- August 31, 2023
- Catagory remote work
With remote work here to stay, robust access management is a lynchpin for your security.
And while employee education around security hygiene is more important than ever, training is not enough when it comes to safeguarding the organization against threats that are even more pronounced with remote work. No matter where your employees are working, access management is critical for minimizing and mitigating security threats, especially those caused by people, either due to human error or malicious intent.
More attack surfaces increase chance of unauthorized access
With the rise of cloud computing and the proliferation of endpoints, including smartphones and laptops, the attack surface of every organization has widened significantly and it’s up to your IT team to protect it – that means tracking and protecting every device that connects to your corporate network and accesses sensitive business information.
But even with all the security tools in the world and policies to govern remote work, threat actors continue to exploit human perfection to gain access to systems – you must secure people just as much as you secure your IT infrastructure.
Access management is an essential tool for warding against common techniques for gaining unlawful entry into IT systems like phishing and other social engineering tactics that exploit the people using software and various devices for workplace productivity. No matter how well trained, people are the weakest link, in part because they are unable to keep up with the pace of technology.
If you are to account for the human factor, you need robust access management, especially as passwords have proliferated. It’s hard for people to keep up with the sheer number of passwords they must remember to accomplish their tasks at work, so they take shortcuts. They use the same passwords for multiple platforms, and they keep them overly simple so they’re easier to remember. Employees may even install their own password managers without understanding the best practices necessary for using them effectively and securely.
Combating “password fatigue” means you need a smart approach that allows streamlined access for employees without compromising security.
Access management must be streamlined for everyone
Access management isn’t a new concept – single sign-on (SSO) is a common approach to enable employees to quickly access applications, data, and resources to get their work done. But these solutions must scale up as attack surfaces widen and catch up to the reality of the hybrid workplace.
It must also be simple and straightforward to use, otherwise employees will find workarounds and your organization will be back to square one.
If you want to reduce the burden on your IT team, you need a comprehensive access management solution that will be easy for them to manage. Any platform you adopt should provide you with centralized management of access and passwords that’s simple for you IT people to manage while also being intuitive for end users – if it’s easy for them, they won’t find ways around it, and better security habits will be the result.
An effective access management platform accounts for human behaviour while also keeping pace with the modern hybrid workplace.
- July 12, 2023
- Catagory productivity
The right tool for the right job matters in a hybrid workplace – not only do those returning to the office expect to have the right applications to be productive, but they want the right remote tools when working from home.
In fact, a new study by Atlassian found that employees want remote work tools rather than in-office mandates, and half those who employees who work remotely rather than the office say they don’t have the remote tools they need. The study also found that in-office mandates are unpopular with employees.
These finding are based on survey responses from 1,000 knowledge workers in the United States and Australia. More than two thirds work remotely at least once per week, but only just over half of those remote workers said their employer provides them with remote tools for collaboration. Of those who are provided with remote tools, 26 per cent said those tools aren’t necessarily right for their job or they can’t be effective with those collaboration applications because they don’t have sufficient training.
The Atlassian report noted that the lack of productivity reported by employers is not the fault of remote work – as employers claim – but that they aren’t providing the right remote tools to make offsite, distributed employees as productive as they can be.
Atlassian also noted that the companies that have issued back-to-office mandates have generally not provided hard data that demonstrates employee productivity has declined, and that there is research to show that workers feel more productive when working from home.
But there is conflict between companies and their employees over in-office mandates along with fears of operation silos and a feeling from employees that they are not being supported. This conflict isn’t going to be resolved by forcing people to go back to the office, given that in-office mandates aren’t popular, according to Atlassian. Its survey found that 92 per cent of respondents said they have some form of “in-office mandate,” while 46 per cent are going into the office because their company mandates it, not because they want to.
The survey also found that even in those companies where employees are given a choice, a quarter of respondents feel pressure to go into the office, while 10 per cent worry that they will be perceived as less productive or not adequately committed to their work if they opt to work remotely.
Meanwhile, S&P Global’s 2022 Voice of the Enterprise: Workforce Productivity and Collaboration survey echoes the Atlassian findings and that most employees would prefer to work at home some of the time and that productivity hinges on having the right remote tools.
The consensus appears to be that there’s no going back to the pre-pandemic days of everyone being in the office five days a week. Now matter where employees work, they need the right tools, and ultimately the focus should be on productivity, not hours spent in the office.
