auditing process.

Audit the functionality of your equipment. Are you using all the equipment you pay for? Are subscriptions being used to their fullest? Are you struggling to find space or equipment for new employees?
- During our audit, one client found that they were paying for a copier/printer that no one was using. Removing it was an easy way to cut costs.
Audit all contracts. This process often reveals that you’re actually paying for things you never needed or that do not fit your company’s needs at all. It’s important to go through all contracts to find out exactly what you’ve agreed to, and never sign a multi-year contract without fully understanding what you are purchasing. Contact your IT staff or managed services provider (MSP) if you’re unsure about any technology or software contracts.
- One new client had previously signed a three-year contract to a data center that locked them into paying for far more than they needed.
Audit all vendors. Vendors who fail to deliver, or who offer subpar goods and services make audits (and removal) easy, but make sure to audit the vendors who have treated you fairly and always delivered, too. Times have changed, so do they still fit your needs? Is it time to change what services they provide or how much you use them? Is it time to switch vendors altogether?
- Look at whether vendors can adjust to your new size over time. They may have been perfect for the size you were, but can they handle your business as it grows? If you need to streamline operations, do they handle smaller companies?
Audit legacy systems and software. Times change for your industry, too, and advancements in software and technology can improve work efficiency and save money. An old industry-specific software may have been perfect ten years ago, but are there new options available that would save your employees time and hassle? When employees don’t have to battle with outdated systems, they can use their time and effort on more productive tasks.
- Look closely at the software you’ve previously bought outright. Does it have a cloud version that is cheaper and provides consistent updates? Software that no longer receives security patches can pose severe risks to your business and your data. And with so many people working from home due to COVID-19, cloud flexibility can keep your business running no matter where your employees are working.

Throughout the process, keep asking yourself these three questions:

What do I have that I don’t need?
What do I need that I don’t have?
Do I need a physical version or can I move to the cloud?

Streamlining Your Resources

If you need to streamline your resources or adjust to a smaller, sometimes home-bound, workforce, auditing is essential. Don’t think that just because it worked before you should keep doing things that way.

Finding innovative ways to work has been the reality for many businesses in 2020, so it’s more important than ever to audit your business’s changing needs. What programs are you running that you may no longer need? Can your vendor accommodate your new needs? Check contracts to see what options you have to rightsize software or hardware to your changing situation. If your current vendors aren’t able to adapt, it may be time to find a more flexible one that can accommodate present conditions while preparing for future growth.

Another strategy for streamlining your resources is searching for cheaper options to infrastructure you already use. If what you had was working fine, you probably didn’t need to look for new solutions. Take the time now to determine how much money you currently spend on your technology and search for less expensive but robust versions.

Anderson Technologies has seen firsthand how auditing IT systems can save a business’s monthly expenditures. After a thorough look at the computer needs of one new client, our technicians found that the client was paying close to twenty thousand dollars a month on virtual servers they didn’t need. Our IT experts were able to reduce that number to around four thousand dollars per month by rightsizing to the client’s actual needs.

Preparing for Growth

Auditing plays a key role in preparing your business for expansion. Look for what is limiting your business’s growth. If you don’t have enough physical space, being tied to an office can slow down your ability to expand. Cloud options that allow employees to work from anywhere could provide the flexibility your business needs to move forward.

It’s important to work with your IT staff or MSP to keep track of your changing technological needs. With expert help, you can find effective hardware and software so that you don’t over or under buy for your IT infrastructure. It’s also important to have IT professionals maintain your security during both the auditing and operation change process. Your security requirements will grow along with your business. Don’t just stay with what you have now, secure what you are going to be.

A Post-COVID-19 Future

No matter how you need to rightsize your business at the moment, begin planning for your post-COVID-19 business now. Your business is going to continue changing when we move beyond a COVID-19 lifestyle. Prepare for that future now.

Rightsizing gives you the chance to move to technology or vendors that can adapt to both streamlining resources and growing needs. Don’t get tied down to software or vendors who won’t change with you. Invest in your future so you’re ready to move your business forward in this constantly changing world.

If you need help rightsizing your IT infrastructure to your business’s needs, contact Anderson Technologies at 314.394.3001 or email us at info@andersontech.com.

Policies To Update When Employees Return to Work

October 8, 2020/in How To, Managed Services, Special Projects /by Marcia Spicer

For more than six months, the world has been upended by the COVID-19 pandemic. A true return to “normal” may seem far on the horizon, but many companies are preparing their offices for employees to return full- or part-time. There’s much to prepare in order to meet everyone’s needs during this transition, some decisions are more complicated than others depending on the size of the company. Just as important as the physical safeguards you put in place are the policies and preparations for the future. Now is the time to think about how your business will handle a crisis in the future.

