Loading ...

Category: Compliance

Retail Routers for Work From Home

This blog post is more about the use of retail routers at the office than at home, just to make that clear from the beginning. We would also recommend non-retail routers at home, but that is not feasible for everyone. 

What is a retail router?

This is a phrase I am coining to describe any router that is generally available from your local retailers like Staples, Walmart, etc or delivered as part of the internet service from your local provider. They include brand names like ASUS, D-Link, Linksys, and Netgear. They range in price from $30 for the extreme low end to $450 for a gaming router. These routers are built for home and small office networks that have very few users or devices connected at any given time. They may include some features that sound “business-like” such as Virtual Private Network (VPN), Stateful Packet Inspection (SPI), VLAN, and Quality of Service (QoS) – remember though that these are also only able to support a minimum number of users and devices connected at any given time. If you try to use a retail router to run your business network then you will find that performance will be severely degraded and these features will not work as advertised.

There is also the issue of security. These routers are rarely if ever updated even when new vulnerabilities are found. This makes them ineligible for PCI or HIPAA compliance situations. 

Is there a non-retail router?

So what to do about this situation? Time to call your trusted IT services provider who will be able to get you a non-retail router, but that begs the question – what is a non-retail router? 

These routers are built by network professionals who design the hardware to perform under the pressures of the office environment and to handle the work from home remote workload. These routers include brands like Cisco, Juniper, Ubiquiti, and Araknis. They range in price from $150 for an office of up to 5 people to $10,000 for a high traffic company with hundreds of users. These routers handle VPN, SPI, VLAN, QoS, and many other services all at once with ease. Security is baked into these routers with the best ones having the ability to be managed from the cloud. They provide consistent access to all connected users and devices at all times. Your trusted IT services provider will work with you to “right size” the router to your business needs. 

If your company is going to have full time work from home employees and is concerned about their ability to perform, then contact us for assistance.

Number of Credentials Exposed Increased by 429%

Hacked - Grants Pass, OR

A company named Arctic Wolf, a leader in enterprise security operation centers, published a report that states that the number of corporate credentials with plaintext passwords on the dark web has increased by 429% since March.

There are also startling statistics on the increase in email phishing attempts and the use of unsecure public wireless connections. These numbers are like due to the Work From Home employees using their own insecure computers and cyber criminals trying to take advantage of the trend. It appears that security measures that are used in the office need to be extended to the Work From Home network as well. 

If your company is currently or is going to have Work From Home users, then contact us for assistance.

How to make money back buying IT assets

IT Services Savings - Grants Pass, OR

Farmhouse Networking continues to make strides in providing our customers with the best, most cost effective, and environmentally friendly computing experience possible. Part of that process is what has come to be known as Lifecycle Management. Each piece of hardware has an expected amount of time in which it is cost effective to use and support it. Once this time frame has been exceeded the cost of supporting the device becomes greater than the cost as shown in the following graph:

FHN Lifecycle Management

So the question remains what to do with the old computers when the time comes to replace them. Previously here in Grants Pass, OR we could support a local charity by taking them to Southern Oregon Aspire to have the computers dismantled and hard drives shredded. Now that their doors are closed we are stuck with dropping them off at the local dump, but what if you could make money while being responsible with the environment? 

Farmhouse Networking is now partnering with a company called Arcoa, who do just that. Here is what they do in their R2 rated responsible recycling facility: 

“We help you recover value from retired electronic equipment through responsible methods of reuse and recycling. Resale offers the best potential for value recovery, but the fast pace of innovations in technology and short product life cycles can limit equipment’s potential for reuse. From there, the best option may be to recycle the items in an environmentally friendly manner. We’ve built a robust de-manufacturing process to offer additional options for asset value recovery by disassembling equipment for commodity grade materials, which can be diverted from landfills and be used to create new materials.”

Hard drives will be electronically wiped, magnetically degaussed, or shredded based on need. The rest of the parts will be dismantled and sold with part of the profit returning to your company to help offset the cost of buying new computers. What could be better than making money on the buy?

If your company is heading towards a hardware refresh, then make the environmentally sound choice by contacting us for assistance.

Using an Old Teamviewer Makes You Vulnerable

Looks like the trusted remote access / remote support tool has an exploit that could allow an attacker to figure out your network password.

Please take the time to update your Teamviewer software to the latest version or contact us to setup our free remote access software on your systems. 

A newly discovered serious vulnerability – dubbed “BootHole”

There has been information released by a security research firm called Eclypsium that there is a vulnerability dubbed Boothole in Unified Extensible Firmware Interface (UEFI) Secure Boot that would allow an attacker to completely take over a workstation, laptop, or server and be nearly undetectable. All hardware vendors will have to send out updates in the near future to patch the UEFI code to secure it against this “BootHole” vulnerability. Due to the difficulty in designing and testing these types of updates it will be some time before they are released. We will keep you posted as to the release of these updates as they become available. 

