The iPHONE 12 is Out, Do I Need to Spend This Much?

iPHONE 12 Pros and Cons – Do I need 5G?

The New IPHONE12 comes out and you’re gouged for $1,000. Who on earth needs 5G?

What is 5G?

5G is the 5th generation mobile network. It is a new global wireless standard after 1G, 2G, 3G, and 4G networks.

5G is designed to deliver peak data rates up to 20 Gbps based on IMT-2020 requirements.

5G is based on OFDM (Orthogonal frequency-division multiplexing), in other words, the way it is designed to work reduces interference.

5G also uses wider bandwidth technologies such as sub-6 GHz and mmWave.

5G is a unified, more capable air interface.

Pros:

Lower Latency – Enabling real-time applications like AR/VR.
Higher Speed – More devices can be online at once.
Higher Capacity – Data will move faster, easily exceeding 5 Gbps.
5G is driving global growth.

Cons:

Currently very limited rollout in the U.S.
It is more difficult for the 5G higher-frequency signal to penetrate through buildings. This is particularly difficult for using 5G in cities.
Infrastructure requires building new 5G specific towers, facing significant pushback from communities

Use Cases:

Media – Introduce new capabilities such as high-definition streaming and virtual reality.
Supply Chain Management – Expand use of IoT sensors to increase production, streamline processes, and reduce costs.
Public Safety – Enhance real-time video, secure communications and media sharing.
Manufacturing – Build smart factories with AI, AR, and robotics.

When it comes to the latest smart phone technology, if you’re unsure of it’s benefits or how it may or may not benefit you, you can always call our office with questions. Call BACIT today (415)712-8430.

The iPHONE 12 is Out, Do I Need to Spend This Much? syndicated from https://ipsofacto.net

New Construction Technologies Make Real Winners

It’s a terrible title for Construction. But Data and Client theft are torture for owners of construction firms. The thieves, the hackers, in the baddies, are having a field day stealing data or destroying the flow for expensive mobile employees out in the field (rubbing shoulders with the competition).

Construction firms need Remote Monitoring and Management RMM tools to manage their mobile staff and their tech. Remote Monitoring and Management RMM tools protect mobile technologies like laptops, home-computers, tablets, ipads, iphones, everything that signs into your data from anywhere.

Two scenarios I wanted to bring up that should make you want to get Remote Monitoring and Management RMM for your staff computers.

1.The young architect: The young architect worked at a 50 person architecture firm. Because of fires in California, the young architect got the asked to design replacement homes that had burned down. There was a very high demand at the time because these homeowners were getting their insurance checks and desperately wanted to rebuild their lost homes. A lot of the houses up North were tract houses, and now these people had the chance to build unique, custom ‘design’ houses. The young architect’s boss had been designing AWESOME homes for 40 years. The older architect had hundreds of beautiful designs in his database.

Once the young architect got to start working from home, he was able to download 50 or so of his boss’s floor plans, architectural designs, engineering designs, stress test designs, color palette selections, wood choices, and hundreds of other extremely important and valuable assets the young architect never could have done on his own. The young architect then flaunted the old architect’s work as his own. All it took was a little alteration here and there to hide his boss’s name. Today, the young architect now has a twenty person firm up in Napa thanks to stealing from his boss. The theft was impossible to prove because the young architect never presented anything with the old architect’s name on it. If the old architects had embraced our RMM technology, none of this would have happened and we would have had proof but the young architect stole his designs.

So what are you gonna do when you’re a business owner? Are you gonna go cheap and say you don’t need RMM. Or Are you going to be smart and protect Your IP, which is worth millions and millions of dollars. Now that your staff is all working from home, get the RMM tools please.

2.The wealthy socialite with the famous charity: after the socialite’s husband passed away, she was grieving and had many bank accounts with many millions of dollars in them. The hackers got into her iPad , put a little application on it and watched how she worked. They saw that she was doing a building project and using some of the funds from her charity in order to build the new offices.

The hackers saw that she would send invoices to a bookkeeper in Colorado. The bookkeeper in Colorado would receive the invoices and make bank transfers to contractors. Two invoices were sent by the hackers to the bookkeepers using the email address of the wealthy socialite. Since sending ‘approved’ invoices this way was a habit of the wealthy socialite, the bookkeepers set up the wire transfers and wired $492,000 for new tile and new sheet rock to the Bank of Nevada. The bank account in Nevada, as soon as the money was received, wired the money to a bank account in Brazil. The owners of the bank account in Nevada we’re actually in Tibet, of all spiritual places. The hackers, when the applet was discovered on the iPad, were from Uzbekistan. This operation was an Uzbekistani, Tibetan, Brazilian group of scam artists- a global, international group of scammers, who successfully stole $492,000. These wires went unnoticed for 30 days. And after 30 days it’s really too late.

