May 1, 2020 – Security Reminder
Unfortunately, bad actors will always try to take advantage of vulnerable circumstances. We are aware of recent increased incidents of phishing and hacking attempts with hackers trying to exploit decreased security and user vigilance. You can either be the greatest defense against these attacks or a significant gap if your organization’s security. It all depends on the security practices you follow.
Please remember to consider the following and take increased precautions.
1) Use increased caution when opening links or attachments via email
- Don’t open an attachment you’re unsure of (from a sender you don’t know, context you’re unfamiliar with, attachments you’re not expecting, etc.)
- Apply the same caution to text links as you would for attachments
- Additionally, hover over links before clicking on them to view the embedded website and verify that it is aligned with what the link says
2) Scrutinize sender addresses
- Make sure you can see the full e-mail address, not just the display name, before opening an email
- Make sure the e-mail address is not misspelled in any way
- It is not unusual for a hacker to impersonate someone else by using their same display name “John Smith” but misspelling the address so slightly that it is hardly noticeable
- Example- firstname.lastname@example.org (when it should be email@example.com)
3) Verify requests from colleagues
- If a co-worker asks for a favor via email- check with them in another way before proceeding (phone, chat, text etc)
- It is common for hackers to impersonate another employee at your company and use that trust to ask for tasks/purchases/information
4) If you are using a personal computer, make sure that it has current antivirus installed, and never connect to a company network through a VPN if it does not.
- If you are not sure, reach out to support for verification.
April 13, 2020 – COVID Update Newsletter, Resources & Planning
April 7, 2020 – Resources pages
CIO Solutions compiled and published a resources page specific to aspects of moving to a WFH environment, tools we use, and planning considerations. Resources based on not only our services, but our experiences using various business tools, our long history working with companies in a variety of industries, and our collective technological expertise.
CIO Publishes Recommended Minimum Hardware & Software Standards
Working from home can be as productive as working from the office in many circumstances. Having the right equipment can make the difference between a great and a poor experience. These recommendations are based on years of experience working with a variety of businesses using a variety of applications.
March 23, 2020- WFH Tools- Webinar Series
CIO Solutions announced a series of webinars to review the numerous new WFH tools that you are likely evaluating to show you which tools that we use, the “gotchas” and pitfalls, and give you some things to consider in implementation. Visit the Webinars page for on-demand recordings.
Session 1- WFH Tools 101
An overview of the business tools we use at CIO Solutions. Previously, these tools enabled our team to communicate effectively across multiple offices. In the current business climate, they enable our team to do the same while working from home.
Session 2- Intro to Cloud Desktops
A more robust work from home strategy. How does a cloud desktop change the way your team works? Learn more about what it means to work in the cloud.
Session 3- Modern Communication Platforms
Communication in real time with Slack and Microsoft Teams. Email and phone are great communication methods, but when the option for in-person communication is removed, this can greatly impact productivity. Learn how modern communications platforms can help.
Session 4- Back Office Systems in a WFH World
Handling key business functions outside of an office. Moving out of a traditional office to a home work environment changes the tools that your staff has access to. Learn about some solutions for common back office tasks.
Session 5- File Sharing Solutions
Sharing files and obtaining signatures remotely. Removing physical interaction means finding solutions for the otherwise in-person tasks of signing and sharing documents. Learn about some options including ShareFile and RightSignature.
March 20, 2020- Support Policy Updates
CIO Introduces a live chat support option
Following the same support flow: our Rapid Response Team will receive the chats and help you resolve any quick fixes. Complex requests will be escalated to your Dedicated Client Team as needed.
For your convenience, we encourage you to use this option for any issues regardless of urgency.
Onsite Support Procedure Updates
Increasing efforts to protect both our clients and our staff is critical during this time. As such, please take note of our updated procedures for handling physical hardware and onsite support.
