{"id":8000,"date":"2022-03-22T15:56:56","date_gmt":"2022-03-22T15:56:56","guid":{"rendered":"https:\/\/www.ecsoffice.com\/?p=8000"},"modified":"2022-03-31T16:15:57","modified_gmt":"2022-03-31T16:15:57","slug":"white-house-security-recommendations","status":"publish","type":"post","link":"https:\/\/www.ecsoffice.com\/white-house-security-recommendations\/","title":{"rendered":"Security Update \u2013 March 2022"},"content":{"rendered":"<h2 id=\"WhiteHouse\"><strong>White House Security Recommendations<\/strong><\/h2>\n<p>On Monday, March 21, 2022, White House issued a warning of new potential cyber-attacks (<a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2022\/03\/21\/fact-sheet-act-now-to-protect-against-potential-cyberattacks\/\">https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2022\/03\/21\/fact-sheet-act-now-to-protect-against-potential-cyberattacks\/<\/a>). As part of the warning, the white house came up with a list of steps and recommendations for every company.<\/p>\n<p>To help our clients understand the alert, we have summarized the recommendations on our site and added notes on everything ECS is doing for each request.<\/p>\n<p><span data-contrast=\"auto\"><strong>Here is the summary of the recommendations from the white house and what ECS is doing:<\/strong><\/span><\/p>\n<p><b><span data-contrast=\"auto\">WH:<\/span><\/b><span data-contrast=\"auto\"> Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">ECS: <\/span><\/b>We highly recommend that all clients who use email systems have multi-factor authentication enabled for every employee.<\/p>\n<p><b><span data-contrast=\"auto\">WH:<\/span><\/b><span data-contrast=\"auto\"> Deploy modern security tools on your computers and devices to continuously look for and mitigate threats<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">ECS: <\/span><\/b>We uses modern security tools to protect, prevent, and mitigate security risks. Some of the tools we use are:<\/p>\n<ul>\n<li>Centrally Managed Antivirus<\/li>\n<li>Centrally Managed Antivirus + EDR<\/li>\n<li>ThreatLocker \u2013 Zero Trush Platform.<\/li>\n<li>24\/7 Cyber Security Monitoring.<\/li>\n<li>Email Filtering, Sandboxing, and Isolation<\/li>\n<\/ul>\n<p><b><span data-contrast=\"auto\">WH:<\/span><\/b><span data-contrast=\"auto\"> Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">ECS: <\/span><\/b>Our standard policy is to update workstations every week. Servers are updated every month or on an emergency basis if a critical security patch is released. ECS Offers Dark Web Monitoring Service to monitor for any passwords that are compromised and immediately notify our clients.<\/p>\n<p><b><span data-contrast=\"auto\">WH:<\/span><\/b><span data-contrast=\"auto\"> Back up your data and ensure you have offline backups beyond the reach of malicious actors;<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">ECS: <\/span><\/b>We recommend Backup and Disaster Appliance Service. Client servers are backed up every hour to an on-site backup server. The backup server does not share any credentials with your servers to reduce the risk of a compromise. Once a day, the daily backups are combined, encrypted, and uploaded to the cloud. Client data is always stored in 3 separate locations (On the client server, on the backup server, in the cloud). In case of disaster, ECS can restore from the cloud or operate from the cloud to continue business operations.<\/p>\n<p><b><span data-contrast=\"auto\">WH:<\/span><\/b><span data-contrast=\"auto\"> Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">ECS: <\/span><\/b>We developed an incident response plan to prepare ourselves and our clients. An incident response plan is a procedure we follow should there ever be an incident. Click the link to read <a href=\"https:\/\/ecsoffice.sharepoint.com\/:b:\/s\/sales\/EQxX-iw6D89AloiHzjcRWiYBA-PVTTGERr_OQMOzhXdbig?e=er2AoU\" target=\"_blank\" rel=\"noopener\">\u202fECS Incident Response Plan.pdf<\/a><\/p>\n<p><b><span data-contrast=\"auto\">WH:<\/span><\/b><span data-contrast=\"auto\"> Encrypt your data so it cannot be used if it is stolen;<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">ECS: <\/span><\/b>We recommend encryption of any sensitive information. Sensitive data should be encrypted when sent via email, stored on the server, or in the cloud.<\/p>\n<p><b><span data-contrast=\"auto\">WH: <\/span><\/b><span data-contrast=\"auto\">Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">ECS: <\/span><\/b>We offer Employee Awareness Training. The service provides online interactive training to all employees on identifying phishing\/scams. As part of the service, ECS conducts simulating phishing attacks. An employee who clicks on simulated phishing links is asked to attend additional training.