PRESS RELEASE: SOCBOX Changes Its Name to FIT Cybersecurity in Major Rebrand

Network Security Provider Joins Sister Company FIT Solutions

San Diego, California, November 30, 2021 – SOCBOX has announced its name change to FIT Cybersecurity, joining its sister company FIT Solutions in a major rebrand. Founded in 2012 by CEO Ephraim Ebstein, the company is approaching its ten-year anniversary of helping organizations achieve their business goals through technology. FIT, which stands for Freedom Information Technologies, serves as an acronym uniting both brands under the same leadership and core values. Though the companies will remain separate entities along with their technical teams, Ebstein’s goal was to provide a more streamlined experience for clients and partners.

FIT Cybersecurity prides itself on providing quality solutions to critical industries such as legal, financial, education, healthcare and manufacturing. Ebstein shared the fundamental principles of the business: “FIT Solutions was created because of our desire to impact as many lives as possible for the better. This meant two things: creating opportunities for the team we care for dearly, and solving business problems for our clients to help those organizations achieve their objectives,” he said. “FIT Solutions looks to work with organizations that also have big goals so that together, we can help extend the reach to help as many people as possible.”

Unlike many of its competitors, FIT Cybersecurity offers an around-the-clock team of expert analysts, a human element that differentiates the company from others in the marketplace. “Most offerings on the market are proprietary tools that send alerts when incidents or suspicious activity are detected. Addressing such alerts still requires a human on your team to investigate and decide whether further action is necessary. Many organizations try to handle this in-house, but quickly realize that a single employee, even full-time, cannot properly monitor and manage the security tools because of 24/7 limitations,” Ebstein said. “We take care of that for you by acting as your 24/7 cybersecurity team, monitoring and managing whatever tools and systems you have in place for a fraction of the fully-burdened resources needed to handle it in-house. We investigate any activity or alerts, and take the appropriate action to deal with any security incident.”

FIT specializes in serving long-term healthcare facilities and law firms, both of which need solid IT and cybersecurity strategies. As Ebstein stated, “Technology and Cybersecurity are like the ‘tires and brakes’ of an organization. It is critical that they work well, especially the faster the organization moves. Those two services will determine whether an organization will be able to achieve its goals.”

However, the disparate branding had caused confusion for prospective partners, which Ebstein hopes to alleviate with the rebrand. “Our IT and cybersecurity offerings are very different and are operated by different technical teams. Despite that, our core values and the philosophy and processes used to deliver results are the same,” he said. When asked which businesses should consider FIT Solutions as their service provider of choice, he answered, “Businesses that are focused on growth, that are tired of having IT and cybersecurity issues and want the best value for their investment. Organizations that are focused on securing their assets and utilizing technology to allow them to scale successfully should have a conversation with us.”

Ebstein urges potential clients to research FIT Solutions to learn more. “The best way to see what it’s like to be a FIT partner is to look at our Google reviews. Two of our core values are ‘Raving Fan Culture’ (based on a book by Ken Blanchard) and ‘Results-Driven.’ This means it is in our DNA to overdeliver and, even when mistakes happen, to deliver results,” he said.

 

About FIT Cybersecurity: Formerly known as SOCBOX, FIT Cybersecurity is a subsidiary of FIT Solutions, offering a team of world-class cybersecurity experts dedicated to helping clients protect their valuable assets. In doing so, they combine a state-of-the-art Security Operations Center (SOC) with the best cybersecurity tools and managed security services available. FIT Cybersecurity becomes an organization’s cybersecurity team, monitoring the environment 24/7 to detect and prevent cyberthreats. Learn more here.

4 Reasons Your Business Needs a VCIO

As businesses grow, that trajectory usually isn’t a straight, steady line. Without careful planning, those forward steps may be marked by major growing pains. Is your IT environment equipped to support your organization as it matures? The CIO, or Chief Information Officer, is responsible for providing high-level technical consulting—evaluating the big picture and making recommendations to smooth that growth path.

The Role of the CIO

Your CIO handles large-scale projects and IT needs. Let’s say you’re looking at moving your on-premise infrastructure into the cloud. This kind of major migration project takes a lot of coordination: rallying the troops, directing the engineers, getting the proper resources, and architecting how it will work from a business perspective as well as on the technical side. How will operations be affected? What will it cost? What risks are involved? These are all questions to which your CIO can provide answers.