The wealthy socialite didn’t accept our recommendation to put RMM tools on her staff computers because she didn’t feel like her staff would be happy having an oversight tool on their computers. None of this theft would have happened if we had put RMM tools on her staff computers. We would have immediately Alerted to the installation of this fraud-app. The wealthy socialite had plenty of money and didn’t need to worry about cost. RMM tools are about protecting companies, not spying on them.

Remote Monitoring and Management RMM tools are now a necessary way to go in these post covid times when people are mobile and working from home and all the normal security layers to an office no longer exist.

Have a beautiful life. Get Remote Monitoring and Management RMM tools for your staff computers. Call IPSOFACTO today (415)362-2922 or contact us through our online form.

 

New Construction Technologies Make Real Winners syndicated from https://ipsofacto.net

A Dedicated Team for Your Hosted Services

Are Cheap hosted subscriptions costing you a fortune in Admin labor? (They are but you might not know…)

If you’re reading this as a COO, CTO, or CHRO, you’re in the right spot.

Here at IPSOFACTO we SAVE YOU TIME, MONEY, AND TEARS! We have a team dedicated to your hosted services. They create, manage, adjust, reconcile, and turn on/off all hosted services every month. IPSOFACTO has partnerships with the major vendors so we can get annoying tasks (like file restores) done in minutes that you would wait days or weeks to accomplish.

History:

Back in the days of in-office IT, making changes was easy. Onboarding and Offboarding were: Click here for on. Click here for off.

Then the googols, rotten apples and micro thugs got greedier.

They said, “Sell them super-easy monthly subscriptions, make sure after 3 years it’s more expensive, and make sure they keep paying for impossible management.”

Today:
Here are your average firm’s Hosted Services (for 20+ employees).

Hosted…
Email (Gmail or O365)
Chat (Slack etc)
Antivirus (webroot)
FileSync (One or Box)
AntiHack (Umbrella etc)
EmailStore (Backupify etc)
Cloudbackup (CrashPlan etc)
Desktop connect (GoTo etc)

There are 2700 more to go…

And you say, “This is GREAT! All these tools on the internet and I only need to pay monthly!”

Mix that with BAD employees, weekly OnBoarding and OffBoarding, and Hackers and you have an EXPENSIVE MESS. Which is why your network probably has gaping holes (we’ve seen ex-employees from 2016 still downloading company files). OR, you are killing yourself to manage all these SaaS Apps.

Not only that, but the hosted service companies trick you into EASILY buying more and more subscriptions, but they won’t let you (easily) DELETE old subscriptions. You wanted cheap, and now you pay remarkably more.

Tomorrow:

Not only are we the CTO’s best friend but we are the COOs and CHROs best friends too. Experience the difference, contact us today.

A Dedicated Team for Your Hosted Services syndicated from https://ipsofacto.net

IPSOFACTO HIRING A SENIOR NETWORKING ENGINEER

Message from CEO: If you are a REAL technology lover, you are drawn to it. You see articles about security or new hardware or software and you read them. When you want to learn about something, you watch videos, educate yourself. You know IT systems inside and out and are comfortable getting dirty. If you are met with a technology challenge, you will teach yourself the skills, you LOVE technology, it is in your blood. Please don’t apply if you just want a paycheck, or if you just want to sit back and wait to be spoon fed. At IPSOFACTO, You will be joining a handful of the best technologists in SF and they will expect you to be awesome, all while billing clients, to give them a great IT experience, in secure networks, helping their companies grow and thrive. You will bring IT joy to IPSOFACTO clients while being joyful with your new, loving technology family. Thank you!

IPSOFACTO enhances the customer experience as a technology service provider by providing high quality in-person support. Our focus is to care for the customer in the same way we care for the members of our team. We combine our expertise to manage, maintain and oversee our customer systems and service delivery platforms. Whether it’s providing Tier 1 tech support for software, hardware, network, cloud infrastructure or Tier 3 systems administration/engineering, we want our clients’ needs met by providing any level of IT support that is critical for the operations of our customers.