A managed service provider is ideally equipped to help you optimize your distributed workforce so you can deploy the right remote tools while maintaining a strong security posture.
- January 31, 2023
- Catagory remote work
If you haven’t fully adjusted to the era of remote work, your IT team leader has something to say about security.
According to a new Cisco Systems survey, the increasing number of employees working remotely today – even as some employees head back to the office – is stressing out both business leaders and those responsible for security, and a big culprit is unregistered devices.
The Cisco survey found that 84% of 6,700 respondents, including 81% of the 300 Canadian respondents, found that working remotely has increased cybersecurity risks to their organization, and nearly a percentage of respondents cites unregistered devices used by employees in support of remote to be the likely cause of security incidents. Unregistered devices might include laptops, tablets, and smart phones, the survey said.
In general, Cisco found that in the early days of the pandemic when the sudden shift to remote work occurred, security became an afterthought, as noted by a Cisco exec interviewed by IT World Canada. The reason security tends to take a back seat when employees work from home is that they want a similar experience to working in the office, but they don’t want security controls that make it harder to do their jobs. In addition, remote work isn’t just about working from home – employees now want the option of working anywhere.
Meanwhile, the International Association of IT Asset Managers (IAITAM) has similar concerns about the impact of remote work on organizational security, echoing the Cisco survey’s observation that security wasn’t top of mind when the initial rush to remote work occurred in March 2020. Not only are personal devices being used by remote workers to access the corporate network contributing to security issues, but there’s also “low-tech breach” danger if organizations don’t have proper IT asset disposal procedures, IAITAM warns.
Not having a proper asset disposal program for computer hardware is just as important for remote work security as having a strategy for warding against employee errors, rogue employees, errant third party vendors, and outside hackers, advises IAITAM. Any asset disposal program should include certified data drive sanitation or destruction, and robust tracking of the disposal process so that data thieves aren’t gaining access to mission critical business information.
Monitoring the lifecycle of computer hardware used for remote work can be especially complex if they include personal devices, but asset management is critical to any organization’s security strategy. If you don’t a program in place, consider consulting your managed service provider for support.
- January 17, 2023
- Catagory remote work
At the risk of sounding like a broken record, remote work isn’t going away, so you need always be mindful of some core security measures that protects what looks to be a perpetual hybrid workplace.
These measures are both technical and cultural in nature – your people are just as critical as the security technology you deploy to accommodate remote work.
The most obvious step you can take on the technology front is to regularly update and monitor your network security. This includes applying the latest security patches and upgrades to all devices, including updates to operating systems as well as keeping your antivirus and antimalware programs current. Don’t forget hardware updates such as those for your routers and switches, either.
A strong technology foundation is critical to remote work security and should also include secure VPN access for any employee working outside the office, as well as multi-factor authentication (MFA), both of which lay the groundwork for creating a Zero Trust environment. Also essential are tools for monitoring your environment so you have a complete understanding of what’s connected to your infrastructure, whether it’s devices that support remote work or other devices and services, including internet of things (IoT) devices. You should be able to interrogate the network so you can know for certain how every connected device behaves at the packet level.
In the era of remote work, MFA is a must have, and illustrates how critical the intersection of technology and people is to security. Employing MFA recognizes that even the best passwords can be broken and that the users who select and use them make mistakes. This is where employee education comes into play so all users, remote or otherwise, understand good password etiquette and the benefits of adding another layer of security with MFA.
User education is also the best defence against phishing emails, which remain the most common threat to your sensitive data. The upheaval of the pandemic has made for good cover for threat actors who send convincing emails that open the door to malware and ransomware.
The culture of your organization has always been critical for maintaining robust security, and the sudden switch to remote work was a stark reminder of that. Even as many employees return to the office, it’s a great time to remind your entire team that remote work requires the same level of attention to best practices around storing and security mission critical data.
The return to the office should also be seen as an opportunity to take another look at your entire security strategy – consider tapping into the expertise of a managed service provider to help you re-evaluate and refresh your technology and best practices.
- September 15, 2022
- Catagory IT management
If you’ve got employees coming back to the office while still allowing staff to work from home, you’ve created a hybrid office environment that can create challenges when onboarding staff, providing ongoing support, and securing a vast array of endpoints.
