HR and IT; How to Hire and Fire

HR and IT; How to Hire and Fire

Imagine this

An employee comes into work, goes to log-in at his workstation only to be alerted that his password is incorrect. His email isn’t coming through on his phone. He walks to his boss’s office to notify him of the issue. 

He was going to be let go. Except the boss didn’t have that “meeting” scheduled until 11. 

Staff changes are tough. There is the onboarding process and all of the stress associated with getting a new employee up to speed on the office, clients, and technology needs. 

Then there’s the firing process. A former employee who still has access to a company’s network and proprietary corporate data is a security threat. Not only is it emotionally difficult but on the data security side, it’s important to ensure that access to vital information is properly restricted at an appropriate time

What steps should you take to coordinate human resources needs with your information technology support?

Hiring

All technology needs can (and should) be taken care of prior to an employees first day. With 3-5 days notice, IT can have a new employee breezing through their first day. Without that notice, it drastically extends the runway of an onboarding process. Here are a few ways to ensure it goes smoothly.

Devices-

Technology needs vary by position. Understanding those needs helps you to anticipate the employees first day.

Needs

  • Mobile Device
  • Laptop (PC or Mac)
  • Desktop
  • Additional Monitors

Relevant applications

Accountants need Quickbooks. Everyone needs Microsoft Office. With this in mind, having that step to an employees onboarding lets their focus be where it’s needed.

Bonus: If multiple log-ins are used across the business, applications like 1Password act as a team vault for your passwords. This can be useful for new hires with multiple logins but needs set up securely as it stores sensitive information.

Email

Similarly, IT support can have the employee’s email account created for them. The employee should really only have to type a password and be on their merry way.

Extra step? Bookmark their email login in their browser. 

Firing

As we pointed out earlier, termination can be tricky. It’s a fine balance between respect for the employee you are letting go and protection from disgruntled employees erasing valuable work. 

Communication

It is important that your company make note of who is responsible for notifying IT of the restrictions. When working with an internal IT department, make sure that only senior IT personnel are notified of the termination.

Timing

Timing is everything. With meetings scheduled for terminations, your IT support can cut access to vital documents in the time allotted during the meeting. 

Give your IT team 48 hours notice of the termination and tell them who and when. Make sure to double-check that the information is correct.

Remote Access

VPNs and remote desktops are forms of how an employee accesses their work network. That access is managed when the user account is created, disabled, or removed. In the case of a termination, access is revoked during the coordinated window. 

Repurposing Devices

After a termination, properly wipe any devices to make sure there is no remaining information from a previous employee. This way devices can be repurposed for future employee use.

How ITonDemand Handles It

Through our client portal, clients can submit requests to both add and remove users. Adding and removing users can be discreet, coordinated, and organized with the right IT partner. 

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Ransomware hit a Michigan Doctor’s Office, The Results were Catastrophic

Ransomware hit a Michigan Doctor’s Office, The Results were Catastrophic

In recent months, hackers have begun targeting doctors offices and hospitals, receiving roughly 34% of all ransomware attacks. In an unprecedented incident, it just cost two doctors their practice.

What happened

Last month, the offices of Brookside ENT in Battle Creek, Michigan, experienced a ransomware attack. The hackers encrypted patient information and demanded a ransom in exchange for a password to decode the information. 

Drs William Scalf and John Bizon decided not to pay the ransom.

The hackers then proceeded to delete all medical records for the patients. The doctors had no record of anything from appointments to surgery results.

Some who had just undergone surgery are having difficulty receiving follow up care because there is simply no record of their surgery.

And because there is no patient schedule the doctors have to wait at their practice for someone to show up. There isn’t even a way to call and inform their patients as there are no phone numbers on record.

Rather than try to rebuild their practice from scratch, Brookside ENT will permanently shut their doors on April 30th, 2019.

It could have been worse.

If the hackers would have been able to view the information, not only would that have resulted in a HIPAA violation on the part of the doctors but it also would have compromised the identity security of all the affected patients.

What other practices can learn

Protect Your Email

91% of all malware originates in an email. Because each email account is a potential vulnerability, it’s important to employ a spam filter as well as provide training to your employees on identifying threats.

“…Education about the risks and preparedness are as important as IT security measures for protecting individuals and assets from cyber attacks,” said Katherine Keefe, Beazley Breach Response Services Head in response to the Brookside Ransomware attack.

Use Endpoint Malware Security

In the event of a ransomware attack, endpoint malware security can block lateral movement. This isolates the attack to a single device rather than encrypting every device on a network.

Endpoint security can also block the ransomware’s download of encryption keys.

Small Business, Big Target

Repeatedly, hackers are targeting small business because they are viewed as easy targets.

61% of all cyber attacks target small business.

This doesn’t have to be the case for your business. ITonDemand offers affordable and scalable IT solutions to partner in the prevention of these types of attacks.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

What to do about Windows 7 End-of-life

What to do about Windows 7 End-of-life

Windows 7 End-of-life

In case you are unaware — Windows 7 is coming to an end.

Microsoft has planned for this for a long time. However, most users have not it seems.

According to web analytics vendor, Net Applications, Windows 7 actually saw its user share increase to 38.4% of all personal computers worldwide at the end of February.

You may think that Microsoft forcing an update is purely cosmetic, or just operational. But if your organization is dependent on compliance, such as HIPAA or PCI, you will need to replace all affected devices. Without security updates and patches, workspaces will no longer be secure. But don’t take our word for it-

“Today, [Windows 7] does not meet the requirements of modern technology, nor the high-security requirements of IT departments,” says Markus Nitschke, Head of Windows at Microsoft Germany.”

With this many devices needing to be updated worldwide, it’s important to have a plan in place and move decisively. Because in addition to Windows 7, Server 2008 and Exchange 2010 are also making their exit.