Position Summary
The Sr. IT Engineer is responsible for the day to day helpdesk requests as well as other IT-related support and provide onsite presence as needed. The ideal candidate must be a seasoned professional in providing end-user support as well as develop, implement, and uphold information systems policies and controls to ensure data accuracy, security, and regulatory compliance. Project Management is also the duty of the Sr. IT Engineer.
Furthermore, the Sr. IT Engineer may require ongoing training, conferences, and certifications as it relates to our client and internal vendors and software. Typically reports to a supervisor or manager. To be Sr. IT Engineer requires 7+ years of related experience. A specialist on complex technical and business matters. Work is highly independent.

Related Functions:
-Team minded and technology focused, and ability to adapt to changes in a fast-paced environment.
-Responsible for development of technical project plans and resource allocation
-Plan, create and develop scope of work and budget for project plan
-Project management of all customer projects plans
-Provide summary reports of active projects to management and customers
-Manage client expectations, timeline, and technical delivery of project objectives
-Management of cloud server and desk infrastructure in VMware
-Advanced technical support at the network level: WAN and LAN connectivity / troubleshooting of routers, firewalls, and security.
-Upgrade Windows Server 20XX to 2016 or 2019
-VM Migrations and physical machine virtualization
-Azure AD Integration with Office 365 & Active Directory / ADFS / SSO / MFA
-Azure AD / Active Directory to Okta / Forest / Domain Migration & Management
-Office Moves (ISP relocation) and logistics
-File Server to Cloud Migration (SharePoint/OneDrive, Google Drive, DropBox, Box, etc.)
-Implementation of Email Security (Spam filters, DKIM, SPF, DMARC, MFA, etc.)
-VoIP Migration and Implementation + Porting Number + eFax
-Automation (Autotask PSA, scripting, auto-deployment)
-DNS / Domain Registrar / Name Server Migration
-Advanced remote access solution implementation and support: VPN and Terminal Services
-Administration of remote monitoring and management system alerts and notifications and respond accordingly through service tickets
-Ability to concisely document systems, processes, issues, and resolutions; professional writing skills required
-Full ownership of project initiation, implementation and go-live with client
-Correctly logging incidents and support request in Autotask as well as completing accurate time entries for all appropriate tasks/support request, categorizing and prioritizing them in line with team procedures
-Ensuring all issues are progressed & cleared – escalating to other internal and external teams as appropriate
-Managing support requests through their entire lifecycle from the first point of contact through to resolution, proactively keeping the customer informed of progress, notifying them of impending changes, and agreed outages
-Diagnosing and resolving problems to the client’s satisfaction
-Maintain and develop own knowledge and skills to assist with resolutions
-Identify and recommend solutions based on repeat issues or service risks escalated from the service desk into project proposals to existing clients
-Manage scheduled tasks for clients (onboarding/offboarding employees, routine audits of user accounts/access controls, computer/server/network maintenance, etc.), designed to ensure that the customer’s systems remain secure and operational
-Document all pertinent end user identification information using our company’s ticket system (Autotask), including name, department, contact information, and nature of problem or issue as it relates to ongoing or completed projects
-Additional Duties and Responsibilities:
-Sharing knowledge with team colleagues, vendors, and customers
-Improve customer service, perception, and satisfaction
-Fast turnaround of customer and internal projects
-Responsible for entering time and expenses in ticketing system as they occur
-Enter all work as service tickets in ticketing system
-Other duties as assigned by the managers
-Technical knowledge, Skills, and/or Abilities Required:
-Highly proficient in written and spoken English
-Proven hands-on experience in Windows Server 2008/2012/2016 (both in-house and hosted environment)
-Proven hands-on experience in latest cloud apps: Microsoft 365, G Suite, Azure, JIRA, etc.
-Proven hands-on experience in security and knowledge of security products such as MFA DUO, Okta, running security audits and compliance (PCI, SEC, HIPPA or other national standards)
-Proven hands-on experience in Active Directory, ADFS and modern authentication i.e. Azure AD sync
-Proven hands-on experience in networking and network troubleshooting tools i.e. Meraki, VPN, Wireshark, Packet capturing etc.
-Proven hands-on experience in virtualization technologies: VMware, VMware horizon VDI, Hyper V, Citrix XenApp, Remote desktop servers and farms
-Proven hands-on experience with Microsoft 365: Outlook, Word, Excel and desktop troubleshooting (Windows 7, 10, MacOS)
-Proven hands-on experience in managing a multitude of client environments w/ backups, device monitoring, critical system alerting, windows patching desktop imaging etc.
-Proven hands-on experience w/ scripting and automating processes via PowerShell or other 3rd party programming
-Experience troubleshooting MFA, SSO and other integration issues
-Solid understanding and experience with email platforms local Exchange, Microsoft 365 and hosted email platforms
-Outside the box thinker in constantly coming up with efficient ways to solve problems and run processes
-The ability to liaise and communicate confidently and professionally with customer representatives at all levels
-Have solid experience providing support in a helpdesk or technical support environment
-Highly organized and able to work on own initiative to complete the range of tasks required
-Flexible and willing to work outside core business hours if required
-Experience in a Team-Oriented collaborative environment.
-Self-motivated with the ability to work in a fast-moving environment.
-Attention to detail and following instructions and SOPS’s and creating new ones to train all employees
-Interpersonal skills: such as telephony skills, communication skills, active listening and customer-care.
-Experience working in MSP’s environments using RMM tools like Datto and configuring integrations to manage all tools in a single pane of glass

