Categories
Uncategorized

How COVID-19 Increased Enterprise Device Usage and Its Effects on IT Professionals

*What has your experience been?  Post your thoughts below.

COVID impacted more than just our health. Businesses and schools have adjusted to hybrid models while consumers spend more time shopping virtually. It’s as if the entire world has shifted. The common phrase, “these are unprecedented times” rings true. 

This shift has landed us deeper into the world of technology. As organizations change the way they interact with consumers and employees, businesses have increased their device usage drastically. People have decided to adopt new business practices that emerged out of necessity during the lockdown. 

The need for hybrid models has increased stress and pressure on IT staff to keep up. Unfortunately, many businesses have increased their device count without increasing their IT staff. 

This side of the labor shortage has left IT staff feeling a strain on their mental and emotional health. Beyond managing more devices, IT staff have increased the complexity of technology after COVID-19. Complex systems take time to learn, implement, and manage. 

Our information technology teams are essential aspects of businesses of all sizes. Their mental health and well-being should be a priority. Sadly, many times this is overlooked in order to meet a deadline or get ahead of the technological curve. 

IT staff are imperative to running any organization. This is why it’s important to be strategic about how we approach easing their stress without decreasing efficiency. There has to be a way to successfully manage the increased device load without exasperating the already stressful job. IT personnel are too essential to lose in a time when the entire world has moved online. 

Post-Pandemic Digitization 

The pandemic created a need for virtual business practices. With people unable to meet in person, schools, healthcare facilities, and companies turned to virtual meetings. Any switch to a virtual model has given IT staff more work. Not only are there new systems at play, but new devices to manage. 

Although much of the world has gone “back to normal,” many prefer meeting virtually. Companies save money and time by switching to virtual conferencing and working remotely. 

In fact, the market for video conferencing is projected to grow globally from $6.87 billion this year to  $14.58 billion by 2029. Virtual meeting technology is advancing and platforms are increasing their services. Artificial intelligence, IoT, and cloud tech are being integrated, moving the market forward. 

This projected market increase implies an increase in hardware to keep up. The rising demand for meeting virtually will only grow. Technology will advance to provide better virtual experiences, requiring enterprises to invest in more tech. Information technology professionals are the ones responsible for managing these devices. 

Video conferencing is also used by teachers and professors for hybrid learning. Therapists and doctors are using telehealth video platforms to meet with patients. The increased video communication across industries implies a continued increase of technology to support these systems. 

Working remotely has also become increasingly popular post-pandemic. According to Pew Research Center, the majority of workers who are able to work from home, prefer to. In order to protect cybersecurity, it is essential to provide employees with company-approved technology appropriate for working remotely. 

Mikako Kitagawa, research director at Gartner said, “The pandemic significantly changed business and consumer PC user behavior, as people had to adapt to new ways of working and living. Post-pandemic, some of the newly established ways of using PCs will remain regular practice, such as remote or hybrid workstyles, taking online courses and communicating with friends and family online.”

The technology needed to work remotely includes cloud computing, business applications, mobile tools, unified communications, project management tools, and of course, video conferencing. Not to mention the computer equipment necessary to support these systems. 

IT staff are often required to oversee the hardware and software used in an enterprise. The digitization of business will continue to increase. The popularity of hybrid learning, telehealth, and working remotely continues to rise with the promise of decreased expenses and convenience. 

IT employees are being asked to manage these changes, adapt to new technology, and fix current issues, all while maintaining data security. The task load is large and growing. 

The Effects on IT 

During quarantine, IT staff had to scramble to transfer business to remote platforms. The future of business was put on the backs of IT. If they didn’t figure it out and figure it out quickly, businesses would experience a financial loss. 

As the pandemic continued, mental health awareness soared in the corporate world. This forced corporate America to look inward and evaluate the correlation between work culture and mental health issues. Unforatenly, IT professionals are understudied regarding mental health. 

However, the information technology profession has a reputation for being a high-stress job with late nights and heavy workloads. A study done in 2015 by the National Center for Biotechnology Information found that 54% of the 1,000 IT professionals studied had depression, anxiety, and insomnia. 

There are several health problems associated with IT professionals due to their sedentary job, staring at a computer screen, and high-stress situations. People who work in this profession are prone to back and vision problems, carpal tunnel, weight gain, and mental health issues. 

Increased device management and software integration add to the health problems already experienced in the industry. The labor shortage has put extra pressure on staff to do more work with less, resulting in burnout, increased anxiety, and depression. 

A big part of this issue lies with the size of the IT support team. Increasing hardware and software with the changing times does not mean companies are increasing IT support. The labor shortage doesn’t make this easier. IT-to-user ratios are coming out of balance. 

IT support teams are required to take on more work with less help.  The average turnover rate in the IT support field is 40%. That’s quite high and can be detrimental to any company. 