Much of a CIO’s job deals with risk. What business problem are we trying to solve? What are the possible solutions? What are the risks and benefits of each? A CIO evaluates your options, makes a recommendation, and oversees the project to completion.

What about organizations that cannot afford (or don’t yet need) a full-time CIO in-house? How can you get the expertise of a CIO that knows your environment, but on a part-time basis?

Four Benefits of a VCIO

Businesses can outsource this consultant position to a VCIO, or Virtual CIO. Why go the virtual route?

  1. Cost Savings. Between salary and benefits, a full-time, in-house CIO may cost you between $100k-$300k/yr. A virtual CIO is just a fraction of this; for smaller businesses that don’t need a full-time CIO, outsourcing this role makes more sense. Partnering with a VCIO means you don’t have to choose between overpaying and sacrificing that valuable insight.
  2. Perspective. A true VCIO partner will get to know your business inside and out, becoming nearly indistinguishable from your in-house team. However, since they also work with other clients in a variety of industries, they bring that experience to the table in finding creative solutions to your business problems.
  3. Consulting. A VCIO conducts regular technology business planning. This should be a living document, outlining the opportunities, potential pain points, and recommended solutions for your environment over the next 3-24 months.
  4. Disaster Recovery Planning. Disaster recovery and business continuity are a regular part of business planning, but they’ve become especially urgent during the current pandemic crisis. This is one of the areas that showed the starkest contrast between organizations that had CIO or VCIO services and those that didn’t. As various areas went into lockdown or similar restrictions, did you have the necessary infrastructure for your team to work remotely? Do you have it now? If your team is still working remotely, can they access company data securely and without compromising compliance? What other kinds of disasters might your organization face? A VCIO creates contingency plans that prepare you for all situations.

A virtual CIO partner is an invaluable asset to your business. At FIT Solutions, our VCIO services are bundled with our managed IT services, providing you with both the technology and the high-level consulting you need to achieve a steady growth path. Give us a call at 888-339-5694 or contact us today to see how a VCIO can benefit your organization.

Measuring KPIs: Do Your Actions Align With Your Vision?

From the FIT Leadership Team

We always strive to be fair, both to our clients and to our employees, and to create the best environment in which to work. We also strongly believe in bringing what makes this team wonderful to more businesses without compromising on quality. To accomplish that, we need to grow—both in quantity and quality.

As some of our most senior employees will tell you, FIT Solutions has always been on a growth trajectory. From our ‘garage-operation’ days until now, we’ve consistently looked for ways to grow and improve. There is no point where you have nothing left to learn or improve, so as the leadership team, we try to set an example of taking in knowledge, seeking out counsel and coaching, and holding ourselves to a higher standard every day.

As part of that constant refinement process, over the last year we’ve put increased focus on strengthening the foundation of our organization: our vision, our mission, and our core values. These make us who we are as a company, shape our team, and define more clearly our passion for solving business problems for our clients. Having the entire team on the same page when it comes to where we’re headed and how we plan to get there has been of immeasurable value.

With growth, though, often comes growing pains. We do our best to take these as the positive indicators they are of movement in the right direction. One of our core values is to stay humble and adaptable. The humility is essential to recognize where we have room for improvement, and the adaptability is vital to survive and thrive in an ever-evolving technological landscape. Those qualities are what move us to seek out opportunities to better ourselves as leaders, as partners, and as problem-solvers.

Over the past few months, we’ve been examining how we track and achieve goals within our organization. Exercising that core value of humility helped us to identify the need for an adjustment.

As humans, what we believe in and what we care about don’t always align with our behavior. For example, we may be interested in being healthy, and we may believe strongly that being fit or exercising regularly is important for good health—but are we acting in harmony with that belief? Do we take regular, methodical action to improve our diet or exercise routine? This is not always the case.

Similarly, the things we believe in at FIT—growth, adapting, creating the best environment—are not always evidenced by our actions. To be clear, we’re not talking about our team! We love our people and are very proud of everything they do. Rather, what we’re discussing here is a commitment by us, as the leadership team, to align our actions more closely with our vision.

Successful sports teams are often spoke of as being “tight”: operating like clockwork, moving efficiently and effectively, not wasting time or energy on actions that don’t align with the ultimate goal of winning. A team gets “tight” when its coach sets clear expectations and motivates his players to meet and exceed these goals. Why are the best athletes drawn to such a coach? Because through that guidance, players are able to achieve far more than they thought possible. A great coach helps athletes refine their skills and makes a workable environment for improvement and success.