Educational/ Vocational/Previous Experience Recommendations:
College or equivalent (Preferred)
Minimum 7 years of experience supporting and implementing systems infrastructure, systems analysis and design, project management, and/or IT strategy planning. Strong technical knowledge and understanding of SMB infrastructure and equipment.

Required Proficiencies:
Modern Windows Desktop and Server platforms, Active Directory, Group Policy, Advanced Networking (Meraki Switch Configurations, VLAN, VPN, NAT, Routing, Wireless), Exchange, SQL, SAN, Citrix, VMware, Hyper-V, M365, Azure, and other MS Cloud, SaaS (managed by outside vendors) and Hosted Solutions.

Preferred Experience:
Autotask PSA (Agent Procedures, Audit, Discovery, Monitor, ticket workflow), Microsoft 365 Admin (PowerShell), G Suite Admin, Google Cloud Admin, Cisco Meraki, Cisco Umbrella, Duo, Okta, LastPass
Job Type: Full-time
Benefits:
Health insurance
Paid time off
Transportation
Cell phone
Education
Many more
Job Type: Full-time
Salary: $80,000.00 upto $130,000.00 /year

IPSOFACTO HIRING A SENIOR NETWORKING ENGINEER syndicated from https://ipsofacto.net

Hosted Services Security Guide for All IT Firms to Use (our gift to you during Covid19 hardship)

I. CLOUD SERVICES AND USER ACCOUNT SECURITY

1. Implement Password Manager (Last Pass)
   • What it entails: Last Pass account setup on user computer(s) and device(s), transferring/copying all passwords to application vault and user training.
   • Estimated time to complete: Depends on number of users + training

1. • Problem/Security Risks: Password reuse and the use of simple passwords are a major security risk.  Saving passwords on documents or web browsers is not safe.

1. Office 365 account audit + shore-up security
   • What it entails: Audit/cleanup Office 365 user accounts and make changes as necessary. Setup MFA for all ASF Office 365 accounts. Setup DKIM, SPF and DMARC email security.
   • Estimated time to complete: Depends on number of user accounts to be setup

1. • Problem/Security Risks: Currently, Multi Factor Authentication (MFA) is not setup and if email accounts are hijacked, the malicious third party can get access to other services/accounts, request password resets and further compromise the organization.

1. DropBox account audit + shore-up security
   • What it entails: Audit/cleanup DropBox user accounts and access controls/permissions and make changes as necessary.
   • Estimated time to complete: Depends on number of user accounts/directories that need to be audited

1. • Problem/Security Risks: External users (no longer working at/for ASF) may still have access to DropBox files or folders.

II. ORGANIZATION IT SECURITY POLICIES AND PROCEDURES

1. Develop IT security policies

1. • Expected Benefit: Cybersecurity Standards and Policy Framework
   • What it entails: Developing a set of strategies for managing the processes, tools and policies necessary to prevent threats to digital and non-digital information.

1. Develop CyberSecurity Incident Response Plan

1. • Expected Benefit: Cybersecurity Standards and Policy Framework
   • What it entails: Developing a set of strategies for managing the processes, tools and policies necessary to detect, document and counter security threats.

1. Develop Disaster Recovery Plan

1. • Expected Benefit: Business continuity
   • What it entails: Developing a documented process or set of procedures to execute an organization’s disaster recovery processes and recover and protect a business IT infrastructure in the event of a disaster.

