Telecommuting Top 10 Reasons Why

Telecommuting Top 10 Reasons Why

Telecommuting Top 10 Reasons why
Telecommuting top 10 reasons why – the focus of many C-Level executives is addressed by this policy

Telecommuting Top 10 Reasons Why include the following:

  1. Flexible Work Hours – If employees telecommute then their schedules become more flexible.
  2. Reduce costs – Telecommuter’s can save money on transportation costs such as gas, parking, public transportation, work clothes, and dry cleaning bills. Employers can save money by reducing overhead and retaining employees.
  3. Ease strain on employees -Telecommuter’s have greater flexibility to plan non work-related activities around their business schedule instead of searching for time in the early morning, late evening, or during lunch.
  4. More Productive – Telecommuter’s will save the time they now take to commute to their place of employment.
  5. Minimize Non-Work Distractions – At times employees in an office setting can be distracted from their work by untimely interruptions from peers, impromptu meetings, or pulled away onto other projects. Telecommuter’s may find themselves more productive.
  6. Better Morale – Working from home usually means telecommuter have more time with their family.
  7. Green Solution  – Working from home part or full-time reduces the auto emissions and decreases gas consumption.
  8. Stay Healthy – Working from home decreases the stress caused by inflexible hours, commuting time and costs, continual rushing to unmet family needs, sitting idle during a commute and provides time to exercise or pursue endeavors of particular interest to you.
  9. Potential Tax Deductions – Income deductions are available for home-based work-related expenses such as fax, scanner, phone, computer and office supplies.
  10. Reduce the Need for Outsourcing – Working from home helps keep jobs domestic and reduces need or desire for business and industry to contract with other countries for work that can be done at sites other than the main office.
Order Telecommuting PolicyDownload Selected Pages

.

Top 10 tips improve social networking security

Top 10 tips and best practices to improve social networking security

Top 10 tips to improve social networking security are necessary in order to secure the enterprise’s data and reputation.

  1. Educate employees – Educating employees of best practices can help improve the overall security of the business. Awareness through seminars, workshops, and other programs help educate how attackers use social media to target a brand via individual employees.
  2. Have employees use different passwords for different system – Encourage users to have multiple unique passwords. This can be support by implementing a cloud based password management system.
  3. Mandate strong passwords – Make it a requirement to have unique strong passwords.
  4. Have employees change passwords regularly – One every three or four months communicate with employees to tell them it is time to change their passwords.
  5. Do not share accounts – For social accounts that represent the enterprise only have one user per each and the linking e-mail account should be one that is in the enterprise domain and will remain with the enterprise in case the employee leaves or is teminated
  6. Implement two factor authentication – Many of the larger social networks provide two-factor authentication, commonly in the form of a code sent to their smartphone or email each time a new device or browser attempts to login to the account.
  7. Educate employees to NOT open email attachments or go to links where the originator is not known – Stress the practices of carefully reviewing URL links before clicking to make sure the company and site name are spelled correctly. Cybercriminals will often blast out links that are very similar to a real address adding, subtracting or rewording parts to differentiate them.
  8. Utilize antivirus and security software – . No matter how careful a user is, there’s always the risk of accidentally engaging with a malicious link – and just one unfortunate click can lead to months of recovery time.
  9. Don’t friend people you do not know – Companies should encourage employees to thoroughly vet a friend request before hitting “accept”. They should check to see if other colleagues are also connected to the account. If the account seems suspicious or you don’t know the individual, ignore or report the user, and refrain from clicking on any links they may have sent.
  10. Validate and verify – just because it is on the Internet does not make it true.

Top 10 WYOD Best Practices

Top 10 WYOD Best Practices expand beyond BYOD

Tio 10 WYOD Best Practices - Policy
WYOD Policy that address all of the issues generated by this technology.

Top 10 WYOD Best Practices – Employees bringing their own smartphones into the workplace started the BYOD trend requiring enterprises to deal with the serious security implications that come from these devices. The decision for employees to wear their own device (WYOD), such as an apple watch that can link to your Wi-Fi; capture audio, video and data; store; and transmit poses similar problems for IT departments.  Employees and individuals outside of the enterprise can use these devices, sometimes discretely, to access and share business content.

This puts corporate data and infrastructure at risk, and reinforces the need for IT managers to focus on securing the content, rather than the device that’s in use. Wearable devices simply add another level of access and security concern to what we’ve already seen with the BYOD trend.