Setting clear expectations and goals for our team members dignifies each individual and allows for constructive conversation. We encourage each employee to make a habit of regularly writing down their goals—personal, professional, and financial—and discussing these with their team lead in 1×1 meetings to see how FIT can help them reach those goals.

In line with this, we are introducing new KPIs, or key performance indicators, for each department and team. We already have some KPIs in place, but they are not always closely aligned with our vision and with the specific goals of each department. Returning to our sports example, the entire team may follow a common workout regimen. But if the quarterback’s goal is to get more touchdowns, and we know that running sprints gives him an edge on the field, then having him run sprints is in harmony with that goal. At first it may feel uncomfortable or difficult, but with practice, it becomes habit, improving his on-field performance.

At the end of the day, our ultimate goal is to do right by the people that depend on us—our clients and partners, our employees and their families, and our clients’ employees and families. In everything we do, we keep in mind the responsibility that we have towards this multitude of people.

If you are looking for an elite IT partner that is committed to catapulting your business to success, give us a call today at 888-339-5694.

“I’ve Got an IT Team; Why Do I Need a Managed Service Provider?”

We hear this from organizations pretty often; they have an internal IT resource, so they find it hard to justify partnering with a managed service provider, or MSP. Often, this is because people think that an MSP is designed to replace their IT department. However, an MSP can also be used as an extension of your internal team to support their work.

Why Does Your IT Team Need Support?

In short, it’s often impossible for small IT teams to have every specialization required by today’s ever-evolving technological landscape. Even the best engineers can’t be experts in everything; there’s just too much information out there.

This means that new projects and initiatives often require extensive research, trial and training before they can be completed. But your team’s day-to-day is already filled with end-user requests, operational maintenance, outage resolution and everything else they do to keep your business running smoothly. Keeping up with your business’ immediate needs is a full-time job, which forces your internal IT team to be primarily reactive, rather than proactive.

How an MSP Can Help

A managed service provider becomes an extension of your existing team, supporting them in these critical areas:

  • Filling knowledge gaps: We have 25 engineers, supporting a user base of about 7,500 across different industries and verticals. With this exposure, we’ve gained expertise on about a hundred IT enterprise toolsets and processes, making us a valuable and extensive knowledge base for your team.
  • Automating operational tasks: Automation of tools and processes covers a wide range of business operations, from managing desktops and alerts to installing upgrades and applying patches.
  • Increasing efficiency: By automating, documenting and streamlining your environment, we help IT departments increase their efficiency by 40%.
  • Access to enterprise-level toolsets: Enterprise-level toolsets for documentation, network monitoring, ticketing, and patching are usually prohibitively expensive for a small-to-medium-sized business. As an MSP, we’re able to leverage economies of scale to help businesses not just afford these toolsets, but also get the most out of them.
  • Project Support: Since your IT team is busy with the day-to-day tasks, there is little time to research and accomplish different projects for your organization. By automating tasks and providing expert support, we make everything else easier so your team can focus on those projects.
  • Proactive Technology Business Planning: We look for ways to apply technology to improve your operations, reduce costs, and boost efficiency. Every quarter, we put together a customized Technology Business Plan, which looks at your current environment and where improvements can be made while keeping within your budget. In fact, many of the recommendations don’t cost anything.

If you’re ready to take your department to the next level by partnering with a managed service provider, call FIT Solutions today at 888-339-5694 or email us here.

Why Firewall and Antivirus Aren’t Enough to Secure Your Business

“I have a firewall and antivirus, so I’m secure, right?” We hear this question from companies all the time. The answer is, that’s a great start, but you’re not quite done. Why not? To find out, let’s take a closer look at these two security measures.

What Does a Firewall Do?

A firewall is a program on your network that acts as gatekeeper, monitoring the inbound and outbound traffic. If you think of your business like a bank, the firewall would be like the security guard stationed at the entrance that prevents unwanted intruders from entering. That sounds like a pretty good system, until you consider a few drawbacks of firewalls.