In some ways, having everyone work remote is more straightforward – when you have employees coming and going from the office, the environment becomes even more dynamic because the definition of hybrid work can vary depending on how you manage it and company policy. Consider the different scenarios:
- The “at-will and remote-first” approach means employees are empowered to prioritize working remotely
- An “office-first” policy falls at the other end of the spectrum and resets the organization to pre-pandemic norms
- “Split weeks” mean days are assigned as either remote or office-based according to a schedule while certain employees might be assigned to be in the office on a week-by-week basis
- Some organizations are designating who must be in the office and who can work from home on a team-by-team basis
No matter what you choose, a hybrid work environment reinforces the need for a cloud-first approach for business applications and robust cybersecurity. You also need to support collaboration for remote workers and those who opt to be back in the office – and everything in between. A hybrid approach may also mean people no longer have assigned workspaces – hotdesking adds complexity to workstation support and endpoint security, which should always be a high priority. Employees who are on the move risk bringing threats to the office with them.
The emergence of the hybrid office comes at a time when threat actors are upping the ante and exploiting as many attack surfaces as they can – it’s can be difficult for your IT team to keep on top of everything and it takes time away from more strategic initiatives such as digital transformation.
Even before the pandemic and shift to remote work, your IT team was under a lot of pressure to secure infrastructure and protect customer data. If you haven’t already turned to your managed service provider (MSP) to help you bolster cybersecurity, a hybrid work environment should be your tipping point. They can take charge of many security tasks that can otherwise bog down your IT staff, such as overseeing antivirus software and firewalls, and even identity management for all workers, no matter where they decide to work.
If your MSP is helping you with a cloud-first approach, they’re able to monitor your end-to-end infrastructure, including every workstation in the office or at an employee’s home office. They can take charge of onboarding employees so they can access business applications from anywhere and deliver security training services.
Getting a handle on what the hybrid work environment means for your business and relevant IT requirements is an excellent opportunity to expand your relationship with your MSP. Not only can they securely provision and manage the services you need, but also help you better understand your workforce in this new, dynamic landscape so you can enhance service delivery to your customers and maximize employee productivity.
- July 14, 2022
- Catagory remote work
We’ve already talked a lot about the benefits of zero trust for securing your organization, but if you’re a small or medium-sized business looking at how to implement zero trust, it can be easy to get overwhelmed.
Your managed service provider (MSP) can be a great resource for implementing zero trust, and all things security, too. And while zero trust can greatly improve your security posture, it’s not the only thing you should be doing.
Implementing zero trust requires technical expertise and dedicated IT staff, and you’ll increase your odds of success if your break down your implementation in smaller, more manageable tasks. Different security vendors offer different frameworks, but regardless of the cybersecurity tools you deploy, implementing zero trust can be broken down into four elements:
- A system for tracking everyone on your network, their location and what applications and data they are accessing
- Selecting security tools, including next-generation firewalls, intrusion detection systems, and identity access management
- Comprehensive guidelines that outline who can access your network and resources, when and from where
- Network monitoring capabilities that track and log all traffic, both external and internal, that can establish a baseline to make it easy to spot suspicious activity and remediate it
A zero-trust model will greatly reduce your overall risk by limiting the impact and severity of a cyberattack. Even if you fall prey to an attack, implementing zero trust will reduce the cost to your business, including penalties related to regulatory compliance. Zero trust also increases visibility for your IT staff because it enables them to see who is on the network and granularly segment access – even employees are strictly managed to only access resources that are related to their responsibilities. In addition, what they are allowed to access requires multifactor authentication.
Implementing zero trust shouldn’t be your only strategy for securing your organization, but it has a high success rate of mitigating the damage caused by threat actors, especially social engineering attacks. A managed service provider can help you get started with the four key elements of zero trust as well as determine what other tools and polices can improve your security posture.
- May 12, 2022
- Catagory remote work
The pandemic has been a challenge from security perspective, but it can also be viewed as an opportunity to review your best practices, your cybersecurity tools, and the role of a managed service provider.
The move to remote work two years ago was quite sudden, and left many organizations caught off-guard. If they were in the process to moving to more cloud-based services, the pandemic accelerated that migration. It also brough to light security challenges that could not be ignored because the number of endpoints suddenly grew exponentially with the bulk of their employees working from home.
As Dell’Oro Group Mauricio Sanchez recently pointed out in a blog post about the top five demands and challenges faced by CISOs, the massive disruption of pandemic compounded the rate of technology and threat change, and provided an impetus for looking at security problems in new ways and drove investment that would not have been possible in a non-pandemic environment.