Here are top 10 best practices for WYOD:

  1. Have a strategy for how, when and why WYOD devices can be used
  2. Implement an acceptable use policy
  3. Identify the connectivity options that are available to both internal and external users
  4. Approved devices should be easily connected to the available secure access points
  5. Define a management process for the WYOD devices
  6. Plan for the activity WYOD devices will add to the network
  7. Make collaboration tools a priority
  8. Secure the end points and isolate sensitive/confidential information and locations
  9. Be prepared for little to no advance notice on upgrades
  10. Formalize your 7 x 24 support

For more information on this go to WYOD Policy.

Electronic Forms are released by Janco

Electronic Forms are now available for download

Electronic FormsJanco Associates has just released its 100 IT Infrastructure Electronic Forms .  Victor Janulaitis the CEO of Janco Associates, Inc. said, “Over 1,000 companies in over 120 countries have selected the Janco’s CIO IT infrastructure Policy Bundle with electronic forms.” He added, “Forms include all areas of IT including Disaster Recovery/Business Continuity, IT Service Management, Records Management, Records Retention, Safety Program and Threat/Risk Assessment.”

The CEO added, “Many of the best features  are that they comply with US state and federal mandates, EU requirements, and ISO standards.  Best practices are followed on all of the forms product.”

The Infrastructure Electronic Forms are delivered electronically and comes as an easily modifiable Microsoft WORD and PDF documents.  They include everything needed to implement a seamless electronic document management system which works on Smartphones, tablets, and desktops.  The forms can be acquired with Janco’s CIO IT Infrastructure Policy bundle or a as a standalone item.  Janco also offers and subscription update service for 12 or 24 months.

The CEO said, “Enterprises around the world are moving away from paper files to electronic ones.  CIO who are on the top of their games have already started this implementation.  It will only be a short time until electronic forms will be a best practice.

OrderDownload Selected Pages

Top 10 tips improve social networking security

Top 10 tips and best practices to improve social networking security

Top 10 tips improve social networking security – These best practices will improve social networking security and protect the enterprise’s social networking reputation.

  1. Educate employees – Educating employees of best practices can help improve the overall security of the business. Awareness through seminars, workshops, and other programs help educate how attackers use social media to target a brand via individual employees.
  2. Have employees use different passwords for different system – Encourage users to have multiple unique passwords. This can be support by implementing a cloud based password management system.
  3. Mandate strong passwords – Make it a requirement to have unique strong passwords.
  4. Have employees change passwords regularly – One every three or four months communicate with employees to tell them it is time to change their passwords.
  5. Do not share accounts – For social accounts that represent the enterprise only have one user per each and the linking e-mail account should be one that is in the enterprise domain and will remain with the enterprise in case the employee leaves or is terminated
  6. Implement two factor authentication – Many of the larger social networks provide two-factor authentication, commonly in the form of a code sent to their smartphone or email each time a new device or browser attempts to login to the account.
  7. Educate employees to NOT open email attachments or go to links where the originator is not known – Stress the practices of carefully reviewing URL links before clicking to make sure the company and site name are spelled correctly. Cybercriminals will often blast out links that are very similar to a real address adding, subtracting or rewording parts to differentiate them.
  8. Utilize antivirus and security software – . No matter how careful a user is, there’s always the risk of accidentally engaging with a malicious link – and just one unfortunate click can lead to months of recovery time.
  9. Don’t friend people you do not know – Companies should encourage employees to thoroughly vet a friend request before hitting “accept”. They should check to see if other colleagues are also connected to the account. If the account seems suspicious or you don’t know the individual, ignore or report the user, and refrain from clicking on any links they may have sent.
  10. Validate and verify – just because it is on the Internet does not make it true.

Order Policy Download Selected Pages

Walmart denies hack occurred

14,600 emails addresses and passwords posted – Walmart denies hack occurred

Walmart denies hack occurred
Incident Communication Plan

Walmart denies hack occurred after email address and passwords were posted.   – Over 14,600 email addresses and plain-text passwords associated with Sam’s Club’s online store were dumped on Pastebin, a text sharing site. Walmart denied a hack occurred.

The title of the password dump said that the accounts listed belonged to the retail giant. The company which has over 650 locations across the US and tens of millions of members.

Walmart said “.. looked into this issue and there is no indication of a breach of our systems. It is most likely a result of one of the past breaches of other companies’ systems. Because customers often use the same usernames and passwords on various sites, bad actors will typically test the credentials they obtain across many popular sites. Unfortunately, this is an industry-wide issue,” said a Walmart spokesperson.