Please let me know if you have any questions. Steve@ipsofacto.net

The post Hosted Services Security Guide for All IT Firms to Use (our gift to you during Covid19 hardship) appeared first on IPSOFACTO, IT Services.

Hosted Services Security Guide for All IT Firms to Use (our gift to you during Covid19 hardship) syndicated from https://ipsofacto.net

Apple & Google Gang Up to know what your blood is doing (with Covid19)

(Hi Friends- I usually write our articles, but this was too good to regurgitate. Courtesy of the Hustle.co)

PANDEMIC TECH
5 things to know about the Apple-Google collaboration on contact tracing
Two of the world’s biggest tech giants are going big on contact tracing.
On Friday, Apple and Google announced that they’re teaming up on an effort to track the spread of the Coronavirus — using data from smartphones.
The idea is to take traditional contact tracing — which involves medical pros interviewing people who test positive — digital. The digital approach scales a lot more quickly than relying on humans alone.
Here are 5 things you should know about the plan:

1: Apps using Bluetooth will be developed to monitor your proximity to other people’s devices. When a user tests positive for COVID-19, they log the information in the app. If the system sees that your phone was near one that had registered a positive test, you’d be notified.

2:  Don’t expect a ton of apps to flood the market. The Wall Street Journal reported that Apple and Google intend to vet the apps strictly, with a hope of offering one per country. Eventually, they want to bake contact tracing into the Android and iOS operating systems.

3:Their success depends on how many people use them. Singapore already has a contact-tracing app. A top official there said ¾ of the country’s population would have to use it for it to work as intended. But only 1 in 6 people (about 1m individuals) have installed it so far. Even so, it’s regarded as successful.

4: Bluetooth ain’t perfect. Experts have concerns about privacy and false positives. Self-reporting could get sketchy fast. And just because your phone came within range of an infected person’s device, that doesn’t necessarily mean you got close enough to catch something.

5: But it would be hard for hackers to exploit the system. The Verge crunched the technical documentation and found that someone would have to jump through MAJOR hoops to connect the data back to actual people. The system doesn’t identify you or actually log your location.

The post Apple & Google Gang Up to know what your blood is doing (with Covid19) appeared first on IPSOFACTO, IT Services.

Apple & Google Gang Up to know what your blood is doing (with Covid19) syndicated from https://ipsofacto.net

COVID19 Doomsday Hackers

Someone’s got nothing better to do over there in England….

This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).

This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice.

Both CISA and NCSC are seeing a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.

APT groups and cybercriminals are targeting individuals, small and medium enterprises, and large organizations with COVID-19-related scams and phishing emails. This alert provides an overview of COVID-19-related malicious cyber activity and offers practical advice that individuals and organizations can follow to reduce the risk of being impacted. The IOCs provided within the accompanying .csv and .stix files of this alert are based on analysis from CISA, NCSC, and industry.

Note: this is a fast-moving situation and this alert does not seek to catalogue all COVID-19-related malicious cyber activity. Individuals and organizations should remain alert to increased activity relating to COVID-19 and take proactive steps to protect themselves.

Technical Details

Summary of Attacks

APT (advanced persistent threat) groups are using the COVID-19 pandemic as part of their cyber operations. These cyber threat actors will often masquerade as trusted entities. Their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities that may have been previously compromised. Their goals and targets are consistent with long-standing priorities such as espionage and “hack-and-leak” operations.

Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware.

Both APT groups and cybercriminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months. Threats observed include:

• Phishing, using the subject of coronavirus or COVID-19 as a lure,
• Malware distribution, using coronavirus- or COVID-19- themed lures,
• Registration of new domain names containing wording related to coronavirus or COVID-19, and
• Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.

Malicious cyber actors rely on basic social engineering methods to entice a user to carry out a specific action. These actors are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic in order to persuade potential victims to:

• Click on a link or download an app that may lead to a phishing website, or the downloading of malware, including ransomware.
  • For example, a malicious Android app purports to provide a real-time coronavirus outbreak tracker but instead attempts to trick the user into providing administrative access to install “CovidLock” ransomware on their device.
• Open a file (such as an email attachment) that contains malware.
  • For example, email subject lines contain COVID-19-related phrases such as “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)”

To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization (WHO) or an individual with “Dr.” in their title. In several examples, actors send phishing emails that contain links to a fake email login page. Other emails purport to be from an organization’s human resources (HR) department and advise the employee to open the attachment.

