Why Your Law Firm Needs IT Managed Services Now

Law practices operate at the speed of “now.” The last thing your office needs is slow or outdated equipment, security gaps, regulatory non-compliance issues, and inefficient file storage and sharing. Your law firm needs IT managed services to keep your business’ reputation clear, your client data secured, and your legal services “on the go.” Only a legal managed services provider can offer you the cutting edge solutions you need to keep you compliant, secure, and competitive.

Continue reading “Why Your Law Firm Needs IT Managed Services Now”

From the Desk of Mike Fowler, Iconic IT CEO

In our effort to keep you informed, I wanted to update you on how Iconic IT is responding to this unprecedented global pandemic.  Since March 16th we have seen double the number of support requests.  Many have been related to helping users set up to work remotely.  We estimate that we are now supporting over 11,000 users who are now able to work remotely and who continue to reach out to our support desks.  Our team has worked tirelessly and broken all our past records in the pursuit of one goal…  keeping you working.  We are here to support you through this, now, and into the future.  

Internally at Iconic IT, 80% of our workforce is now working remotely, leveraging our fully cloud-based infrastructure and phone systems to help you solve your IT challenges.  While staying socially distant our teams are also geographically separated across the US in 6 locations.  For the safety of our employees and yours, we are limiting onsite visits to only urgent needs.  We want to thank you for your understanding of this policy.    

Given the business challenges that we all face, Iconic continues to build and refine contingency plans, policies and staying close to the vendors that we all rely on to support and protect our computer networks. 

Recently we worked to make our Iconic Fortify Security Offering available for those of you that have not yet installed it.  Adding a new level of endpoint protection, and the advantages of a human based SOC, we’re leading the pack when it comes to MSP security.  This critical layer of cybersecurity is essential to mitigating cyber-threats facing us, especially now that so many of our clients are relying on a mobile workforce.  If you’re interested you can read more about Iconic Fortify here: https://iconicit.com/IconicFortify/

We are quoting and sourcing equipment for you and we continue to work through and solve issues with vendors, for example: 

  • Exceptionally high demand and, in some cases, longer than normal lead times from manufacturers of PCs, Notebooks, and Chromebooks. 
  • Production capacity issues in parts of the global supply chain, impacting supplies of certain components. 
  • Limited freight deliveries by air. 

 Along with keeping very busy with every-day technical support services, we continue to engage our teams with daily Zoom huddles and webcams. We are keeping our work-culture thriving with push-up contests and home office picture-sharing.  We have been using Microsoft Teams, SharePoint, Zoom, Azure and Amazon Web Services to enable this extraordinary level of communication.   

I am sure you’re getting contacted by your attorneys, CPAs, Chamber, and even strangers with current regulations, laws, and offers of help.  Rather than bombard you with emails, we’ve set up multiple ways to share information with you at your convenience.  Please consider visiting our websiteFacebookLinkedIn and Twitter sites for the latest information.   We have some remote productivity ideas posted and other reference material that may help your business.   

I will, however, reach out to you via email with critical communications as conditions warrant.   Thanks for putting your trust in Iconic IT.  Stay well, and please let me know how we can be of service. 

Password Manager Tips: Learn how to safely share the password to your company’s Linkedin Page when your co-worker is NOT sitting next to you.

FFrom the Desk of Matt Topper, Professional Services Manager, Iconic ITrom the Desk of Matt Topper, Professional Services Manager, Iconic IT

I’m writing from my home office and you may be reading it from your living room.  With the adjustments of working remotely, organizations need to share information about credentials for company websites or services that used to be as simple as asking the person sitting next to you.  Someone new may need to access the company Amazon account or a vendor website and ask for the credential to be sent over. With a proper password manager, these passwords are one click away.

Sharing Securely

The most common response to password requests is normally to email this information, or to use a messaging platform like Teams to send it.  While email within a company is more secure than email outside of it, that plain-text email might be transmitted to an anti-spam provider or email backup company.  Worse, if your email account is ever compromised, the intruder now has access to the password that you sent.