Support requests requiring technicians to assess physical hardware or technical environments in order to proceed
- Our support team will first leverage every possible tool to assist remotely. Tools such as Zoom can allow our support team to interface with clients via cell phone to view the hardware or environment.
PC or laptop drop off for service
- Please print a copy of the associated support ticket and affix it to the device. Upon arrival at the CIO Solutions office, please ring the bell, set the device down, and wait at the required 6 ft distance until one of our employees has come and collected the device. Please do not hand the device over or enter the office.
Stationary devices, e.g. servers or switches that require onsite support
- Our technicians will not be permitted to enter the building unless the path to the equipment and the room that it is kept in are clear of people in the immediate vicinity.
Deploying replacement computers such as workstations
- if the machine requires onsite connection to peripherals in order to get it up and working, this will be subject to the rules above regarding stationary devices.
- Otherwise we will notify you when the device is ready for pick up at our office. The rules above regarding PC or laptop drop off will apply.
Sign off on work completed
- We cannot perform any in person sign off completed work at this time. This will need to be done remotely.
- For example, we can deploy a computer then arrange to have a remote session to verify everything is setup as it should be on your new or updated system.
Equipment handling precautions
- All our Field Services Technicians and Project Engineers who handle customer equipment (in office or onsite) must wear sterile gloves.
- Keyboards (including laptop keyboards) as well as trackpads and mice must be sanitized with a wipe or spray before touching.
March 19, 2020- CIO SOLUTIONS COVID-19 RESPONSE PLAN
With every news update and precaution put in place, businesses of every size and industry are feeling the pressure to adapt to remote work environments to maintain their operations. Given ample amounts of time to prepare, companies could consider all the ideal options to maintain their employee productivity. They could determine which elements of business required employees to be onsite, and plan accordingly. They could ensure that home work environments were equipped with monitors, keyboards, secure access to files, internet connectivity; everything needed for optimal remote work.
However, when this option becomes a requirement in a matter of days, companies are forced to react and work with what they have. As your IT partner and provider, we believe it is our duty to help you not only adapt to work with what is currently available, but also to prepare and plan for the next phases.
With this duty in mind, we are expanding our support coverage to include computers vital to your operations regardless of whether they typically do not fall under your support contract. Our priority is ensuring that all your employees who need access to key organizational files and functions have it. Additionally, we are hosting regular webinars discussing IT preparedness & your business plan.
CIO Solutions is standing ready to help
Our operations are inherently equipped for the transition from our physical offices to remote and we had been testing and confirming that capability in recent weeks. As of earlier this week, 90% of our team has been successfully working remotely. Because of this planning and the technologies we have in place, our support team, projects, and administration are not only able, but optimized for functioning at full capacity.
The exception to this is onsite support, which will be extremely limited at this time due to increased safety precautions to protect the health of your in-office staff as well as ours and to comply with regional orders to minimize unnecessary exposure. In the coming days, we will be more judicious with this element of support with the goal of minimizing exposure and will release a detailed update about this shortly.
We have adapted to serve you
The demand on our clients to transition to remote operations is a priority for our team. To support you most effectively, we have instituted a dedicated task force focused on remote access. This increases our efficiency in assisting more clients.
We have received an enormous surge in requests for support, most related to getting clients setup to work remotely. Our support volume has doubled in just a few short days. Please keep this in mind and be patient with our support team and vCIOs as we determine the best options available to you and your team and strive to get your IT needs met as quickly as possible.
How can you help our efficiency?
To help our team better serve you in this demanding time, please make sure we have your correct remote contact info in support tickets. We are having trouble reaching people who typically call from their physical office and have transitioned to working from home and might not be reachable by the same number. We may not have your cell phone number, or the remote-control ability into your personal computer that you are now relying on to keep working.
Please provide your preferred contact info and phone number on every phone call request or emailed ticket. This will help save time and get our agents connected to you more quickly.
Please be aware
Unfortunately, bad actors will always try to take advantage vulnerable circumstances. We are aware of increased incidents of phishing and hacking attempts with hackers trying to exploit decreased security and vigilance as we all scramble in these difficult times.