Malicious file attachments containing malware payloads may be named with coronavirus- or COVID-19-related themes, such as “President discusses budget savings due to coronavirus with Cabinet.rtf.”

Note: a non-exhaustive list of IOCs related to this activity is provided within the accompanying .csv and .stix files of this alert.

Phishing

CISA and NCSC have both observed a large volume of phishing campaigns that use the social engineering techniques described above.

Examples of phishing email subject lines include:

• 2020 Coronavirus Updates,
• Coronavirus Updates,
• 2019-nCov: New confirmed cases in your City, and
• 2019-nCov: Coronavirus outbreak in your city (Emergency).

These emails contain a call to action, encouraging the victim to visit a website that malicious cyber actors use for stealing valuable data, such as usernames and passwords, credit card information, and other personal information.

SMS Phishing

Most phishing attempts come by email but NCSC has observed some attempts to carry out phishing by other means, including text messages (SMS).

Historically, SMS phishing has often used financial incentives—including government payments and rebates (such as a tax rebate)—as part of the lure. Coronavirus-related phishing continues this financial theme, particularly in light of the economic impact of the epidemic and governments’ employment and financial support packages. For example, a series of SMS messages uses a UK government-themed lure to harvest email, address, name, and banking information. These SMS messages—purporting to be from “COVID” and “UKGOV”.

 

The post COVID19 Doomsday Hackers appeared first on IPSOFACTO, IT Services.

COVID19 Doomsday Hackers syndicated from https://ipsofacto.net

Going Mobile Playbook; And love to IPSOFACTO Clients.

Dear Loving Clients,

We Send our Love back to you from the IPSOFACTO, IT Services Family

March 16- March 20 was busy; for new mobile team support and overtaxed home-to-office connectivity. The hackers and computer viruses have seen a 10x increase. (Hackers have nothing better to do right now).

Here at IPSOFACTO, IT Services we are:

1. Helping people use and have secure mobile tools
2. Rolling out our SAFETY BUNDLE (mobile protections, network speed increases, user efficiency, corporate oversite)
3. Redesigning Data Systems (now is a great time to organize files)
4. Migrating email and files to safer locations
5. Mobile-Speed-Upgrades for hardware (firewalls and Wifi) and for Servers (patches and Virtual software)
6. Rolling out new computers for Mobile Staff
7. Updating Network Security profiles

Some of our clients are working from home and have seen a slowdown in employee productivity. What seems like a vacation for some sees us doing background security and network upgrades. Right now, many new data filters are rolling out to protect networks from embedded hacks.

We have been rescheduling on-site appointments to off-site.

Our clients have been calling us to ask how to roll out new collaboration software.

All our plans are in full effect. They will be re-evaluated on April 7^th. We must pay our salaries here. Humans come first in these difficult times.

For IT Service, please send requests to support@ipsofacto.net We’re here to keep you up and working.

Thank you,

Steve and the IPSOFACTO, IT Services Family

 

————————————————————————

Many IPSOFACTO, IT Services clients are using this opportunity to:

1. Avoid interruptions: We’re working in empty offices to replace old or obsolete networking equipment.
2. Outpace competitors: Our gig economy clients are finding ways to take more market share from firms that are not working now.
3. Launch new Marketing campaigns: more eyeballs reading more copy right now.
4. Support the cause: Focus on clients in Healthcare and delivery services.
5. Hire: Find new employees.
6. Buy an office, rather than rent: Commercial office prices are down, and the interest rate is 0%. Buy a $1m live-work loft for 3%, 20yrs, $50k down.
7. Facilitate Changes: Make the changes you wanted to make in 2019 but were too busy.
8. Plan Better: Write up a new business plan for 2020.
9. Embrace Yogic Living: This is a time for better health, true information, and strong compassion.

Working Mobile; things you will need

1. Security Software
   1. Recommendation: Install OpenDNS, Webroot Antivirus and MDM on all Craft computers/laptops – this can be done remotely.

1. VPN Access
   1. Recommendation: Meraki networks already support VPN access; setup for all  employees – this can be done remotely.

1. Cybersecurity Incident Response Plan
   1. Recommendation: Develop/Update response plan – The increased security risk of remote work reinforces the need to have a plan in place if something goes wrong.

Email support@ipsofacto.net or call 415-362-2922; to roll-out these changes ASAP. http://www.ipsofacto.net

———————————————————————

Boiler Plate Network Security Guidelines

Additionally, the following is not a comprehensive list of IPSOFACTO, IT Services best practices and some may or may not apply; however, it provides users and organizations with some guidance in managing the cybersecurity risks associated with a remote workforce.

