Loading ...

Category: Compliance

How to make money back buying IT assets

IT Services Savings - Grants Pass, OR

Farmhouse Networking continues to make strides in providing our customers with the best, most cost effective, and environmentally friendly computing experience possible. Part of that process is what has come to be known as Lifecycle Management. Each piece of hardware has an expected amount of time in which it is cost effective to use and support it. Once this time frame has been exceeded the cost of supporting the device becomes greater than the cost as shown in the following graph:

FHN Lifecycle Management

So the question remains what to do with the old computers when the time comes to replace them. Previously here in Grants Pass, OR we could support a local charity by taking them to Southern Oregon Aspire to have the computers dismantled and hard drives shredded. Now that their doors are closed we are stuck with dropping them off at the local dump, but what if you could make money while being responsible with the environment? 

Farmhouse Networking is now partnering with a company called Arcoa, who do just that. Here is what they do in their R2 rated responsible recycling facility: 

“We help you recover value from retired electronic equipment through responsible methods of reuse and recycling. Resale offers the best potential for value recovery, but the fast pace of innovations in technology and short product life cycles can limit equipment’s potential for reuse. From there, the best option may be to recycle the items in an environmentally friendly manner. We’ve built a robust de-manufacturing process to offer additional options for asset value recovery by disassembling equipment for commodity grade materials, which can be diverted from landfills and be used to create new materials.”

Hard drives will be electronically wiped, magnetically degaussed, or shredded based on need. The rest of the parts will be dismantled and sold with part of the profit returning to your company to help offset the cost of buying new computers. What could be better than making money on the buy?

If your company is heading towards a hardware refresh, then make the environmentally sound choice by contacting us for assistance.

Using an Old Teamviewer Makes You Vulnerable

Looks like the trusted remote access / remote support tool has an exploit that could allow an attacker to figure out your network password.

Please take the time to update your Teamviewer software to the latest version or contact us to setup our free remote access software on your systems. 

A newly discovered serious vulnerability – dubbed “BootHole”

There has been information released by a security research firm called Eclypsium that there is a vulnerability dubbed Boothole in Unified Extensible Firmware Interface (UEFI) Secure Boot that would allow an attacker to completely take over a workstation, laptop, or server and be nearly undetectable. All hardware vendors will have to send out updates in the near future to patch the UEFI code to secure it against this “BootHole” vulnerability. Due to the difficulty in designing and testing these types of updates it will be some time before they are released. We will keep you posted as to the release of these updates as they become available. 

If your company is concerned about security, then contact us for assistance.

Most Popular Home Routers Have ‘Critical’ Flaws

Even though we recently sent out another email newsletter about this topic, we have to keep raising this issue as the work from home remains a regular occurrence. A German think tank analyzed 127 popular home routers with the majority having at least one flaw (D-Link, Netgear, ASUS, Linksys, TP-Link and Zyxel were affected by 53 critical-rated vulnerabilities each). The biggest problem is that most (91%) are built on top of an old version of Linux operating system and their makers rarely publish updates.

There are several solutions that we can discuss to secure your work from home networks, so contact us for assistance.

Revised DOJ Compliance Guidance

Compliance Checklist - Grants Pass, OR

On June 1st, the Department of Justice (DoJ) release further guidance about compliance programs which could effect the way PCI and HIPAA compliance breaches are handled in court.

https://www.justice.gov/criminal-fraud/page/file/937501/download

They state that compliance programs aren’t merely one-and-done snapshots in time, but are instead dynamic programs that get updated regularly to fit changing circumstances.

An article about it states, “the latest guidance issued by DOJ is premised almost entirely on the adequacy of the organization’s risk assessment efforts, an approach well-known and particularly applicable to cybersecurity professionals. Prosecutors are urged to evaluate the quality and effectiveness of an organization’s risk assessment program by examining:

  1. The risk management process, particularly the methodology used to identify, analyze and address the risks an organization faces
  2. Risk-tailored resource allocation, namely whether the organization devotes enough resources to managing risks
  3. Updates and revisions, specifically whether the risk assessment is subject to periodic dynamic reviews
  4. Lessons learned, determining whether the company has a process for tracking and coordinating changes in its risk management program based on its experience

The DOJ also stressed the importance of risk-based training and communications about misconduct as essential parts of how it determines whether the organization’s compliance programs are up to snuff. Finally, the guidance highlights the importance of management support of the organization’s compliance initiatives and the value of extending compliance due diligence to third-party providers.”