  1. Firewalls operate based on predetermined rules. If someone figures out what those rules are, it’s not that hard to outsmart the firewall. In our bank example, your security guard may be instructed to turn away anyone in a red hat. Knowing this, the intruder wears a blue hat instead and is allowed to enter.
  2. A firewall is a reactive, problem-by-problem solution. It reacts to the immediate threat; it doesn’t look ahead to see the next approaching threat. The effectiveness of your firewall depends on those preset rules to block attacks, so if you’re not proactively watching the latest cyberthreats (and installing regular updates), it can’t fully do its job. This can leave you vulnerable to viruses or other cyberthreats.
  3. Your firewall protects your office network. If your employees access work emails or files from their personal devices, they can take that data outside of your company network. This has become a bigger threat with the recent pandemic-driven increases in work-from-home arrangements. Pandemic aside, though, if your employees conduct work outside of the office, perhaps using hotel Wi-Fi on a business trip, your company data could now be exposed on an unsecured network—where your firewall can’t protect it.
  4. Firewalls can’t stop user error. Criminals have a whole gamut of tricks for penetrating your system. Social engineering and phishing attacks in particular can completely sidestep your external defenses by targeting internal users. If one of your users unknowingly clicks a malicious link, your entire network could be shut down.

Does this mean you shouldn’t use a firewall? Absolutely you should; having a security guard with limited power is better than having none at all. We just want to make it clear why businesses shouldn’t entrust the safety of their data solely to their firewall.

What About Antivirus?

Antivirus is software that can prevent, detect, and remove malware. In our banking example, this would be like another security guard that makes regular rounds inside the bank, looking for suspicious activity. There are different kinds of antivirus software:

  1. Malware signature antivirus: This type scans for the digital fingerprint of a malicious program, known as a signature. The antivirus software comes preloaded with thousands of signatures, allowing the software to quickly identify and dispose of a threat that matches one from its database.
  2. System monitoring antivirus: This software identifies malware by looking for suspicious or unusual behavior—for example, if a user tries to access an unfamiliar website, or starts using significantly more data than usual.
  3. Machine-learning antivirus: Machine-learning pools data from multiple antivirus programs to recognize threats that it hasn’t seen before—an advantage over signature-based antivirus.

Given these abilities, why does antivirus not cover all the bases?

  1. Signature-based antivirus can only protect you against the threats that were programmed into it. It has no defenses against new threats or zero-day exploits.
  2. There are plenty of free antivirus software programs out there, and, while better than nothing, their database of malware signatures to check against is usually quite small. This drastically reduces the amount of threats it can protect you against.
  3. Antivirus doesn’t protect users against phishing attacks. A 2020 report by Check Point Research found that 65% of US organizations suffered a successful phishing attack in 2019—that’s two out of every three businesses!
  4. Most users don’t have antivirus on their phones or tablets, potentially leaving their device—and your network—vulnerable to attack.
  5. Cybercriminals represent the dark side of human ingenuity. They’re creative, constantly looking for new ways to get around your antivirus and firewall defenses. Even machine-learning antivirus software relies on combinations of data points. If an attacker figures out what combination will alert your antivirus to his presence, all he has to do is change one data point to trick it into marking him as legitimate traffic.

What You Can Do

  1. Update your firewall and antivirus regularly. Software patches and updates serve to reduce your system’s vulnerability and increase your software’s ability to identify and repel attacks.
  2. Develop a multi-layer security program. To return to the bank illustration, which bank would you trust with your money? A bank with one aged security guard? Or one with a whole patrol of security guards, cameras, alarm systems, biometric locks, and a dedicated monitoring team? Every security measure you add—SIEM, traffic analyzer, log management, SOC services, etc.—makes your organization that much stronger and more secure.
  3. Provide regular awareness training for your employees. Modern phishing and social engineering attacks are very sophisticated, and can be hard to identify. Just like your firewall and antivirus need to be updated frequently to stay effective, so does your team. A structured training program, either monthly or quarterly, can help your team recognize and repel attacks on your network.
  4. Don’t ‘set it and forget it’. Overconfidence or the feeling that you’ve already taken steps to defend your network can lull you into a false sense of security. Criminals are constantly testing new attacks, which calls for constant vigilance on our part to keep our defenses up to date. A third-party firm can conduct a social engineering campaign or penetration test for your organization to identify areas for improvement in your network or team.

FIT Solutions provides IT services, including cybersecurity packages. If you need an IT environment that scales with you, give us a call today at 888-339-5694 or contact us here.

How IT Departments Can Automate to Increase Efficiency by 40%

Too many IT departments get bogged down in doing manual work that could be automated. The root cause? Given the workload, the IT team simply can’t get ahead of the game. The time is never there to put the required tools and processes in place, and to master the associated learning curve — which is often steep. So talented staff spends the majority of their time focusing on repetitive tasks and rote troubleshooting instead of driving the business forward.