Policy: 

Review your current information security and other similar policies to determine if there are any established security guidelines for remote work and remote access to company information systems.  Some organizations may have policies specifically geared for remote work, while others may provide for contingencies in disaster recovery plans, BYOD (bring your own device) polices, and other similar plans and policies. If no relevant plans or policies are in place, this is a good time to establish at least some basic guidelines to address remote access to company information systems and use by employees of personal devices for company business.

Preparation:

Companies should review data breach and incident response plans to ensure that organizations are prepared for responding to a data breach or security incident.  Update the plans if necessary, for contact information for the (now) remote incident response team and outside advisors.

 

Remote Access:

In traditional IPSOFACTO, IT Services virtual private networks (VPNs), individuals use VPN client software to establish a secure connection to an internal network to access internal (office) resources (i.e File Share Servers, Virtual Machines, intranet websites, etc.). Organizations should scope VPN access accordingly to ensure the principle of least privilege is maintained. Regardless of which remote access method you offer, multi-factor authentication should be mandatory. Additionally, if remote devices are allowed to connect to your internal network, consider implementing a Network Access Control (NAC) solution to ensure only authorized devices are permitted to connect at IPSOFACTO, IT Services.

Organization-Owned vs Personal Devices:

Many Software as a Service (SaaS) and virtualized applications that IPSOFACTO, IT Services  managesmay be securely accessed by remote users through their personal devices if certain security controls are implemented. To reiterate, MFA should be mandatory for remote access to any application, network, or service your organization provides to teleworkers. In addition, organizations must implement controls to ensure sensitive files and information are not downloaded or stored on personal devices or personal cloud storage services. Sensitive data should only be stored on organizationally-controlled devices or authorized cloud storage services. Cloud service providers often offer conditional access controls to prevent the download of data to unauthorized devices. IT departments are advised to enforce these controls. For cloud services at IPSOFACTO, IT Services that do not provide the option to restrict the download of sensitive data, organizations are advised to implement a Cloud Access Security Broker (CASB) solution that provides these security controls.

Device Security:

Irrespective of whether a device is personally owned or organizationally owned, they are exposed to numerous risks when connecting to networks not controlled by the organization. Therefore, implementing strong security controls by IPSOFACTO, IT Services is paramount. This includes controls such as strong authentication, hardening the operating system, and applying the principle of least functionality to limit services, ports, and protocols to only those that are necessary. Protective technologies should be implemented, including anti-virus/anti-malware software, endpoint detection and response software, web content filtering software, host-based firewalls, device and file encryption, and the latest security patches. With a remote workforce, IPSOFACTO, IT Services face a myriad of challenges in providing support, pushing security updates, and providing continuous monitoring and incident reporting and response services for remote devices and users.

Other Remote Work Cyber Security Tips:

• Remind employees of the types of information that they need to safeguard.  This often includes information such as confidential business information, trade secrets, protected intellectual property, work product, customer information, employee information, and other personal information (information that identifies a person of household). IPSOFACTO, IT Services can shore this up with data protection services.
• Sensitive information, such as certain types of personal information (e.g., personnel records, medical records, financial records), that is stored on or sent to or from remote devices should be encrypted in transit and at rest on the device and on removable media used by the device. IPSOFACTO, IT Services can shore this up with data protection services.
• Train employees on how to detect and handle phishing attacks and other forms of social engineering involving remote devices and remote access to company information systems. There are an increasing number of Coronavirus-based phishing emails going around, preying on the health concerns of the public. For more information about this particular risk, please see our article. Train your employees using IPSOFACTO, IT Services training programs.
• Do not allow sharing of work computers and other devices.  When employees bring work devices home, those devices should not be shared with or used by anyone else in the home.  This reduces the risk of unauthorized or inadvertent access to protected company information.
• Company information should never be downloaded or saved to employees’ personal devices or cloud services, including employee computers, thumb drives, or cloud services such as their personal Google Drive or Dropbox accounts. IPSOFACTO, IT Services can shore this up with data protection services such as Saas Backup.
• “Remember password” functions should always be turned off when employees are logging into company information systems and applications from their personal devices. use IPSOFACTO as your password. Nobody can spell it correctly though it’s one of the oldest words still used in the English Language.

The post Going Mobile Playbook; And love to IPSOFACTO Clients. appeared first on IPSOFACTO, IT Services.