- Practice increased caution when opening links or attachments via email
- Scrutinize sender addresses
- Verify requests from colleagues with them via phone or communication other than just email
- If you are using a personal computer, make sure that it has current antivirus installed, and never connect to a company network through a VPN if it does not. If you are not sure, call us and we can check for you.
In these uncertain times, CIO Solutions will continue to focus on our mission of productivity enhanced. This season, that means ramping up remote productivity.
MARCH 12, 2020- Information Technology & Your Business Preparedness Plans
CIO Solutions as your IT Provider
As a company, we are proactively strategizing to ensure that our operations are impacted as minimally as possible. This is addressed in our business preparedness plans which can be made available upon request.
Preparing your business
Your own business preparedness is also important to consider, and we are here to help with the technology component. Specifically, we can focus on tools that would allow your employees to work remotely if needed (whether that’s for the first time or for longer intervals than usual).
Below are some technical aspects of business that would need to be considered should staff need to work remotely, as well as some tools that would enable them to do so effectively.
DESKTOPS & APPLICATIONS – If you are using CIO Cloud, then you have a different (and potentially easier) path towards remote productivity. If this is true, then you can access the cloud desktop on any type computer (even older systems) by installing the “receiver” software.
If you are not on a cloud desktop or terminal server solution, then more consideration needs to be given to your specific applications and how they might be accessed remotely.
PRINTERS & PERIPHERALS – Is printing and important aspect of your employees’ roles? If so, do they have a printer available at home that is sufficient for their purposes for an extended period of time? Does a specific team member need access to a more powerful printer in their home if they were to work remotely?
Often, home work environments are set up for a subset of tasks. The option of going into the office for other less frequent tasks like large printing jobs or using check scanners is available under typical circumstances. In your planning, consider all the equipment connected to computers at the office and ensure that all peripherals required to perform business operations have a functional home equivalent.
COMPUTER MONITORS – Do you need monitors (or even multiple monitors) in your employees’ homes? I would argue that for many people, access to multiple monitors is a must for optimal remote productivity for a sustained period of time.
Not all businesses may have budget or desire for multiple monitors when working remotely, but a good policy is to make it a deliberate decision rather than a surprise one.
PHONES – Unless you are running a complex call center (like us for our support system), then remote phones may not be necessary, as cell phones would work. Still, you may want to check and ensure you have documented procedures on how to “forward” employee’s work extensions to their cell phones if needed. Forwarding calls to cell phones sometimes does not create the best experience (for example, long silence instead of ringing) so you should test this.
CLOUD– Cloud desktop solutions enable businesses to store their data and applications offsite instead of on individual computers. Since data is not limited to being stored on their physical computer, employees can quickly and securely jump between devices hassle-free.
- With the CIO Private Cloud, for instance, users can fire up their laptop or home computer, log into the CIO Private Cloud portal and pick up right where they left off. There’s no need to transfer files onto a flash drive, go to the office to collect their specific laptop with all their saved files, make sure they’ve written down/remember all their passwords, install frequently used applications on a new computer, etc.
- With a cloud desktop solution, all your employees need is a device and an Internet connection making it ideal for productive remote work.
INTERNET- Two aspects of Internet access should be considered: internet at the employee’s house, and internet at the office.
It is fairly easy to test if the internet access at an employee’s house is adequate for work. However, if you need to access systems and files in your internal office, the internet connection at your office may not be sufficient. Many internet connections that are not “business class” have slower upload than download speeds. If you are connecting to your office resources from home, the upload speed is what matters.
Additionally, the firewall hardware should be considered to verify that it is robust enough for the advanced load and that VPN licenses are sufficient. For some clients, your firewall and VPN are configured for the occasional remote user, not for the entire company to work remotely.