Prepping the Office

Employee safety and peace of mind is of the utmost importance when transitioning away from work from home. As people return to the office, ensure that commonly used surfaces, such as doorknobs and cabinet handles, are cleaned daily. While regular cleaning products are fine for a keyboard and mouse, monitors require special screen-safe products. If computers or workstations are used by multiple people, encourage sanitization of commonly touched surfaces before beginning work.

Listen to your employees. Some will be more apprehensive about the cleanliness of the office than others. Take their concerns to heart and do your best to make them feel safe and comfortable. Follow the local laws and stay up on CDC guidelines.

Communicate Clearly and Regularly

Communication between employees and management will make the transition back into the office smoother. Talk with your employees about what conditions they need in place to feel comfortable at work. Create policies that lay out exactly what is required of each person and ensure everyone understands their personal responsibilities before they arrive back at work. For some, regulations may seem unnecessary, but others won’t be comfortable returning to the office without them.

Make sure your employees know the best ways to communicate with management and each other. This is especially important for hybrid work environments. Software such as Microsoft Teams is an easy tool for maintaining contact with everyone. Zoom or other video conferencing applications are a great way to replicate the feeling of a face-to-face meeting in the office.

Review IT Infrastructure

A lot of changes happened in a short time to accommodate so many people suddenly working from home at the start of the pandemic. Now that your business is ready to bring some or all of your employees back to the office, review your technology infrastructure with your IT staff or managed services provider (MSP). You may find some of the changes you made back in March 2020 are no longer necessary or need to be modified to ensure both in-office and at-home workers are working effectively. This includes, but is not limited to, checking on software licenses, internet bandwidth, and new hardware.

Policies and Business Continuity

Physically preparing your business to bring workers back is important, but it’s not the only thing you should be doing right now. Across the IT industry, companies found that the upheaval around the pandemic revealed holes in policies and business continuity plans, if a company had one prepared at all. This is the time to take the lessons learned from COVID-19 and build out the policies and plans that will protect and guide your business in the future.

Work-from-Home Policy

Unless you already had some employees working from home, chances are you didn’t have a work-from-home policy before the pandemic. During your IT infrastructure review, document the IT needs of an employee working from home and the best methods for them to access company data. Discuss with your IT team or MSP the security requirements necessary to protect your systems and make sure it is implemented on home and office workstations as necessary.

Clearly write out the proper use of remote access and ensure all employees have read and understand the policy. Define who is allowed to work from home during emergency situations and who may continue to do so on a full- or part-time basis once your office is up and running. You may not have had time when the pandemic began, but it’s never too late to shore up your defenses with thorough policy.

Emergency Response Plan

If you didn’t have a set emergency response plan, you probably found sudden quarantine shutdowns a hectic time. Don’t be caught unprepared again. As COVID-19 continues to affect the world, future shutdowns can’t be ruled out. Take this time to put your experiences on paper and create an emergency response plan. What didn’t you have prepared that you needed? What did you have that didn’t work as well as you thought? What did work? Use the answers to these types of questions to make sure the next time you’re in crisis, you have a plan to make the process easier. Reach out to your IT team or MSP to help fill in areas that were troublesome, and get emergency solutions in place now to prepare.

Business Continuity Plan

This was probably the plan you could have used most during lockdown if you didn’t have it in place already. While the emergency response plan gets you through an immediate crisis, it’s the business continuity plan that brings your business back to working order after the crisis has calmed but before things return to normal. Some businesses are still in this transition, so it’s more important than ever to prepare a solid policy to help your business through this unpredictable time.

The business continuity plan should lay out how your business will function outside of the office environment. How will you communicate with vendors? With clients? What happens if you cannot fulfill commitments? What steps will you take to prevent loss of productivity? These are no doubt questions you’ve already been asking for the last six months, so don’t waste the opportunity to build a business continuity plan now while the answers are fresh in your mind. This will prepare you not only for other types of disasters, but for any future disturbances due to the pandemic.

Returning to the office takes more than a good cleaning. The COVID-19 pandemic has taught businesses valuable lessons on emergency response and business continuity. Put those lessons into practice with set policies while creating an atmosphere of prevention in the office.

Need help reviewing your IT infrastructure before bringing employees back to the office? Contact Anderson Technologies. We can be reached at 314-394-3001 or info@andersontech.com.

Don’t Take the Bait: Securing a Remote Workforce

June 26, 2020/in Data Security, How To /by Marcia Spicer

With the increase in employees working from home, a comprehensive cyber security plan is imperative now more than ever. Remote access to your business’s network, especially from personal computers and devices, is a weak link in your cyber defenses. This makes the need for comprehensive employee training essential to your cyber security plan. One successful phishing attack combined with remote access can provide bad actors a direct path from your employee’s computer to your business.