Going Mobile Playbook; And love to IPSOFACTO Clients. syndicated from https://ipsofacto.net

IPSOFACTO- In Love with Modular Construction

Modular Construction Technologies, (an area of expertise here at IPSOFACTO) is full of fantastic new advances and ideas.

‘In-housing’ the technologies that were once ‘off-burdened’ to a low tech GC is no longer happening. It was bad and had to go. Factories now produce modules and assemblers now assemble those modules. Assemblers have become the modern-day GC; only needing to put the modular pieces together while offering a little light construction, only. (seaming, taping, painting, a little dry-walling)

But what are the technical shortcomings. All technology (since the beginning of time) becomes TOO complex. Simplicity doesn’t sell. Complexity sells. Greed causes complexity, to sell more BS. Complexity is bad.

 

So in Modular Construction, we need PM tools that anyone can use. CAD based programs need to be usable by low level admin and inside Sales staff. Having access to the technology by today’s less-then-brilliant tech users is the new requirement. You shouldn’t need a PhD to use modular construction technologies. In fact, in building buildings, you are most likely to find lowest level technology users out there, construction workers.

For Accountants; they need to change their brains….they need to understand modular manufacturing inventory management work flow rather than old fashioned construction. Accountants need applications to support them. For instance, on what continents are staff working. Where are the modules built and to where are they shipping? Where are these immense amounts of 3d and 2d data being stored? How is inventory managed and accounted?

Printing; using in house or cloud-based printing facilities. Who is doing the document preparation and where…. India. China. US. Patagonia?

The future big failures in new Modular Construction will use outdated and stupid tech;  GSuite and a good plotter. yikes. That’s definitely the attitude of yesterday and not of tomorrow.

Repetition leads to perfection. Re-inventing wheels does not. When the correct mix and use of modular construction technologies is in play, repeating the same Bauhaus patterns will lead to the flare of IM Pei. But Modular lends itself to construction at breakneck speeds. Like when the Hulk destroys a city. Modular will help rebuild it in a few weeks (with the right technologies! ha!) Damn you, Hulk!

Modular construction techniques rely on technology and supports the use of (and further advances of) technology within the sector.

Some of the biggest wins to focus on are:

1. Less waste
2. Faster Speeds
3. Faster permitting and inspection
4. More efficient use of raw materials that are NOT wasted.
5. Better inventory and accounting modeling
6. Global Team sets
7. Easier buying calculations, follow up, and leverage.
8. Easier loan access (better numbers, better loans!)
9. Greater standards for Fixtures and built in furnishings
10. Standards for plumbing and electrical
11. Eventual economies of scale at a global level (build identical buildings in cities thousands of miles apart, the modules coming from 1 single factory.
12. Resale Standards and Comp reviews

And all of these incredible advances will require new technologies to manage them.

The post IPSOFACTO- In Love with Modular Construction appeared first on IPSOFACTO, IT Services.

IPSOFACTO- In Love with Modular Construction syndicated from https://ipsofacto.net

Damn You G Suite and O365

Dammit!

“The G Suite data got permanently deleted.”

…Or…

“The Office 365 data got permanently deleted.”

 

Did you know this data CAN NEVER BE RETRIEVED?

Do you think Google or Microsoft run expensive systems to store your DELETED data. They don’t. It’s gone permanently.

The conference speaker in Houston said “MAKE SURE your cloud data backed up”. My client, a freight company, was hacked and 10 years of data was deleted. They spent $450,000 to stay in business, and the data still has all the wrong dates on it.

Then he went on to mention the airline company, the Law firm, the CPA firm….all the same… They embraced O365 or G Suite, and lost their public folders, their contact groups, the calendar entries, or accidentally deleted all emails about 2019 taxes.

They all thought MS and Google stored their deleted data. How silly.

This nightmare is happening everywhere in America for a few years now.

PLEASE PLEASE, Call us.

For $35/mo all your hosted G Suite or Office365 data is backed up.

Our system is never seen, you never know its there, working in the background. All data is 256bit encrypted.

When you assistant deletes all your contacts or your email from 2018 (by accident), we restore in 5 minutes. For $35/mo.

PLEASE DO NOW. (your call to action).

 

Have a great day. And with so much stress-relieving LOVE,

Steve IT Luvr…

The post Damn You G Suite and O365 appeared first on IPSOFACTO, IT Services.

Damn You G Suite and O365 syndicated from https://ipsofacto.net