See if any of these scenarios apply to your organization:

  • Has your company asked your IT department to do more with fewer resources?
  • Have you been forced to reduce IT headcount, but still need to perform the same work?
  • Would you like to do more with the same IT staff?

If the answer to any of the above questions is yes, then read on.

The Impact of Outsourcing IT Automation

At FIT Solutions, we have the tools, processes and resources — coupled with the experience to apply them — to automate, standardize and streamline the IT environment. The bottom line is this: IT departments can increase their efficiency by 40%.

That improvement comes from application of best-practices automation coupled with economies of scale. Consider this: FIT Solutions successfully supports approximately 7,500 client users with a staff of 25 engineers. That’s one IT person for 300 employees — a ratio that can’t be touched by even the largest organizations. This doesn’t negatively impact our level of service, however; over the last 90 days, our customer satisfaction after over 1,000 reviews averaged 98.6 out of 100!

Here are some of the tasks we take on for our clients:

  • Managing desktops, mobile devices, servers and network infrastructure using automated tools
  • Installing and maintaining automated systems for handling upgrades, managing patches and applying them
  • Implementing and configuring automated systems that alert on issues based on varying degrees of severity and criticality
  • Establishing systems for log analysis, visibility, reporting and remote access — all to speed performance analysis, fine-tuning and troubleshooting
  • Creating and standardizing documentation for addressing regulations and resolving issues

Not Just Tools — But Years of Experience Using Them

Our engineers have spent years working with a stack of best-in-class automation tools and have developed proven methods for applying them efficiently across a wide variety of IT environments. We’ve done that work so your IT staff can piggyback on that experience. Too often, IT organizations invest in similar tools, but don’t have the time to utilize them fully so the investment falls short of delivering what’s promised—or worse, becomes ‘shelfware’. We can create those efficiencies for you, and either train your staff to apply them or simply take the administrative burden off your IT department’s hands.

Does being 40% more efficient sound good to you? To learn more about how we can optimize your IT environment in a way that delivers measurable increases in efficiency, call us today at 888-339-5694 or contact us here.

Why “If It Ain’t Broke, Don’t Fix It” Doesn’t Work for IT

Let’s say you have network equipment that’s been in place for years and is working with minimal or no issues. Paying to maintain service and support on those items might seem like an unnecessary expense. Certainly that’s the way many businesses look at it when scrutinizing the IT budget and looking for items to cut. The logic to justify de-funding those contracts is pretty simple: “If it isn’t broke, why pay to fix it?” However, that is a risky position to take.

Late in 2019, a manufacturer of wireless access points announced that a number of security vulnerabilities — some with a “critical” rating — had been found in its products. They fixed the vulnerabilities in short order and distributed the fixes in the form of software upgrades to the affected products. Here’s the rub: businesses without active support contracts didn’t have access to the upgrades.

Why Service Contracts Are Vital for Critical Infrastructure

The access points in question are widely used in installations that call for reliable, widespread business-class wireless coverage. In other words, they’re an extremely critical element of the infrastructure for organizations that rely on Wi-Fi to run their business. With the prospect of a security vulnerability that would allow an intruder access and potentially bring the entire wireless network down, the seemingly minor risk of letting the service contracts lapse turned into a major risk overnight. All of a sudden, companies were faced with an unbudgeted expense. They either had to re-up the contracts for all of the controllers and access points, or else replace their entire wireless infrastructure.

The same scenario and risks apply to all manner of critical network infrastructure, including switches, routers, firewalls, VPNs and servers. Vulnerabilities are constantly being discovered and patched with updates. We often think of these devices as appliances or hardware, but the reality is, they have software inside that’s meant to be upgraded to improve performance, add features or address security problems. Those devices are at the heart of the network and hold the keys to keeping the business running.

Is the Gamble Worth It?

Many companies do take the risk of running without maintenance agreements on key pieces of network equipment. They have weighed the risks against the costs and reached the conclusion that the gamble is worth taking. While at FIT Solutions we don’t recommend this approach, we do respect that it is a business decision. We are more concerned with businesses that simply allow their service and support contracts to lapse as a cost-cutting measure, without fully understanding the risks and taking them into account.