A better option than email is a voice call, specifically mobile to mobile.  Be careful with VoIP as most providers record all phone calls now.  In some cases, there are regulatory obligations surrounding sensitive data over recorded phone calls.  Credit card numbers fall into this category, for example.

Personal Password Management

Password managers make it simpler to remember the myriad passwords required today.  Using a single password – the “master password” – to encrypt the other entries, tools like KeePass keep track of unique sets of credentials for every website.  That’s a huge part of security best-practices because it means that if your information for one site is compromised, the other sites with unique credentials remain safe.

While the strong encryption ensures the confidentiality of your data, KeePass and other standalone programs like it suffer from difficulties with concurrency.  It’s hard to use these programs from an ever-increasing number of devices because the program doesn’t handle file sharing itself.  Instead, you’ll need to handle the synchronization of the database file between all your devices yourself.  You’re also responsible for backing up the data.

Personal password managers also don’t offer a way to share passwords with coworkers or to revoke access to passwords upon employee exits. 

Passwords in the Cloud?

To solve the multi-computer and sharing issue, the best option is an online password management service like 1Password.  After logging in, the service enables creating and storing unique passwords for every account.  With the business edition of these services you can even share credentials with the rest of the team:  I’ll give you a call with the login turns into Facebook?  That’s in the company 1Password vault.

Storing information as sensitive as passwords on a website raises a lot of questions about security and privacy.  Clients frequently ask us What happens if the website is hacked? or How do I know that the employees at 1Passwords aren’t viewing my information?  The answer to both questions is that the company literally can’t see it.  The master password for your data, which is separate from your sign-in account is the only way to see what you’ve stored this.

1Password takes this so seriously that its If you forgot your master password help article contains only tips about jogging your memory or asking another member of your team account for it.  It ends with If you tried all the steps above, or you’re sure you’ll never remember your Master Password, delete your 1Password data and start over.

Online password managers also allow the ability to use multifactor authentication and share that with your coworkers by scanning the QR code with the mobile app or entering the textual code that some websites present – this enables using secure multifactor authentication while still securely granting access by coworkers when needed.

Next Steps in Password Management

If you’d like to talk about the security of your shared applications, how to implement multi-factor authentication, or how to securely manage your company’s passwords or choose a password manager, we’d love to help.  Contact us for more information here.

Employees Using Work-Issued Devices for Personal Reasons

It should be common sense at this point: employees using work-issued devices for personal reasons are a cybersecurity nightmare.

Issuing work devices like a sleek new PC or the latest model cell phone is a great thing for your employees but can be a bad thing for your business. From the moment the devices leave your sight, you rely on your employees to do the right thing.

Or do you?

Increasingly, employers aren’t just trusting their workers to do the right thing. They are monitoring employees’ activities while on these devices. In fact, an estimated 80% of employers monitor their employees’ online activities such as social media, online browsing, and checking personal email. This number has increased significantly from the late 1990’s when only 35% of employees were monitored on work devices. Of the 80% of active employee monitoring, 55% included looking at emails, 76% checked browsing habits, and half looked at computer files on devices.

Why Such a Drastic Increase in Employee Monitoring?

Employees using work-issued devices for personal reasons is nothing new, but it can have unseen consequences to your workforce.

Decreased Productivity

The biggest reason employers give for monitoring employees’ use of work-related devices is to increase productivity.

It’s far too easy for your employees to get distracted by checking social media and personal email or checking personal text messages on a company issued phone. Other activities, such as browsing and shopping online, are real productivity-killers.

Employees Using Work-Issued Devices for Personal Reasons Increase Security Risks

It’s a well known fact that employees are inadvertently the number one security risk your company faces even when they are using work-issued devices appropriately. When you consider the added risks of employees browsing unsafe sites, clicking malicious links on personal emails, or following suspicious Facebook page links, it’s easy to see how these risks spiral out of control.

 

Stay Safe: Employees Using Work-Issued Devices for Personal Reasons is Not Permitted

There are a few ways to make sure your employees are using their work devices appropriately. A combination of these two can pretty much ensure that employees using work-issued devices for personal reasons will stop.