What is the next step for your organization?

Understand that this is a necessary budget expense for most organizations. If you were unaware of this coming transition, you may not have planned for this expense. This is the time to expedite decision making. We are anticipating nation-wide device shortages as we get closer to 2020 and EOL. Contact our IT experts to help make a transition plan for your organization.

(For our clients — we will reach out to you regarding the transition, if necessary.)

Once you have reached the decision point and are ready to proceed, it may still be a few weeks at minimum before you have the new hardware in place. Taking proactive measures will ensure that there is no lapse in compliance or security.

If you have any questions, reach out to our IT experts to discuss how ITonDemand can help.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

Does this email smell phishy to you?

Does this email smell phishy to you?

How to identify if an email is a phishing attack

91% of all cyber attacks are delivered through an email. A company of 5,000 employees will receive an estimated 14,400 malicious emails per year.

It’s not abnormal to receive phishing emails. It’s only dangerous if you fall for the bait.  So how can you tell a phishing scam apart from a task that needs attention?

  • Look at the email address
  • Urgency
  • Hover, Don’t Click
  • Vague Pronouns
  • It’s Better to be Safe than Sorry

Look at the email address

This step usually begins by checking for spelling mistakes. They will usually appear as something related to the account they trying to gain access to. A few of my favorites are Oatlook, Paiypal, and Faceboook. Clearly, these aren’t correct but upon delivery in the context of your inbox, you tend to glaze over small pieces like that. Generally, they are small, subtle mistakes.

But even the from field can be manipulated; fairly easily might I add. Using open source software such as PHP Mailer, phishing attackers can manually type in both To and From addresses. When the email is delivered, the recipient will see an email that looks like it’s from the email account listed in the ‘From’ field, regardless of where it came from. It’s really that easy. That is how emails avoid spam filters and end up in your inbox.

Urgency

Phishing uses a false sense of urgency. This is intended to make users take action quickly without much thought to any inconsistencies in the email.

This can often look like “There was unusual activity detected on your account,” or “Your password is expiring today”.

The hope is that you are so concerned with losing access to an account that you make a decision (or mistake), that you wouldn’t normally.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Hover, Don’t Click

You can examine the URL in question by hovering over a link rather than clicking directly. It will appear in your browser window in the bottom left corner. You can see in the photo to the right.

If it looks questionable, don’t click it and forward it to your security provider or response team.

Vague Pronouns

Mass Phishing Attacks will generally use vague pronouns such as “Valued Customer”. Even mass corporate communications will use your full/correct name.

In more direct, high-value attacks, known as spearphishing, hackers may do deep research to create a seemingly trustworthy email. In this instance, hyper-vigilance is necessary and a trustworthy IT partner to monitor breach detection and incident recovery.

Better Safe than Sorry

If you are worried about something, forward it to your IT team for threat detection. Worst case scenario, we send it back to you saying everything’s fine. If it is malicious, not only will we have secured this threat but also helped to identify any future threats.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

SpamTitan provides increased Security and Accessibility

SpamTitan provides increased Security and Accessibility

Growing problems call for growing solutions.

In mid-February, ITonDemand began to roll out a new solution to our client base to address spam and phishing email. This solution, called SpamTitan, is a response to additional security concerns facing IT infrastructures across the nation.  

91% of all cyber attacks originate in an email. This issue is front of mind for us and we are continuously working to provide the best solution in terms of both security and productivity.

As part of this, ITonDemand clients began to receive a new daily spam quarantine report in mid-February.  We thought we’d take the time to outline some of the changes in this new tool.

What does SpamTitan do to make it more secure?

SpamTitan has multiple “layers” in its security that a message must pass through, like a gauntlet if you will.

First, it will check to see if the recipient actually exists. Next, it will test the message against a series of community support algorithms and blacklists known as RBLs or Real Black Lists.

Next, a message will check to see if the sender has a valid sender policy framework. This check significantly reduces the amount of spoofing our clients will experience. After that, the message is filtered for content, banned attachments, viruses, and internal spam algorithms. A large number of these various layers can be customized and are support by eResources’ ITonDemand, allowing us to deliver a much more secure, yet flexible, product to our clients.

What impact will this have on our clients day to day?

None!  We want your email to continue to flow while keeping you protected.

How much less spam can our clients expect to see in their inbox?

There is no silver bullet to spam, ransomware, phishing, etc and anyone who claims they have it is lying. We do expect, with SpamTitan, to see a decrease in spam, particularly cases of spoofing and phishing. With SpamTitan’s layers our clients should see a noticeable difference in the frequency of fraudulent emails.

Are there new features with SpamTitan for users?

SpamTitan allows users to manage their own whitelists and blacklists. This means users have the ability for direct involvement in their own security.

The quarantine digests are much easier to comprehend and allow you to more effectively manage messages in your quarantine directly from the digest, making decisions on what to do with quarantined items significantly more efficient.

Moving Forward

Should you have any questions on the functionality or use of SpamTitan, don’t hesitate to reach out to one of our IT experts.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

ITonDemand is in the News – March 4th, 2019

ITonDemand is in the News – March 4th, 2019

On March 4th, the Ocala Star-Banner & Ocala.com featured ITonDemand for the recent announcement of our placement on the CRN Pioneer 250

We are proud to stand alongside and partner with our Ocala-area neighbors. We are honored to be recognized for our growth and success on an international level.

To read more, visit Ocala.com or pick-up the Monday, March 4th issue of the Ocala Star-Banner.

Other Articles You Might Be Interested In:

Office365 is not a Disaster Recovery Plan

Office365 is not a Disaster Recovery Plan

Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...

read more
Data Backups and Disaster Recovery

Data Backups and Disaster Recovery

Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293