If your company is concerned about security, then contact us for assistance.

Most Popular Home Routers Have ‘Critical’ Flaws

Even though we recently sent out another email newsletter about this topic, we have to keep raising this issue as the work from home remains a regular occurrence. A German think tank analyzed 127 popular home routers with the majority having at least one flaw (D-Link, Netgear, ASUS, Linksys, TP-Link and Zyxel were affected by 53 critical-rated vulnerabilities each). The biggest problem is that most (91%) are built on top of an old version of Linux operating system and their makers rarely publish updates.

There are several solutions that we can discuss to secure your work from home networks, so contact us for assistance.

Revised DOJ Compliance Guidance

Compliance Checklist - Grants Pass, OR

On June 1st, the Department of Justice (DoJ) release further guidance about compliance programs which could effect the way PCI and HIPAA compliance breaches are handled in court.

https://www.justice.gov/criminal-fraud/page/file/937501/download

They state that compliance programs aren’t merely one-and-done snapshots in time, but are instead dynamic programs that get updated regularly to fit changing circumstances.

An article about it states, “the latest guidance issued by DOJ is premised almost entirely on the adequacy of the organization’s risk assessment efforts, an approach well-known and particularly applicable to cybersecurity professionals. Prosecutors are urged to evaluate the quality and effectiveness of an organization’s risk assessment program by examining:

  1. The risk management process, particularly the methodology used to identify, analyze and address the risks an organization faces
  2. Risk-tailored resource allocation, namely whether the organization devotes enough resources to managing risks
  3. Updates and revisions, specifically whether the risk assessment is subject to periodic dynamic reviews
  4. Lessons learned, determining whether the company has a process for tracking and coordinating changes in its risk management program based on its experience

The DOJ also stressed the importance of risk-based training and communications about misconduct as essential parts of how it determines whether the organization’s compliance programs are up to snuff. Finally, the guidance highlights the importance of management support of the organization’s compliance initiatives and the value of extending compliance due diligence to third-party providers.”

If your company is unsure about their compliance program or risk assessment process, then contact us for assistance.

Vulnerability Scans & Penetration Testing

Vulnerability Prevention - Grants Pass, OR

Many industries we serve are under some sort of compliance requirements – HIPAA, PCI, GDPR, etc. and several of these require some sort of vulnerability scans or penetration testing:

HIPAA Section 164.308(a)(1)(ii)(A) states:

RISK ANALYSIS (Required).
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization].

PCI DSS Requirement 11.3:

The scope of a penetration test, as defined in PCI DSS Requirement 11.3, must include the entire CDE perimeter and any critical systems that may impact the security of the CDE as well as the environment in scope for PCI DSS. This includes both the external perimeter (public-facing attack surfaces) and the internal perimeter of the CDE (LAN-LAN attack surfaces).

GDPR Article 32 states:

A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing

Farmhouse Networking has begun offering both internal and external network vulnerability scans and penetration testing for clients who fall under compliance requirements. We also provide remediation planning and implementation for any issues found during the scans. 

If your company is has compliance requirements for internal or external vulnerability scans or penetration testing, then contact us for assistance.

Work From Home Checklist

remote worker - Grants Pass, OR

In this unprecedented time that we are currently experiencing, you have had to set your team up to work remotely, often without thinking about how they might actually get work done, let alone security of all things. Our employee checklist and no-cost cybersecurity training course will provide your team with the tools they need to ensure that they are safe and productive – right out of the gate.  These free resources are part of our initiative to keep our community safe and working during this time of crisis, without the additional disruption and financial impact of a breach.
 
Don’t let a change in circumstance allow for a change in cybersecurity standards.

Can Passwords Be Strong & Easy To Remember

The COVID-19 scare and ensuing rush to remote access has us thinking security. What is more basic to security than passwords. In an effort to find a way to make passwords both secure and easy to remember, I have found a website that seems to fit the bill:

https://xkpasswd.net/

A Secure Memorable Password Generator

The concept is surprisingly simple and is said to be based on a cartoon:

XKCD - Password Strength

I have played with the settings and found the following to generate some good password settings. Here they are for those who are interested:


The only other option would be to use random passwords stored in a password keeper. This also allows secure sharing of passwords throughout the organization. 

If your company is using remote access, then contact us for assistance to make it secure.

Categories

Plant a Seed 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2020- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

    Something went wrong, try refreshing and submitting the form again.