Order PolicySample Policy

That is no way to inspire confidence in the security of an enterprise’s website.

To survive an incident such as a business interruption, security breach, or a product recall, organizations need more than a successful communication strategy – they need an incident communication plan.

The overall objectives of a incident communications plan should be established at the outset. The objectives should be agreed upon, well understood, and publicized. For example, will the primary objective of the communications plan be for communications only to employees, and only during a disaster? Or is the intent to advise customers of interruptions to service? Or is it for investors and stockholders? Or regulatory agencies? Or is it some combination of these?

Top 10 Wearable Issues

Top 10 Wearable Issues

Top 10 Wearable Issues – Over 33% of all organizations surveyed by Janco have revealed they have more than 5,000 connected devices. Add to that, Cisco predicts there will be more than 600 million wearable devices in use by 2020.

These facts present a set of challenges for CIOs and IT enterprises of all sizes.

  1. Easy physical access to Data
  2. Records management, retention, and destruction
  3. Business continuity is significantly more complex
  4. Photos, Videos and Audio can be captured without anyone knowing it
  5. Instant access to outside Wi-Fi and cellular systems facilitates rapid dissemination
  6. Insecure wireless connectivity
  7. Lack of encryption
  8. Lack of formal policies with limited regulation or compliance –
  9. Software and Firmware version control
  10. Current MDM Policies Don’t Cover Wearables

Read On…

Top 10 Wearable Issues Download Selected Pages

10 best practices electronic meetings

10 best practices electronic meetings

10 best practices electronic meetings
Travel Off-Site Meeting Policy

10 best practices electronic meetings have been identified by Janco Associates, Inc.  They are:

  1. Have an agenda that is available to all attendees before the meeting
  2. Have a process to validate that the devices in use by users will work with the electronic meeting application
  3. Test the meeting technology with all attendees well in advance of the meeting
  4. Have a specific start time
  5. Be aware of time zones that meeting attendees will be in
  6. Have a dress code including background for meeting attendees to follow
  7. Send electronic invitation which require a confirmation and put the meeting in the electronic calendars of all attendees
  8. Have a common secure location where share documents are available to all attendees
  9. Record the meeting and comments for others to review if they are not able to attend
  10. After the meeting send a summary of the meeting including next steps, tasks assigned, and when the next follow-up meeting will take place.

Order PolicyDownload Selected Pages

Top 10 Technology Travel Tips – International

Top 10 Technology Travel Tips – International

Travel, Electronic, and Off-Site Meeting Policy
Top 10 Travel Tips

Top 10 Technology Travel Tips – When people traveling, especially internationally, not only is technology at risk but also sensitive personal and work information.  Below are 10 tips taken from Janco’s Travel, Electronic, and Off-Site Meeting Policy.

  1. If it’s not necessary, don’t travel with a computer or tablet.
  2. Whenever possible, arrange to use loaner laptops and handheld devices while traveling.
  3. If you are bringing a laptop with you, make sure you have the proper plug adapter.
  4. Install a host-based firewall, and configure it to deny all inbound connections.
  5. Disable file, printer sharing, and Bluetooth. Apply full disk encryption, picking a long, complex password
  6. Update all software immediately before travel.
  7. Always clear out browser cache before you leave.
  8. Backup your computer
  9. If you are bringing private data, not on a computer, copy the data onto an encrypted USB memory device
  10. Change the password for your accounts email, Gmail, Facebook, etc.
    1. Utilize complex passwords – Assume the workstation or medium will be lost or stolen.
    2. Memorize the password, or keep it in a secure location on your person.
    3. Password protect the login, and require the password after screen-saver.
    4. NEVER set browser to remember passwords.

Order Policy Download Selected Pages

10 Security Assessment Questions

10 Security Assessment Questions

Security Assessment and Compliance Management
Security Assessment and Compliance Management

Security Assessment Questions

  1. To stop a breach tomorrow, what does the enterprise need to differently today?
  2. Does the enterprise know if the company has been breached? How does it know?
  3. What assets are being protecting, what are they being protected from (i.e., theft, destruction, compromise), and who are they being protected them from (i.e. cybercriminals or insiders)?
  4. What risks does the enterprise face if it is breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
  5. Does the enterprise’s IT security implementation match the enterprise’s business-centric security policies?
  6. Are formal written policies, technical controls or both in place? Are they being followed?
  7. What is the enterprise’s security strategy for IoT?
  8. What is the enterprise’s security strategy for BYOD and “anywhere, anytime, any device” mobility?
  9. Does the enterprise have an incident response plan in place?
  10. What is the enterprise’s remediation process? Can the enterprise recover lost data and prevent a similar attack from happening again?

