Protecting Your IT Environment - Fox Engineering Inc.

Fox Engineering Inc.
- Protecting Your IT Environment -

Fox Engineering Inc.
PO Box 215
Spencerville, MD 20868

(net)

Protecting the People; Protecting your Data and Information; Protecting your enterprise; Managing your Risk

-- Page Under Construction --
Risk: What is the Threat and are you Vulnerable?

Your IT environment is under attack!
Miscreatants - individuals, organized groups, even State actors are
trying to steal your data, your identity, and your monies.

Sometimes the "threat" is you - the people using the technology!
Simple human error, human foibles, and expediency,
may cause you to lose, or lose track of, valuable data and information.

Your "vulnerablities" may be the software you use, the hardware you use,
the age thereof, and the up-to-date state.
Your "vulnerabilities" may also be the poor level level of knowledge/experience of the
people using your enterprise.

You and/or Your Company Need to Protect Your IT Environment

Tips for protecting your Data and Information:

Extrinsic

One - tiam maximus quam sit amet neque cursus, ac blandit ante varius. Maecenas dictum imperdiet magna. Suspendisse dapibus est ultrices purus cursus, semper dictum urna fermentum. Vivamus ut elit felis. Suspendisse vitae odio lectus. Proin sit amet nisi at sapien vehicula condimentum sed a turpis].

Two - tiam maximus quam sit amet neque cursus, ac blandit ante varius. Maecenas dictum imperdiet magna. Suspendisse dapibus est ultrices purus cursus, semper dictum urna fermentum. Vivamus ut elit felis. Suspendisse vitae odio lectus. Proin sit amet nisi at sapien vehicula condimentum sed a turpis.

Don't trust requests for information from INCOMING / unsolicited e-mails or text messages -
Never give out personal information from INCOMING telephone calls - Never!- do not trust incoming phone calls asking for information or asking for verification of your personal data - callerID names and phone numbers can be and often are forged. If the "fraud" department calls, you most likely can confirm fraudulent transactions, but give no further information, not even your card number! Instead, hang up, and YOU call your bank/credit card/etc. at the customer service number on the card. Do NOT call the phone number in any e-mail / text message you receive!
Don't trust the search engine sites/phone numbers. Tripple verify what the search engine provides, lest you be directed to a spoofing service.

Intrinsic

Organize Data - Develop a strategy for organizing your data and information - you may have your data but cannot find it.
Backup, Backup, Backup (I) - Enough cannot be said to backup your data/information. Have a robust backup strategy for your data repositories, including on-site and off-site storage. AND TEST YOUR BACKUP strategy.

Local disk drive
Network attached storage (NAS) and make sure you backup your NAS
Portable external storage (local)
Portable external storage (off-site)
External "cloud" storage [use caution here for your valuable data...you don't have full control over the availability and/or the vulnerability of access from external "players."

Backup (II) - Don't forget to backup your work-in-progress.
Use Copy/Paste vs. Move/Paste - If you do a Move operation and something goes awry you could lose the original data. If you do a Copy operation, and something goes awry, the original data should be intact at its original location.
Don't Plug-in Unknown Devices - you get a "free" USB drive (or find one); plugging it into your computer / network may cause a virus to spread throughout without your knowledge, even without the protection of your security software. Don't plug in unknown devices, even from friendly sources.
Educate - use every opportunity to teach/learn about the technology and software...every opportunity!

Special Tips for e-mail and text messages

Learn to the read URL - To protect your web adventures, learn to read the Uniform Resource Locator (URL) - the internet address (e.g. fox-engineering.com) of the page you want to go to. Read it carefully and look for misspellings as these ploys are ways to misdirect you to a false/phoney page.
Learn to read e-mail headers - especially the top part of the headers with the FROM line. If your bank (xyz.com) sends you an e-mail and the FROM line shows it as zxy.mx, it is not from your bank. (Most mail readers a CTRL-U will show you the headers).
Don't Click Links in text messages - Bottom line, DO NOT CLICK on links in e-mails, certainly unless you can absolutely verify it comes from a well-known trusted source and the URL of the link is going to the trusted sender.
Verification codes in text messages - Use the codes to enter into the trusted web page. NEVER give it to the person calling or sending you the message.
.

Special Tips for Passwords

Don't reuse - don't reuse the same password for different services, maybe not even the same userID.
Use 4 classes - or at least 3 classes - of characters [lower case, upper case, numbers, symbols/special characters]
Use passwords with a minimim length of 12 characters
Use random dictionary words plus numbers and maybe special characters...at least two words each minimum 6 length plus numbers and or characters (e.g. favoritemicrograph017)

Special Tips for Infrastructure

Isolate your networks - make sure you implement network protections, firewalls, NAT services in order to group the inside operations from external threats. For corporate environments, use subnets to isolate various business functions that should be separate.
Separate working environment from Internet of Things (IOT) - create a separate network for IOT devices (perhaps on a SOHO router use the "guest" network for IOT devices)

On the Road Again

Don't trust hotel/cafe WiFi hot spots (the threat is on the Network). At least use a Travel Router and connect your devices to your Travel Router. [Note: your travel router may need to sign-in to a "captive portal" at your hotel to reach the Internet].
Use a VPN service for further protection especially when connecting to e-mail and financial services.

Suggested by: 10 Things I Would Never do as an IT Professional, by Arne Arnold, PC World 6 March 2024 [https://www.pcworld.com/article/2254480/10-things-i-would-never-do-as-an-it-professional.html]