At FIT Solutions, part of our service is knowing what the vendor policies are with regard to upgrades, support, and service agreements, and keeping track of whether your agreements are active. We use this information to help you understand the risks of running your critical network infrastructure without the benefit of a safety net. Want a true picture of these hidden risks? Give us a call at 888-339-5694 today.

Working Post-Pandemic: What’s Your New Business Normal?

We’re still in the throes of the COVID-19/coronavirus pandemic, but it’s not too soon to start looking ahead to what your future business landscape will look like. How prepared are you to get back to business under the “new normal”?

Many, many businesses made major changes in response to the outbreak. Most prominent was the shift to work-from-home models. That often involved some combination of rolling out virtual desktop infrastructure, upgrading the capacity of VPNs, moving major pieces of IT infrastructure from on-premises into the cloud, and shoring up work-from-home security to protect the business. Even businesses in sectors such as on-site retail, healthcare and manufacturing that weren’t able to move front-line workers did their best to comply with stay-at-home mandates by shifting some of the support functions.

Here’s the question: Are you ready to go back? And what will you be going back to? Back to business as usual? Back to basics, with a downscaled operation that will require a lower cost structure? And as for going “back to the office,” are you even going to go back?

The Scale of the COVID-19/Coronavirus Change

Let’s face it: We’re in the middle of the largest “work from home” experiment in history. Use of video conferencing software such as Microsoft Teams, Google Hangout Meets and Zoom shot up during March as the pandemic took hold. Metrics including total users and total minutes for these services saw growth from five to 25 times their pre-pandemic levels as businesses, schools and other organizations took their work home with them.

While the outcome of the experiment is still unknown, a survey of CFOs at large enterprises indicated that three-quarters are going to shift some positions to permanent work-from-home arrangements after it all shakes out. A few (4%) said they will turn half of their workforce into remote workers.

What about smaller businesses? Sadly, some are not going to survive multiple months of lost business. They already have shuttered or will soon shutter their doors for good. Others will be restarting the business amid what will likely be a down economy, will need to get by with less income on the balance sheet, and will have to take a very hard look at their capital expenses and operating costs.

Out of Pandemic Chaos, Comes Opportunity

A sea change like this, as disruptive as it’s been, also forces us to take a fresh look at things and ask some new questions. So why not use it as an opportunity? Consider the following:

  • Should you extend your work-from-home arrangements after the pandemic and make them permanent? If workers were equally or more productive working from home and liked the arrangement, would you profit from higher satisfaction and retention, and could you cut your real estate costs?
  • Is it time to move more of your data and applications into the cloud? If you were sitting on the fence about the cloud before, the COVID-19/coronavirus experience should have erased most of your doubts. The cloud proved it could scale, and in many ways it’s easier to secure. Moving more workloads to the cloud could slash your costs for maintaining computing infrastructure.
  • Could you get a better deal on your communications? If you’re going to support more work-from-home arrangements or rely more on cloud infrastructure, you might need higher-capacity connections. You could very likely get higher bandwidth for the same money. Or, you could slash your costs for Internet connectivity and telephone service by taking a fresh look at your connections. There are companies that are in the business of brokering to get you the best performance for the price, and it’s well worth having them investigate for you.
  • Could you get the same functionality with fewer vendors? Items like multifunction printers and networking equipment, servers, software licenses and communication contracts all sourced from multiple vendors are time-consuming to deal with, from an IT management and financial perspective. When you ‘right-size’ for the new normal, can you consolidate to fewer vendors at the same time?

At FIT Solutions, we can work as an adjunct to your IT department, putting to use our extensive experience cutting costs and improving IT efficiencies for hundreds of companies. Would you appreciate some efficiency-improving, rightsizing, cost-cutting help with your post-pandemic planning? Give us a call at 888-339-5694 or email us today.

Small Businesses: Does the CCPA Affect You?

The California Consumer Privacy Act (CCPA) went into effect January 1, 2020. This law deals with the right of consumers to know or even control how their personal information is used by organizations. For businesses that collect such information from consumers, this represents new burdens.

Do I Have to Comply with CCPA?

The CCPA comes with certain thresholds that may exclude some small or medium businesses from compliance requirements. What are these thresholds? You’re on the hook for compliance if you are:

  • Are a for-profit business operating in California
  • Collect personal information from consumers
  • Exceed one or more of the following:
    • Buy, receive, sell or share personal data from 50,000+ devices, consumers, or households
    • Have gross annual revenues of over $25 million
    • Sales of California residents’ personal data represents 50% or more of total annual revenue

I Don’t Meet the Thresholds, So Why Should I Worry About CCPA?