Work from Home Safely

For many businesses that suddenly gained a remote workforce, employees are the first line of defense against cyber attacks. Employee education for phishing attacks and basic cyber security measures are essential tools in your business’s defense against a network breach.

Phishing in the Time of COVID-19

While cyber security education has improved employees’ ability to spot phishing attempts, the COVID-19 pandemic opened new avenues for bad actors to exploit in their phishing attacks. The tactics aren’t new. Bad actors continue to trick the distracted or unsuspecting into clicking a link or downloading an attachment, and they continue to target specific individuals for business email compromise (BEC) schemes.

What has changed are the lures used trick the recipient into action. Bad actors have shifted their message to capitalize on the uncertainty around the novel coronavirus. Emails spoofing health organizations such as the WHO and the CDC contain links or attachments that claim to contain information about the coronavirus pandemic. An employee who may know not to click on a random link sent to them in an email, even from a known contact, might not be so careful against a link purporting to inform them about updated COVID-19 news.

Train your employees to be skeptical of all emails or messages related to the COVID-19 pandemic. Most major organizations are not going to be directly emailing individuals. If an email claims to be from an official source, do not click the link, but rather go directly to the organization’s website. Any updated information or legitimate news will be posted there.

Put into place policies and procedures to protect against BEC schemes. Bad actors have tailored their messages to take advantage of the isolation of the remote workforce. BEC attacks rely on the recipient not verifying a request for funds or access with the person or company being impersonated, thus failing to discover that the transaction is illegitimate. Their new tactic to ensure this is to include a note that the requester can’t be contacted due to COVID-19 quarantine, or not to tell anyone so their stated COVID-19-positive status is not known publicly.

Every business should have policies that require all changes to account numbers or unplanned transactions to be verbally verified through known channels (not the email’s contact information) before being enacted. This simple policy reduces the chance of successful BEC attacks from happening in your company.

Bring Your Own Devices

Many businesses don’t have the capital to buy new hardware for their newly-remote workforce. This results in what is referred to as BYOD or Bring Your Own Device. With BYOD, employees use their personal computers or mobile devices to access company data, whether through VPN, web portal, remote desktop application, or software-specific application. This is a cost-efficient option for those working from home, but it comes with risks and can be difficult to secure if you’re not a trained IT professional.

No home network is going to be as secure as a properly set up office network with an enterprise-grade hardware firewall, but there are measures that your employees can take to strengthen their home defenses. Make it policy to ask these basic security questions before allowing employees to work from their personal computers:

Do they have a router with WPA2 or higher password protection enabled?
If they live with others, do they have their own password-protected profile on the computer?
Are all passwords unique and meet your company’s password policy requirements?
Can they work in a place where others cannot see company data?
Can they limit browser extensions or use a separate browser for work to avoid data leakage?
Is their computer operating system and anti-malware/virus software up to date?
Have they been trained to identify problems with their computer systems that may indicate infection?
Do they know who to call if they suspect their computer may be compromised while connected to your business network?
Have they been trained on all work-from-home policies and procedures?
Have they been trained in cyber security best practices, including how to spot phishing attempts and suspicious websites?

The computers may belong to your employees, but the data they’re accessing is your business. Make sure to reduce the risk of remote access as much as possible.

Training Is Key

The best defense against compromise is a comprehensive, on-going training plan for all employees. They can’t spot phishing if they don’t know how to identify it nor use strong passwords if they don’t know what’s secure. When employees work from home on less secure networks, it is even more important to ensure they are informed and prepared for any cyber security challenges that may arise. Annual training with cyber security professionals can keep you and your employees up to date on the trends in security threats and how to defend against them. Don’t wait until it’s too late to give your employees the information they need to protect your business.

Our FREE guide for employees details best practices in cyber security!

A remote workforce is a weak link in your cyber defenses, but that doesn’t mean you can’t set it up as securely as possible. Verify security measures and provide the necessary training and policies to keep your employees and your business safe.

If you need cyber security training for your remote workforce, contact Anderson Technologies. We can be reached at 314-394-3001 or info@andersontech.com.

Quotables: Serious IT Considerations for a Post-COVID-19 World (HR Daily Advisor)

June 25, 2020/in How To, Quotables, Technology Alert /by Marcia Spicer

Principal Amy O. Anderson is featured in HR Daily Advisor.

Click here to read the full article!

Are you in need of expert IT consulting? Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses. Let us help you today! Give us a call at 314.394.3001 or email us at info@andersontech.com.

What are Quotables? This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers.

Related Reading