The increased number of devices has caused IT personnel to experience an incredible amount of stress. Stressed employees are unable to give their best. Stress leads to anxiety and depression and other health problems. These stressors need to be mitigated to retain our valuable IT staff. 

What’s the solution?

With the labor shortage and the Great Resignation at hand, it’s important now more than ever to take care of our IT professionals. This means bending the curve and creating strategic partnerships to ease the workload. 

First, start by becoming aware of your enterprise’s IT staffing needs. Figure out your IT-to-user ratio and whether it is appropriate for the size of your operation. Check-in with your IT manager on their workload, device numbers, and software management. 

If you discover your staff is overwhelmed, and you can’t increase IT staff, call v-TECH io

At  v-TECH io, we offer DellEMC Solutions. Dell EMC Solutions will equip your infrastructure across industries. 

Make it easy for your company to adopt a hybrid working model or go fully remote with our workload solutions. You can secure your network and save time with end-point security. We even offer desktops, laptops, and displays for optimal performance. Optimize device numbers by having efficient hardware that can handle the workload. 

We will optimize your infrastructure to create streamlined and secure systems curated for your needs. It’s time to take the pressure off your IT support team and let us handle the workload. Our on-call team will walk with you every step of the way. 

Setting up a consultation is quick and easy. All you have to do is click HERE and you are one step closer to a stress-free integration! 

Creating a strategic partnership with v-TECH io will help ease the strain on your IT staff while keeping efficiency high. 

Categories
Uncategorized

New FTC Requirements and What It Means for Car Dealerships

The Federal Trade Commission has made an amendment to the Safeguard Rule as part of the Standards for Safeguarding Customer Information. The Rule was created to clearly update what defines a financial institution and to state requirements for securing customer information. 

Customer information includes records holding private and personal information. Such information containing financial details can be obtained illegally through hacking. Safeguarding customer information is crucial for the safety of the customer and the entity. Maintaining customer trust is a priority for any business holding private customer data. 

The Rule requires financial institutions to implement specific security systems to maintain the confidentiality of customer information. These security requirements must be met by the end of 2022. 

With the deadline hurtling towards us, let’s break down the Rule and how to comply with these new standards. 

The Safeguard Rule 

Here is a summary of the Rule: 

“The Safeguards Rule requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure. In addition to developing their own safeguards, companies covered by the Rule are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.”

The rule initially came into place in 2003. However, public comments regarding modern technology inspired an update. The evolution of technology leads to advances in cyber threats. Implementing an information security program will decrease the opportunities for a cyber attack on customer information. 

An information security program must be implemented and maintained to adhere to the Rule. An information security program encompasses the different safeguards used to access and work with customer information. Section 314.4 discusses the different elements your information security program should contain. 

Some of these elements include: 

  • Assigning a qualified person the responsibility of managing and implementing your information security program.
  • Creating the information security program based on the potential risks and insecurities found during a risk assessment. 
  • “Evaluate and adjust your information security program” based on the results from the required testing
  • Create and maintain a written incident response plan. This plan should help your entity respond quickly and recover from a security breach.
  • The aforementioned qualified person should submit a written report, regularly, to your board of directors or equivalent governing body.

In summary, the information security program should secure the confidentiality of customer information. It should also protect against threats and unauthorized access that would compromise the integrity of the data.

What Does This Mean For Auto Dealerships? 

Car dealerships are now covered under this amendment. These safeguards are required to be implemented by December 2022. With the due date on the horizon, auto dealerships need to implement these new requirements ASAP. 

Previously, the Rule was not as strict. However, the new Rule has been amended to respond to modern threats and provide clearer guidelines for compliance.

Maintaining customer trust is crucial to continuing business. That trust is compromised if customer information isn’t secure when an incident occurs. The precise standards written out by the FTC will ensure the security of customer information, instilling more trust with clientele. 

According to the FTC, an important aspect of this is a Multi-factor authentication system or MFA. An MFA requires verification of users during login. It asks for multiple identity verifications, using secure authentication tools. Anyone with access to customer data will need more than a username and password to log in. They will also need a token, biometric, or application to verify their identity. This is a requirement under the Safeguard Rule. 

Duo – Making MFA Implementation Easy 

At vTECH io, we offer a solution called Duo which allows easy implementation of an MFA system. Compliance deadlines are on the horizon, but Duo can help quickly meet them. 

Their cloud-based technology creates seamless integration into your infrastructure. They can scale to any size business to meet your security needs. Their MFA will be deployed within a only matter of weeks. 

Implementing an MFA can seem overwhelming. Thankfully, Duo creates a user-friendly interface without compromising security. This allows employees to authenticate with only one tap. Their MFA can also pair with your SSO, making the login experience consistent. 