Security Compliance – Comprehensive, Detailed and Customizable for Your Business

The Security Compliance Policy and Audit Program bundle provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in 220 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:

  • Risk analysis – Threat and Vulnerability Assessment via Electronic Forms
  • Staff member roles
  • Physical security
  • Electronic Communication (email / SmartPhones)
  • Blogs and Personal Web Sites
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Network security
  • Internet and IT contingency planning
  • Insurance
  • Outsourced services
  • Waiver procedures
  • Incident reporting procedures
  • Access control guidelines
  • PCI DSS Audit Program as a separate document

Order Download Selected Pages

Top 10 Cloud SLA Best Practices identified by GAO

Top 10 Cloud SLA Best Practices identified by GAO

Cloud SLA Best Practices
Cloud SLA Best Practices

Top 10 Cloud SLA Best Practices are:

  1. Define SLA roles and responsibilities for the enterprise and cloud providers. These definitions should include,the persons responsible for oversight of the contract, audit, performance management, maintenance, and security.
  2. Define key terms. Include definitions for dates and performance. Define the performance measures of the cloud service, including who is responsible for measuring performance. These measures would include: the availability of the cloud service; the number of users that can access the cloud at any given time; and the response time for processing a customer transaction.
  3. Define specific identifiable metrics for performance by the cloud provider. Include who is responsible for measuring performance. Examples of such measures would include:
    SLA Best Practices
    SLA Best Practices
    • Level of service (e.g., service availability—duration the service is to be available to the enterprise).
    • Capacity and capability of cloud service (e.g., maximum number of users that can access the cloud at one time and ability of provider to expand services to more users).
    • Response time (e.g., how quickly cloud service provider systems process a transaction entered by the customer, response time for responding to service outages).
  4. Specify how and when the enterprise has access to its own data and networks. This includes how data and networks are to be managed and maintained throughout the duration of the SLA and transitioned back to the enterprise in case of exit/termination of service.
  5. Specify specific SLA infrastructure and requirements methodology:
    • How the cloud service provider will monitor performance and report results to the enterprise.
    • When and how the enterprise, via an audit, is to confirm performance of the cloud service provider.
  6. SLA DRP and Security for Cloud
    SLA DRP and Security for Cloud

    Provide for disaster recovery and continuity of operations planning and testing. Include how and when the cloud service provider is to report such failures and outages to the enterprise. In addition, how the provider will re-mediate such situations and mitigate the risks of such problems from recurring.

  7. Describe any applicable exception criteria when the cloud provider’s performance measures do not apply (e.g., during scheduled maintenance or updates).
  8. Specify metrics the cloud provider must meet in order to show it is meeting the enterprise’s security performance requirements for protecting data (e.g., clearly define who has access to the data and the protections in place to protect the enterprises’s data). Specify the security performance requirements that the service provider is to meet. This would include describing security performance metrics for protecting data, such as data reliability, data preservation, and data privacy. Clearly define the access rights of the cloud service provider and the enterprise as well as their respective responsibilities for securing the data, applications, and processes to meet all mandated requirements. Describe what would constitute a breach of security and how and when the service provider is to notify the enterprise when the requirements are not being met.
  9. Specify performance requirements and attributes defining how and when the cloud service provider is to notify the enterprise when security requirements are not being met (e.g., when there is a data breach).
  10. Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures. Identify how such enforcement mechanisms would be imposed or exercised by the enterprise.

Top 10 predictions

Top 10 predictions

Top 10 Predictions for technology – As we are about to enter a new year Janco Associates is making its top 10 predictions for the new year.  All of these will impact IT spending and the IT job market.