The CCPA is the most extensive privacy law ever passed in the US. Other states are taking a page from California’s book and are considering or have already passed similar legislation. Plus, the possibility of having different standards instituted across multiple states could result in the enactment of a privacy law at the federal level. So even if the CCPA does not currently affect you, it will eventually.

Looking at the legislative climate, given the CCPA and likelihood of more laws like it coming soon, it’s clear that there is an increasing recognition of the need for businesses to handle consumer data responsibly, for consumers to have the right to determine how that data can be used, and for businesses to protect consumer data against theft or loss.

What is “Reasonable Security”?

Part of the CCPA revolves around an organization’s responsibility to protect consumer data against theft or loss, like through a data breach. If a business fails to implement reasonable safety measures, resulting in a breach, they may be liable to pay penalties of $100-$750 per consumer per incident, or even higher. What would count as “easonable security” measures? The CCPA does not specify, but some legal experts refer to the state attorney general’s words in the California 2016 Data Breach Report:

“The 20 controls in the Center for Internet Security’s Critical Security Controls define a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.”

These CIS Controls are comprised of a set of 20 broad categories of action, each of which contains subcontrols in the form of specific tools and practices. These subcontrols vary based on the sensitivity of the data you’re protecting, the size of your organization, and the extent of your IT resources. Together, these controls form a defense strategy against breaches and cyberattacks.

We recommend that companies of all sizes take a look at the CIS Controls—especially if you’re at or near a threshold for CCPA compliance. At FIT Solutions, we use CIS Controls and other security frameworks, like NIST, to follow best cybersecurity practices for our clients. Contact us or call 888-339-5694 for help in strengthening your organization’s defenses.

How to Quickly — and Securely — Enable Work-From-Home

In response to current events, your business may be faced with the challenge of quickly putting a work-from-home program in place for your employees. Here’s the hard part: those employees will be largely on their own, with varying degrees of technical knowledge, connecting from their own home networks and accessing corporate data and resources. You need not only to get them connected, but equip them to work productively, with ample security in place so you don’t put your organization at unnecessary risk.

Considering the Alternatives

The best-practices approach — under normal circumstances — is to distribute preconfigured corporate-owned laptops. Aside from the expense, time might be the bigger issue in our current situation as businesses everywhere are rushing to equip remote workforces. Currently, the time from order to delivery of new laptops is around 15-30 days, for some suppliers.

A tempting short-term fix is to allow employees to connect to corporate resources directly using their own personal home computers, laptops, or tablets. However, this exposes corporate assets to a wide variety of risks that are outside of your control. These risks include outdated or insufficient endpoint protection, access of confidential data by others in employee households, and rogue devices on a poorly secured home network — among other threats.

The Right Technology, Right Now: Virtual Desktop Infrastructure

Virtual Desktop Infrastructure (VDI) is a widely used remote access approach with many advantages. With VDI, employees use their personal devices to access a virtual desktop — a computer that they control remotely. They view the screen, and control it via mouse or keyboard. The approach is much less expensive than provisioning and distributing laptops, and far more secure than a direct connection. With VDI, business owners can:

  • Provision remote access for tens or hundreds of users cost-effectively with a cloud-hosted solution
  • Allow secure access by a wide range of employees’ personal devices, from home PCs to laptops and tablets to smartphones
  • Tightly control access by combining standard login credentials with multi-factor authentication (MFA) to guard against weak or compromised passwords
  • Keep corporate data off of personal or public networks — the corporate data only appears superficially onscreen, and never actually enters or is stored on the user’s personal device
  • Provide a familiar environment and business access —the virtual desktop can be configured to look and behave exactly like an office-based system, with access to all corporate applications and data stores, productivity, email and collaboration software

At FIT Solutions, we can quickly set up a VDI for your employee remote access. It is housed in our data center in a private cloud, with all essential security measures provided. We connect the virtual desktops to any applications or data you need, whether those are in another public or private cloud, or in your own data center with access protected through a secure point-to-point VPN.

Have questions? We have the answers. For more information or to get started right away, give us a call at 888-339-5694. We’re also offering a free Remote Workforce Readiness assessment, which you can find here.

Get in touch.

Fill out the form and our team will get
back to you as soon as we can!