Key Communication Tools:
COMMUNICATION PLATFORMS – like Slack and Microsoft Teams can help employees communicate and collaborate in real time (as opposed to standard email). There can be a challenge in adapting to this type of communication method (culturally, typical workflow, etc.).
- But it is important to note that if even 25% of staff that normally works in the office transitions to working remotely, your “water cooler” communication or “office pop-ins” will stop. It is likely that your business operations have a high dependency on some of these impromptu communications.
- If you have not yet put together an evaluation team to explore either Slack or Microsoft Teams then hosting a lunch & learn with a demo of the proposed tool (we can help) to brainstorm opportunities/challenges is a good place to start!
FILE SHARING – Many customers have centralized file servers that don’t easily allow for file sharing outside the office. A VPN Solution can work but isn’t always fast enough.
- File sharing solutions such as ShareFile, Box, and Dropbox are common ways of doing this. It’s worth noting as well that Microsoft Teams also allows sharing of files.
- There is some security risk with these solutions, as outlined below, but from a practicality standpoint these can help remote employees share files. Our preference is ShareFile, as we are familiar with making it secure.
- In the end, to do file sharing well you really need to identify the use case and your security tolerance, then pick the solution.
VIDEO CONFERENCING– Do you have a reliable video conferencing system? You may have heard about Zoom’s stock going through the roof as companies look for video conferencing options. This is because they have a best in class software solution. We use Zoom for our operations, but there are many other great solutions as well.
- When considering adopting video conferencing software, it is important to think about the different potential use scenarios and what other equipment would be needed:
- Multiple employees working remotely- they would communicate employee to employee using their laptops with cameras
- Office to an employee working remotely- The office would need video conferencing hardware. The employee would use their laptop with a camera
- Office to office (should you want to minimize travel between offices)- Each office would need video conferencing hardware
- Business (employee or office) to Customers- Various ways to slice this depending on specific use case
Understanding which of these scenarios, if any, you want to address will help ensure you get the right software and hardware.
Security is a broad topic but in the context of everything above we really have three security areas to focus on.
- Security of uncontrolled devices – It is likely that you may be asking employees with uncontrolled (dirty devices) to access your environment. A “dirty device” means ones that have non-business use, may not have anti-virus installed, and may not be managed or patched regularly. Unless you are using CIO Private Cloud, another remote desktop solution, or already have software/policies/standards in place, then this can be a new risk.
Cloud desktops are at a much lower risk since the software on the untrusted machine doesn’t/can’t access the software on the cloud desktop. The only real risk in this case would be “password theft” by malware which can be mitigated with 2 factor authentication (below).
- Security of new software – If you are leveraging new software (Box, Dropbox, Zoom) to enhance remote worker capabilities then there is some exposure to work through. These software packages may not be linked to your staff’s main user accounts and have to be managed separately. For instance, if an employee leaves the company, who is responsible for shutting down their Zoom and Box accounts?
- Multi-Factor Authentication – Having more usernames and passwords entered on untrusted computers with potentially more internet facing services may pose more of a risk than can be alleviated by simply changing a compromised password. Using a multi factor authentication solution like Duo on those services diminishes this.
Other things to consider:
REMOTE ACCESS TO POWER – We use a product called WattBox which lets us restart equipment remotely by controlling the power switches. This can be helpful as it does not require being onsite. This is most commonly needed for non-enterprise class devices like cable modems, but occasionally other devices require this.
PROJECT CAPACITY – We are trying to prioritize these projects as highly as possible and be as efficient as possible but be aware that demand is high right now.
LICENSES – If you are using VPNs rather than cloud desktops for remote access then you may need more licenses on your firewall or VPN appliance. This same logic may hold true for other licenses.
LEAD TIMES– Lead times on equipment are unpredictable so trying to wait to the last minute to order extra gear such as monitors, printers, computers is not a great strategy. Many items are likely to go out of stock due to a surge in orders.
CHAIRS & ERGONOMICS – This is a bit of a stretch as much business may not want to invest to this degree, but it is worth mentioning as something to consider.