  1. IT InfrastructureSuccessful enterprises will understand how technology impacts the business cycle
  2. Remote and mobile-only users will drive next generation applications
  3. Multimedia applications will drive the next wave of productivity
  4. Cloud processing, network systems and data communications analysts will have the greatest demand
  5. E-commerce applications will drive up the value of security expertise
  6. IT Job Family ClassificationBig data will continue to expand
  7. Internet of Things will expand at a rate that will require more dedicated resources
  8. Consulting and contractor demand will rise
  9. Social networking will be in a state of flux
  10. Cyber warfare, both political and economic will be in the rise

A full description of each these predictions can be found at http://goo.gl/3BcyRF

Threat Vulnerability AssessmentDownload Threat AssessementDownload Threat Assessement

 

10 step BYOD

10 step BYOD

10 step BYOD10 step BYOD  or how to implement BYOD successfully. We have created a policy that can be used to successfully implement BYOD.  The 10 step BYOD includes the following tasks:

  1. Define Your BYOD Objectives and Get Executive Buy-in
  2. Define Your Mobile App Strategy
  3. Identify a Pilot
  4. Decide Which Devices You Want to Allow
  5. Negotiate Mobile Service Rates With Carriers
  6. Define Your End-user Help Desk Model
  7. Identify Eligible BYOD Users
  8. Implement an Acceptable Use Policy
  9. Distribute and Train Users in Policy
  10. Monitor Program Usage

BYOD Policy Template Includes two (2) electronic forms 1) BYOD Access and Use Agreement and 2) Mobile Device Security and Compliance Checklist

BYOD include consumer SmartPhones and tablets which are making their way into your organization. Going mobile makes employees happier and more productive, but it’s also risky. How can you say ‘yes’ to a BYOD choice and still safeguard your corporate data, shield your network from mobile threats, and maintain policy compliance?

With the advent of Bring-Your-Own-Device – BYOD and the ever increasing mandated requirements for record retention and security, CIOs are challenged to manage in a complex and changing environment.

Read on…

Download Selected Pages

Lack of BYOD policy at State Department causes havoc in presidential campaign

Lack of BYOD policy at State Department causes havoc in presidential campaign

Lack of BYOD PolicyLack of BYOD policy and enforcement at the State Department have caused havoc in the presidential campaign. The secretary of state used her own personal Blackberry which was not secure. In addition it is not clear which versions of software were on her device and wither it was backed-up in accordance to mandated federal requirements for sensitive, confidential, and top secret information.

Bring Your Own Device Policy updated to to meet Disaster Recovery, Business Continuity and Corporate Intellectual Property Requirements

Download Selected Pages

With the advent of Bring-Your-Own-Device – BYOD and the ever increasing mandated requirements for record retention and security, CIOs are challenged to manage in a complex and changing environment.

IT Infrastructure Policies and Procedures

One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.

Order Infrastructure PoliciesDownload Selected Pages

Wearable Device Security Concerns

Wearable Device Security Concerns

Wearable Device Security – Over 300,000,000 wearable devices are going to be deployed in the next several years

Wearable Device Security
Wearable Device Security

Wearable Device Security – Janco Associates has determined that most mobile devices have some major vulnerabilities. They include:

  • Insufficient User Authentication/Authorization: Many devices are vulnerable to account harvesting, meaning an attacker could gain access to the device and data via a combination of weak password policy, lack of account lockout, and user enumeration.
  • Data Encryption Missing: Most devices have implemented transport encryption using SSL/TLS, but almost one half of all cloud connections are vulnerable to the POODLE attack, allow the use of weak cyphers, or still used SSL v2.
  • Insecure Interfaces: Over 1/3 of smartwatches use cloud-based web interfaces, all of which have major security concerns. In addition there are security concerns with the devices mobile applications. These vulnerability enables hackers to identify valid user accounts through feedback received from reset password mechanisms.
  • Software/Firmware Updates Not Secure: Firmware and software security issues, include transmitting updates without encryption and without encrypting the update files. On the plus side, most updates are signed to help prevent the installation of contaminated firmware. While malicious updates cannot be installed, lack of encryption allows the files to be downloaded and analyzed.
  • Privacy Controls are missing: most wearable devices collect some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information. Given the account security issues and use of weak passwords on some products, exposure of this personal information is a concern.

The use of wearable devices that can capture and broadcast video, voice, data and location information is increasing at an accelerated rate

Janco addresses the security, privacy and reputation management issues for a world in which wearable devices have cameras, microphones, massive data storage and INTERNET connectivity

Download Selected Pages

Wearable devices provide a variety of potential business or educational uses involving accessing, capturing and sharing data.  At the same time they can pose a significant security risk to an organization with, the ability to surreptitiously record audio and video can threaten business confidentiality and jeopardize company data and even its reputation.

With that in mind, the consultants at Janco Associates have created a Wearable Device Policy that can be downloaded and used as a guideline for organizations as they establish rules for the use of such devices in the workplace.