Securing customer information is the priority for these safeguards. With that in mind, Duo’s MFA looks at the health and security posture of a device when someone tries to access protected data. It will only allow access if the security requirements are met. This works on personal and business devices. 

In addition to implementing multi-factor authentication, DUA can help meet other compliance measures. They can help review access controls and maintain logs. 

Your Next Steps 

Compliance doesn’t have to be stressful and getting started is incredibly easy. vTECH io can help you implement the Rule safeguards using our Duo solution. 

We know how important your customers are to your business. We want to help you secure their personal information and to make the compliance deadline. 

Your next step is to click here to set up a call with one of our experienced tech advisors.  We will help you get set up with Duo and begin implementation. 

Don’t wait until the last minute to begin complying with the Safeguard Rule. Let’s partner together to create better security for your customer’s information.

Categories
Uncategorized

The CIS 18 Critical Security Control: Version 8 Breakdown

The Center for Internet Security has created a comprehensive list of recommendations for any entity looking to increase its cyber defense.

The controls are broken down based on task, rather than who manages the devices. You can download the comprehensive list here where you will find more details, safeguards, and definitions. To save you time, we have summarized each control below. 

CIS Control 1: Inventory and Control of Enterprise Assets 

The first control states that an enterprise should actively manage ALL assets connected to the infrastructure. There should be a thorough understanding of these assets and how they should be monitored. You can’t protect what you don’t know you have. 

Some recommended safeguards are: 

  • Maintain Asset Inventory 
  • Use Asset Discovery Tools
  • Address Unauthorized Assets

CIS Control 2: Inventory and Control of Software Assets 

A complete software inventory is essential to protecting against cyberattacks. Often attackers will find vulnerabilities in unpatched or outdated software. To prevent this, it’s important to update and patch any vulnerable software. All unauthorized and unmanaged software should be prevented. 

Some recommended safeguards are: 

  • Establish and Maintain Software Inventory 
  • Ensure Authorized Software is Currently Supported 
  • Utilize Automated Software Inventory Tools

CIS Control 3: Data Protection 

Sensitive data is kept in different places including the cloud and portable end-user devices. This data may also be shared between partners or online services across the globe. Managing data appropriately is essential to safeguard against ransomware and other cyberattacks. 

Some recommended safeguards are: 

  • Establish and Maintaining Data Management and Inventory Processes
  • Encrypt data on Removable Media and Sensitive Data in Transit
  • Deploy a Data Loss Prevention Solution. 

CIS Control 4: Secure Configuration of Enterprise Assets and Software 

When assets and software come straight from the manufacturer, they often come with presets for ease of deployment. These default configurations are not ideal for security. Enterprises should establish and maintain secure configurations of assets and software. 

Some recommended safeguards are: 

  • Configure Automatic Session Locking on Enterprise Assets 
  • Implement and Manage a Firewall on Servers and End-User Devices 
  • Separate Enterprise Workspaces on Mobile End-User Devices

CIS Control 5: Account Management

This control recommends using processes and tools to manage authorization to credentials for all accounts linked to enterprise assets and software. 

It is easier for an attacker to gain unauthorized access by using valid user credentials. These credentials may include weak passwords, accounts of people who left the enterprise, dormant or lingering test accounts, etc.

 Administrative accounts are hot-ticket items for attackers because they allow them to add other accounts and make changes to assets. 

Some recommended safeguards are: 

  • Establish and Maintain an Inventory of Accounts 
  • Disable Dormant Accounts 
  • Restrict Administrator Privileges 

CIS Control 6: Access Control Management 

Similar to CIS Control 5, Control 6 focuses on managing what access the above accounts have. This means the data someone has access to should only be what’s appropriate for their role. Processes and tools should be used to create, assign, manage and revoke access credentials. 

Some recommended safeguards are: 

  • Establish Access Granting and Revoking Process
  • Require MFA for: 
    • Externally-Exposed Applications 
    • Remote Network Access
    • Administrative Access
  • Define and Maintain Role-Based Access Control

CIS Control 7: Continuous Vulnerability Management 

Managing vulnerabilities is a constant task. Enterprises should prioritize the vulnerabilities based on potential impact. Then, implement a management system. A plan should be developed to continuously assess and track vulnerabilities. All enterprise assets and public and private industry sources need to be monitored.

Some recommended safeguards are: 

  • Establish and Maintain a Vulnerability Management and Remediation Process
  • Perform Automated Operating System Patch Management 
  • Remediate Detected Vulnerabilities 

CIS Control 8: Audit Log Management 

This control is quoted directly from the CIS: “Collect, alert, review, and retain audit logs of events that could help detect, understand, or recover from an attack.”