<\/p>\n<p><b><span data-contrast=\"auto\">WH: <\/span><\/b><span data-contrast=\"auto\">Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><b><span data-contrast=\"auto\">ECS: <\/span><\/b>has closely monitored CISA alerts and notifications and NIST best practices. ECS has also built relationships with FBI, Breach Council, Ransomware Negotiators, Cyber Security experts, and Cyber Security Insurance providers ro offer the best service we can to our clients.<\/p>\n<h2 id=\"ECS\"><strong>ECS Security Recommendations<\/strong><\/h2>\n<p>Here are the top security recommendations to our clients, friends, and prospects based on what we have seen in the last few months.<\/p>\n<p>Additional Email Protection \u2013 With email being one of the primary entr\u00e9e methods for a compromise, investment in additional email protection is highly recommended. This includes implementing Multi-Factor Authentication and using 3<sup>rd<\/sup> party tools to filter out a malicious email before it gets to your inbox.<\/p>\n<p>Cyber Security Monitoring \u2013 ECS partners with RocketCyber to offer 24\/7 cyber security monitoring. This means that a live person is constantly reviewing logs, connection attempts, and activity that may look suspicious on your email, servers, and network. We observed how this system had helped detect unauthorized activity and prevent a compromise before any damage was inflicted.<\/p>\n<p>Zero-Trust Security Approach \u2013 Implementing Zero trust involves locking down your computers. Only approved software can be installed even if the installer has admin rights. While this approach may sound strict to some, we have seen this approach protect organizations when all other protection methods fail.<\/p>\n<p>Employee Awareness Training &#8211; Educate your employees on phishing, vishing, and email compromise. If you currently have Employee Awareness Training consider sending out refresh training to all of your employees. If you do not have formal training, send out emails with examples of what phishing looks like and what employees need to watch out for. Make sure employees do not disclose their passwords unless they are 100% confident the website is legitimate. Compromised email is the number one method of how hackers get into your system.<\/p>\n<h2 id=\"Office365\"><strong>Office 365 CyberSecurity Monitoring<\/strong><\/h2>\n<p>To help lower the risk of security to our clients, ECS is offering 30 days free trial of our 24\/7 Cyber Security Monitoring Service for your Office 365 system. The service monitors for any suspicious activity on office 365 and is designed to take proactive action should someone gain unauthorized access to any of your employee emails.<\/p>\n<p><span data-contrast=\"auto\">Do you have questions about the cyber security posture of your company?<\/span><span data-contrast=\"auto\">Let&#8217;s talk! <a href=\"https:\/\/www.ecsoffice.com\/free-business-consultation\/\" target=\"_blank\" rel=\"noopener\">Click on this link to schedule a time convenient to you.<\/a><\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h2>Subscribe to our newsletters:<\/h2>\n<p>Name * Email * Subscribe [tcb-script type=&#8221;text\/javascript&#8221; src=&#8221;https:\/\/axy481.infusionsoft.app\/app\/webTracking\/getTrackingCode&#8221;][\/tcb-script][tcb-script type=&#8221;text\/javascript&#8221; src=&#8221;https:\/\/axy481.infusionsoft.com\/app\/timezone\/timezoneInputJs?xid=46dd1bb72b550f09027b9d95fe0c5bd1&#8243;][\/tcb-script][tcb-script type=&#8221;text\/javascript&#8221; src=&#8221;https:\/\/axy481.infusionsoft.com\/js\/jquery\/jquery-3.3.1.js&#8221;][\/tcb-script][tcb-script type=&#8221;text\/javascript&#8221; src=&#8221;https:\/\/axy481.infusionsoft.app\/app\/webform\/overwriteRefererJs&#8221;][\/tcb-script]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>White House Security Recommendations On Monday, March 21, 2022, White House issued a warning of new potential cyber-attacks (https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2022\/03\/21\/fact-sheet-act-now-to-protect-against-potential-cyberattacks\/). As part of the warning, the white house came up with a list of steps and recommendations for every company. To help our clients understand the alert, we have summarized the recommendations on our site and [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":8012,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/posts\/8000"}],"collection":[{"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/comments?post=8000"}],"version-history":[{"count":42,"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/posts\/8000\/revisions"}],"predecessor-version":[{"id":8274,"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/posts\/8000\/revisions\/8274"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/media\/8012"}],"wp:attachment":[{"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/media?parent=8000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/categories?post=8000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ecsoffice.com\/wp-json\/wp\/v2\/tags?post=8000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}