While small and medium-sized businesses rarely have a C-level executive in charge of security or even a CIO, there are lessons they can take from observing the cybersecurity trends affecting large enterprises.
Sanchez notes that the security vendor landscape is highly fragmented, so if a CISO is trying to sort through many options, don’t feel bad as an SMB if you’re feeling a little lost about what to implement and who to work with.
It’s important not to be tempted by new and shiny security products simply because they are new and shiny. The products and services you choose should be guided by an understanding of what needs to be protected in your organization, both on-premises and through your distributed workforce. Vendors do have a role in helping you secure your organization by developing security controls and technologies that will benefit you, but bi-directional communication essential.
For smaller organizations, it’s often best to engage with a managed service provider who can keep abreast of the rapidly evolving landscape of threats and available cybersecurity products. They can help navigate the options, evaluate your current security posture, and implement and manage what works best depending on the nature of your business.
Consider Zero Trust, but remember it’s a strategy, not a product
The shift to remote work has given Zero Trust increased traction, but whether you’re a big enterprise with a CISO or a smaller organization with limited IT resources, don’t confuse tactics and strategy.
As Dell’Oro’s Sanchez notes, Zero Trust is a valuable strategy but it’s not a product you can buy. Having a coherent strategy and understanding what needs protected will help you avoid wasting your IT budget on products do very little to improve security. Simply buying “zero trust” product could create a false sense of security, he says, and ultimately lead to your business being compromised.
Even if you’re confident that they are the right fit for your organization, buying the latest and greatest security solutions only go so far if you don’t have a firm handle on the fundamentals. A managed service provider with security expertise can help you best understand how a Zero Trust strategy can be implemented, and what tools you need to support it.
- April 14, 2022
- Catagory Collaboration
If you’re an SMB who thinks a unified communication system (UCS) is a luxury for large organizations, think again.
With remote work still the norm even as employees head back to the office, having the right tools for remote workers is essential for attracting and retaining talent by offering flexibility to your team, as well as maintaining competitive advantage in your industry through efficiency and productivity.
A UCS enables distributed employees to collaborate effectively by pulling together all the communications and file sharing tools they need into a single platform, including calendaring, video conferencing, voice calling, chat and email. Together, your staff can communicate, share information, and easily keep everyone in the loop through advanced project management capabilities and cloud-based storage.
The right UCS platform will work with multiple devices, too, with an emphasis on mobile device optimization to enable employees to connect from anywhere. Your chosen UCS should balance simplicity to ensure an intuitive experience for all users while also offering advanced functionality such as one-button push to join, in-meeting chat, call-in and callback, and whiteboard capabilities.
If you’re already invested in cloud-based business tools such as Microsoft Office 365, Google Docs, and popular customer relationship management (CRM) software, you can integrate them and other software with a UCS through application programming interfaces (APIs). Any UCS should readily integrate with your existing IP network or on-premises IP telephony network.
All these capabilities and integrations might suggest that adopting a UCS is an expensive, complicated proposition best left to a large organization with an in-house IT team, but because today’s UCS solutions are cloud-based, it’s feasible and relatively easy to adopt and scale up a UCS in line with the growth of your business and headcount. A cloud based UCS streamlines ongoing management, so it’s easy to add users, devices and locations and keep an eye on all of them through a centralized, holistic dashboard.
Adopting the right UCS sets your employees up for success in an era of hybrid work, no matter where they’re working, enabling them to connect and collaborate cohesively to keep your business competitive. If evaluating and deploying a UCS still seems overwhelming, you don’t have to go it alone. A managed service provider can help you select the best platform for your needs and integrate with your existing telephony and productivity apps, as well as understand how a UCS aligns with your broader business goals.
- August 18, 2021
- Catagory Culture
It’s time to formalize the hybrid office.
While remote work has been supported by many organizations long before the pandemic, many are still flying by the seat of the pants. Businesses must recognize that not all employees will be returning to the office full time and that many will continue to expect flexibility.
Remote work can no be longer reactive
After nearly 18 months, organizations can no longer view remote work as a short-term response—it now must be done with intention if the hybrid office is to effectively function. Remote work needs to be by design to ensure better collaboration and team building that creates a culture of success. Efforts to support remote work my be strategic and company wide, and it can’t be up to individual employees working offsite to figure out technology solutions, workflows, and processes.
The successful hybrid office requires structure and consistency. The C-suite must play a role in developing a culture as well as policies the foster a healthy work environment while thinking about how technology plays a role in the employee experience so they can work independently and collaboratively.