Some recommended safeguards are: 

  • Establish and Maintain an Audit Log Management Process
  • Collect Audit Logs, DNS Query Audit Logs, URL Request Audit Logs, and Command-Line Audit Logs
  • Conduct Audit Log Reviews

CIS Control 9: Email and Web Browser Protections 

A common way attackers find their way into an enterprise is through direct contact with a person. They use tactics such as phishing and Business Email Compromise to engage with email users within the enterprise. 

Some recommended safeguards are: 

  • Ensure the Use of Only Fully Supported Browsers and Email Clients
  • Restrict Unnecessary or Unauthorized Browser and Email Client Extensions
  • Deploy and Maintain Email Server Anti-Malware Protections

CIS Control 10: Malware Defenses 

Malicious software or malware can become a threat by entering through vulnerabilities within the enterprise. There are several possible entry points for malware including email attachments, webpages, cloud services, etc. Malware defenses should be implemented and managed regularly. 

Some recommended safeguards are: 

  • Deploy and Maintain Anti-Malware Software 
  • Configure Automatic Anti-Malware Signature Updates 
  • Centrally Manage Anti-Malware Software 

CIS Control 11: Data Recovery 

After an incident, it’s crucial to be able to recover data quickly and effectively. With ransomware on the rise, it is important that enterprises have a data recovery plan. This should restore the assets to the pre-incident state. 

Some recommended safeguards are: 

  • Establish and Maintain a Data Recovery Process
  • Perform Automated Backups 
  • Protect and Test Data Recovery 

CIS Control 12: Network Infrastructure Management 

Network Infrastructure Management means taking inventory, tracking, and correcting network devices to prevent an attack. 

Some recommended safeguards are: 

  • Ensure Network Infrastructure is Up-to-Date 
  • Securely Manage Network Infrastructure 
  • Centralize Network Authentication, Authorization, and Auditing (AAA)

CIS Control 13: Network Monitoring and Defense 

Cyber attackers are constantly evolving. As technology advances, so do they. This is why a continuous monitoring of your network is crucial to your cybersecurity. It is recommended that you operate processes and use tools to monitor your network to defend against security threats. 

Some recommended safeguards are: 

  • Centralize Security Event Alerting 
  • Deploy a Host-Base and Network Intrusion Detection Solution
  • Perform Traffic Filtering Between Network Segments

CIS Control 14: Security Awareness and Skills Training 

Employee training is a must for ensuring cybersecurity for your enterprise. Security programs by themselves will not keep an enterprise safe. Employees must be trained and made aware of potential threats. The CIS suggests that annual training is not enough. There should be frequent and updated training on different topics related to cybersecurity. 

Some recommended safeguards are: 

  • Train Workforce Members on: 
    • Causes of Unintentional Data Exposure
    • Recognizing and Reporting Security Incidents 
    • Identify and Report if Their Enterprise Assets are Missing Security Updates 
    • Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks
  • Conduct Role-Specific Security Awareness and Skills Training

CIS Control 15: Service Provider Management 

If you rely on third-party infrastructure, develop a process to make sure those service providers are protecting your platforms and data properly. 

Some recommended safeguards are: 

  • Establish and Maintain an Inventory of Service Providers and a Service Provider Management Policy
  • Classify, Assess, and Monitor Service Providers 
  • Securely Decommission Service Providers

CIS Control 16: Application Software Security 

Applications are user-friendly tools to manage data for business functions. If the application has an insecure design, coding mistake, or weak authentication, it can become vulnerable to an attack. These software applications must be managed during their life cycle. Weaknesses should be detected and fixed before it hurts the enterprise. 

Some recommended safeguards are: 

  • Establish and Maintain a Secure Application Development Process
  • Perform Root Cause Analysis and Security Vulnerabilities
  • Separate Production from Non-Production Systems 

CIS Control 17: Incident Response Management 

Policies and procedures with defined roles and training should be established in case of an incident. A clear response plan helps guide your team through an incident. 

Some recommended safeguards are: 

  • Designated Personnel to Manage Incident Handling 
  • Assign Key Roles and Responsibilities
  • Conduct Post-Incident Reviews 

CIS Control 18: Penetration Testing 

A penetration test will help identify potential weaknesses by simulating an attack. These tests show vulnerabilities and determine if the right safeguards have been implemented. 

Some recommended safeguards are: 

  • Establish and Maintain a Penetration Testing Program 
  • Perform Periodic External Penetration Tests 
  • Remediate Penetration Test Findings

Concluding Thoughts

These CIS 18 Critical Security Controls are highly recommended for implementation at your enterprise. They are incredibly important measures to ensure safety against a cyber attack. 

Their importance doesn’t negate the fact that they are extensive and time-consuming to implement. 

Thankfully, vTECH io has a highly experienced staff to assist you. We have established relationships with the best cybersecurity solution providers. Our amazing team will help build comprehensive and layered protection for your organization.

If you want a safer, more secure network, partner with vTECH io today. Click HERE to set up a call now!