If your company is unsure about their compliance program or risk assessment process, then contact us for assistance.

Vulnerability Scans & Penetration Testing

Vulnerability Prevention - Grants Pass, OR

Many industries we serve are under some sort of compliance requirements – HIPAA, PCI, GDPR, etc. and several of these require some sort of vulnerability scans or penetration testing:

HIPAA Section 164.308(a)(1)(ii)(A) states:

RISK ANALYSIS (Required).
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization].

PCI DSS Requirement 11.3:

The scope of a penetration test, as defined in PCI DSS Requirement 11.3, must include the entire CDE perimeter and any critical systems that may impact the security of the CDE as well as the environment in scope for PCI DSS. This includes both the external perimeter (public-facing attack surfaces) and the internal perimeter of the CDE (LAN-LAN attack surfaces).

GDPR Article 32 states:

A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing

Farmhouse Networking has begun offering both internal and external network vulnerability scans and penetration testing for clients who fall under compliance requirements. We also provide remediation planning and implementation for any issues found during the scans. 

If your company is has compliance requirements for internal or external vulnerability scans or penetration testing, then contact us for assistance.

Work From Home Checklist

remote worker - Grants Pass, OR

In this unprecedented time that we are currently experiencing, you have had to set your team up to work remotely, often without thinking about how they might actually get work done, let alone security of all things. Our employee checklist and no-cost cybersecurity training course will provide your team with the tools they need to ensure that they are safe and productive – right out of the gate.  These free resources are part of our initiative to keep our community safe and working during this time of crisis, without the additional disruption and financial impact of a breach.
 
Don’t let a change in circumstance allow for a change in cybersecurity standards.

Can Passwords Be Strong & Easy To Remember

The COVID-19 scare and ensuing rush to remote access has us thinking security. What is more basic to security than passwords. In an effort to find a way to make passwords both secure and easy to remember, I have found a website that seems to fit the bill:

https://xkpasswd.net/

A Secure Memorable Password Generator

The concept is surprisingly simple and is said to be based on a cartoon:

XKCD - Password Strength

I have played with the settings and found the following to generate some good password settings. Here they are for those who are interested:


The only other option would be to use random passwords stored in a password keeper. This also allows secure sharing of passwords throughout the organization. 

If your company is using remote access, then contact us for assistance to make it secure.

FBI Cyber Defense Best Practices

A recent briefing from the FBI’s Internet Internet Crime Complaint Center (IC3) detailed current best practices and industry standards for cyber defense. Here is a summation:

Cyber Defense Best Practices

  • Backups – Regularly back up data and verify its integrity. Backups are critical in ransomware; if you are infected, backups may be the only way to recover your critical data.
  • Training – Employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
  • Patching – All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.
  • Antivirus – Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted. Centrally managed is even better.
  • File Permissions – If a user only needs to read specific files, they should not have write-access to those files, directories, or shares. Configure access controls with least privilege in mind.
  • Macros – Disable macro scripts from Office files transmitted via email.
  • Program Execution Restrictions – Implement software restriction policies or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular internet browsers, and compression/decompression programs.
  • Remote Desktop Protocol – Employ best practices for use of RDP, including use of VPN, auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.
  • Software Whitelisting – Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy. This one takes careful planning.
  • Virtualization – Use virtualized environments to execute operating system environments or specific programs. No physical access to servers makes hacking harder.
  • Network Segmentation – Implement physical and logical separation of networks and data for different organizational units. Keep guest traffic out of your business network.
  • No Saved Passwords – Require users to type information or enter a password when their system communicates with a website. Better yet use a password management tool.

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Modernize Your IT infrastructure to Optimize Costs

Support from Microsoft for Windows Server 2008 R2 ended January 14th 2020, while SQL Server 2008 R2 support ends July 9th 2019. By this time you may find maintenance costs quickly spiral with the need to continually manage your aging hardware. In addition, if your company is growing or has fluctuating capacity needs, you need the kind of flexibility that allows you to scale IT resources up or down quickly – and cost-effectively.

Use Windows Server and SQL Server end of support as an opportunity to modernize your application stack and optimize costs. Migrate your SQL Server and Windows Server 2008 to Microsoft cloud, and realize the benefits of extended support at no cost. As well as extra security updates you get a scalable solution with a price plan to suit your business needs, with peace of mind that your applications are always up to date.

To discover how modernizing your Windows or SQL server can help you on your path to digital transformation, get in touch with us today.

Categories

Plant a Seed 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2020- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

Something went wrong, try refreshing and submitting the form again.