IT must collaborate with business leaders
The hybrid office means IT teams must adapt to best support remote workers, as well as workers who may straddle both home and office environments.
This includes providing the right equipment or onboarding personal devices to ensure they can be used securely with corporate IT infrastructure, as well as revamping and automating work processes. In addition to providing the necessary collaboration technology, IT must also collaborate with every line of business and the C-suite to create a successful hybrid office culture that’s both productive and secure.
Gone are the days where a handful of employees are working from home or on the road; IT teams must assume every employee may be working remotely sometimes and contribute to providing a level playing field for all staff. While company leadership is critical to setting the tone for a successful hybrid workplace, input from employees should be included when crafting new policies and guidelines, including employee performance metrics—it’s no longer about how many hours you’re in the office.
Technology is a critical collaboration enabler
When the office is no longer where everything happens, collaboration technology becomes even more essential.
If you only just began implementing collaboration tools company-wide because of the pandemic, now’s the time to formalize the platforms that allow remote workers to be productive and work together effectively. It’s not just about videoconferencing to replicate the in-person meeting experience; you need a robust digital collaboration environment that supports efficient workflows and recognizes that people will be working asynchronously because locations and schedules will be inherently more flexible.
The hybrid office is here to stay for the long haul. A “remote work first” approach is essential for any organizations that want to maintain competitive advantage and grow their bottom line.
- May 18, 2021
- Catagory remote work
The Zero Trust model for security isn’t new, but it’s getting more attention due to the massive shift to remote work.
Also known as the Zero Trust Network or Zero Trust Architecture, it’s a model that was first created more than 10 years ago by then Forrester Research analyst John Kindervag. It has since become more mainstream thanks in part due to the evolution of security technologies, but also because remote work has made it more challenging to secure enterprise networks.
The ABCs of Zero Trust
Zero Trust isn’t just a suite of technologies you buy. It’s a security model based on the foundational belief that organizations shouldn’t automatically trust anything inside or outside its perimeter—every connection must be verified, whether it’s an endpoint, switch or IP address if the organization is to prevent breaches.
Even before the massive uptick in remote work last year, the Zero Trust model recognized that organizations already have an increasingly porous network perimeter—it was no longer a castle surrounded by a moat. The old model assumed everything already inside was cleared for access. The Zero Trust model is a paradigm shift in that it assumes everything is a threat it until it’s certified safe. It also recognizes that once a hacker gains access via a single vulnerable spot, they can easily move around the enterprise network and attain increasing levels of access.
Zero Trust combines technologies with governance policies as to segment access at a granular level, taking into account the user, their location, and other information to decide whether to authorize any user, device or application. It’s not enough to authenticate the user, even if it is the CEO or CFO, but also the device they are using to gain access to the enterprise network, and where they are physically. Even if the user can be authenticated, policy may decide that the location—a coffee shop Wi-Fi hotspot, for example—isn’t secure enough. Or, it may decide that the user can’t access the network with a personal device, only one that was issued by the organization.
While technologies such as multifactor authentication, analytics, encryption, and file system permissions all play a role in a Zero Trust architecture, governance policies and good habits are just as critical to realizing its benefits, and that includes remote work environments.
Applying Zero Trust to Remote Work
For organizations to truly benefit from a Zero Trust model in the era of remote work, the same mindset must be brought into the home.
Whether they’re accessing the Internet for work or personal reasons, users need to apply a Zero Trust approach that keeps the wrong people out. And it’s more than just security awareness training or a strong password policy. Users at home should always be questioning every interaction online, including emails and texts with links, and communications that seem out of character by the sender, even if it appears to come from an official source. Phishing attempts and other attacks rely heavily on complacency, so a Zero Trust requires vigilance out of habit.
A common threat to enterprise network security in the remote work era is sharing passwords across work and personal devices and granting access to corporate devices to family members for personal use. The average person may think this is harmless, but a Zero Trust model requires that every employee think about their behaviour from a security perspective. Careless uses of a corporate device by a family member could compromise the enterprise network and lead to a data breach.
Zero Trust means password and device sharing a no-no. Every home user should have their own separate passwords and device as much as possible, and devices should either be for personal use or corporate use, not both.
These habits and overall mindset are essential to successfully applying a Zero Trust approach to security in the organization, regardless of where employees are doing their work. Having the right technology is a critical enabler, but you need the right governance policies and employee engagement if you’re to fully secure your business.