Cybersecurity Awareness Training

Every employee who has access to your network, from the janitor to the CEO, needs to take a cybersecurity awareness training class.

To be effective, covered topics will include email safety, understanding the spread of malware across the network, password security, and some common red flags of a malware infection.

In addition, your employees need to know what to do if they suspect they have been infected, from isolating their device to notifying the IT department.

Whether your employees have been with the company for ten years or ten hours, cybersecurity awareness training must be a core part of your company culture from onboarding to routine refresher classes.

Acceptable Use Policy

Drafting an acceptable use policy is the key to outlining what your employees can do with work-issued devices, and what they are not permitted to do. It will cover employees using work-issued devices for personal reasons in depth.

An acceptable use policy also notifies the employee that internet habits may be monitored, and that anything they do on work-issued equipment can be retrieved for any reason.

Conversely, an acceptable use policy can also cover employees using personal devices for work.

This policy can be drafted with your internal IT department or a trusted MSP.

It’s important to have the employee physically sign two hard copies. One copy will be kept in the employee file, while the other will be given to the employee. If a breach should happen, this policy is a key factor in determining and limiting your business’ liability.

How to Talk About Security with Your Employees

It’s important for your team to understand that employees using work- issued devices for personal reasons not only endangers the network, it places their own identities at risk as well.

Some helpful tips to tell your employees include:

1. No Side Jobs on Work-Issued Devices

Some employees may use their work devices for freelancing and side gigs. Office equipment is generally faster and better equipped than home devices, making side gigs far easier to do on work devices.

This is a potential vulnerability for your network. For one thing, hackers target files, sites and applications that are commonly used for freelancing. If this happens, hackers can access work files stored on the employee’s computer, or in the network itself.

A second reason to prohibit freelance work on company issued devices is because your network security weakens if the devices are used outside of the office. Remember that a VPN is only effective if the employee uses it for all internet connections, not just your company files and documents. Your employee may use his personal network connections on his work-issued device, opening the equipment up for hacking.

2. Leave the Personal Emails Alone

Remember that  92% of all malware attacks are launched via poor email practices.

Obviously, your work email has protections in place, but commonly used personal email sites are playgrounds for cybercriminals.

People seldom have the same levels of protection on personal emails as your business has for work-related emails.

3. Don’t Save Personal Passwords on Company Devices

It’s common to save passwords on computers. It’s far easier to track passwords on a device than trying to remember them all.

These personal passwords are a hacker’s dream come true. Network analyzers and key-loggers routinely monitor private information, including email sites and passwords. This makes tracking the employee easier, and it won’t matter what device they are on; saving personal passwords places your network and the employee himself in danger of data breaches.

4.  Personal Data Storage on Work-Issued Devices Isn’t Permitted

Many employees don’t think twice about storing personal files, photos, videos, saved internet site addresses, passwords and more in folders on their work-issued devices.

Storing personal data on a work-issued device is another vulnerability for hackers. Remember that if an employee saves an infected file, your entire network is at risk.

It’s important that office computers don’t store any more information than is necessary to reduce a hacker’s “treasure” when infiltrating the device. Less storage also means less breaches and chances for hackers to launch malware into your network and devices.

5.  Never Use Work-Issued Devices to Access Financial Information

Hackers are especially vigilant for online activity that involves financial information. Employees using work-issued devices for personal reasons often log in to bank accounts or PayPal, and don’t think twice about providing credit card information when shopping online.

If your employees are saving financial information, logging in to bank accounts, transferring money, or providing credit card information online, they are putting their own financial data at risk as well as your network security.

Employees Using Work Issued Devices for Personal Reasons: The Takeaway

Remember that you are within your rights as an employer to monitor your employees’ online activities while they are using work issued devices if you inform them that you are doing so. The best way to inform them is by having them sign an acceptable use policy clearly outlining expectations while using your equipment.

Many times, the acceptable use policy is enough to stop the trend of employees using work-issued devices for personal reasons.