- January 17, 2023
- Catagory remote work
At the risk of sounding like a broken record, remote work isn’t going away, so you need always be mindful of some core security measures that protects what looks to be a perpetual hybrid workplace.
These measures are both technical and cultural in nature – your people are just as critical as the security technology you deploy to accommodate remote work.
The most obvious step you can take on the technology front is to regularly update and monitor your network security. This includes applying the latest security patches and upgrades to all devices, including updates to operating systems as well as keeping your antivirus and antimalware programs current. Don’t forget hardware updates such as those for your routers and switches, either.
A strong technology foundation is critical to remote work security and should also include secure VPN access for any employee working outside the office, as well as multi-factor authentication (MFA), both of which lay the groundwork for creating a Zero Trust environment. Also essential are tools for monitoring your environment so you have a complete understanding of what’s connected to your infrastructure, whether it’s devices that support remote work or other devices and services, including internet of things (IoT) devices. You should be able to interrogate the network so you can know for certain how every connected device behaves at the packet level.
In the era of remote work, MFA is a must have, and illustrates how critical the intersection of technology and people is to security. Employing MFA recognizes that even the best passwords can be broken and that the users who select and use them make mistakes. This is where employee education comes into play so all users, remote or otherwise, understand good password etiquette and the benefits of adding another layer of security with MFA.
User education is also the best defence against phishing emails, which remain the most common threat to your sensitive data. The upheaval of the pandemic has made for good cover for threat actors who send convincing emails that open the door to malware and ransomware.
The culture of your organization has always been critical for maintaining robust security, and the sudden switch to remote work was a stark reminder of that. Even as many employees return to the office, it’s a great time to remind your entire team that remote work requires the same level of attention to best practices around storing and security mission critical data.
The return to the office should also be seen as an opportunity to take another look at your entire security strategy – consider tapping into the expertise of a managed service provider to help you re-evaluate and refresh your technology and best practices.
- November 30, 2022
- Catagory Managed IT Services
Implementing security technologies such as a Security Information and Event Management (SIEM) platform will only protect your organization if they are effectively managed, which is why you must consider embracing managed detection and response (MDR).
MDR isn’t a technology, it’s a service with SIEM acting as key pillar of its foundation, as well as endpoint detection and response (EDR). Delivered by a third-party service provider, it allows you to tap into cybersecurity expertise that’s in high demand and difficult to attract and cultivate internally. Your managed service provider (MSP) is a great resource for accessing MDR and a team of skilled professionals who can help you manage and optimize your security.
It’s also more proactive – security experts on staff with your service provider leverage SIEM and EDR to monitor and analyze events so they can identify dangerous threats before they can have a negative impact on your business. MDR delivered by an MSP is better able to keep up with volume of anomalous events to discern whether they will result in a serious data breach or malicious attack by a threat actor.
The most compelling reason to seek out a service provider who can deliver MDR is they can do it 24 hours a day, 7 days a week, 365 days a year. For most small and medium sized businesses, it’s simply mot feasible to staff your IT team with security experts all the time, including holidays. Even if you can attract the skilled personnel, it’s better to have them focused on more strategic IT and security initiatives. An MDR provider reduces the burden on your own people, so they have more time to breath, given all their other responsibilities.
An MDR analyst with the latest and greatest tools can better sift through the vast amounts of data being ingested from different sources and endpoints and analyze it. They are also able to understand how to automate security tools to work more effectively so they’re only handling incidents that require human intervention. Their ability to interpret data not only helps them prevent and mitigate vulnerabilities, but also prevent future attacks by applying lessons learned to make your organization more resilient.
A managed service provider is best equipped to optimize security platforms including SIEM and EDR as part of an MDR solution because they can better access and scale these advanced security tools and the necessary skilled professionals capable of using them effectively.
- November 16, 2022
- Catagory Data Protection
The cybersecurity landscape is replete with acronyms, and it can be hard to figure out which ones matter to your business. SIEM stands for Security Information and Event Management, and it’s something you should be leveraging to keep your organization safe.
Pronounced “sim,” SIEM is a software-based cybersecurity technology that gives you a single, streamlined view of your data along with your operational capabilities and security at activities to you can better detect, investigate, and mitigate threats. SIEM bolsters your security posture by providing this visibility in real-time and encompasses your entire environment, no matter how distributed – and it likely is in this era of increased remote and hybrid work.
If you’re worried that SIEM is yet another massive software deployment, there’s good news: it can be cloud-based and configured to monitor your on-premises, hybrid and cloud infrastructure while tapping into a broad array of security tools and technologies.
How SIEM works
SIEM thrives on having a lot of data sources to monitor. It ingests as much data as possible on the hunt for unusual activity that represents a threat actor trying to gain access to your systems or making trouble once they’re already in. Combined with its ability to give you a real-time snapshot of your IT infrastructure and keep logs to support your compliance obligations, SIEM gives you the ability analyze data from network applications and hardware, and cloud and software-as-a-service (SaaS) solutions — all in real time so you can stay top of threats, whether they’re internal or external.
SIEM monitors network devices such as wireless access points, routers, and switches, bridges, as well as the software running on them. It also pulls data from security devices such as firewalls, antivirus software, and intrusion detection appliances, as well as devices and activity related to remote work. Users, event types, IP addresses, memory, and processes are all monitored for signs of exceptional activity – everything from potential malware to a failed login so that any deviations are flagged for security analysts to investigate.
Essentially, your SIEM is a security command center that pulls together all event data into a single location but adds useful context for analysts so they can prioritize what to respond to and investigate. Everything is presented on dashboards, including an overview of notable events with details, risk analysis, and a workbook of all open notifications. Intelligence from users, threats, protocols, and the web are all brought together.
How SIEM helps
SIEM offers many benefits for organizations looking to improve their security posture.
It provides a high level of visibility to help your security teams see everything across your IT infrastructure, including remote endpoints. The right SIEM solution also reduces the number of false alerts, so your IT teams aren’t spinning their wheels and are able to focus on detecting and investigating actual threats. SIEM is also flexible so you can integrate it into your environment with all its unique characteristics that are driven by your industry, including any compliance obligations.
Most of all, SIEM is something your managed service provider can help you with, so you’re not faced with another onerous software deployment. They can help you select, deploy, and even manage the right SIEM solution so you can get the visibility you need to improve your security posture.
- October 27, 2022
- Catagory Managed IT Services
Today’s smart printers must be protected like any other endpoint in your organization – because most printers today are multi-function devices with onboard storage and are part of your office network, threat actors see them as a prime target.
If you’ve not thought to include your printing infrastructure as part of your overall security strategy, now’s the time – and your managed service provider can help.
Believe or not, your printer is one the most vulnerable endpoints on your network, and a hacked printer will at the very least inconvenience your users and possibly threaten your entire business. In the same way that an employee smartphone or remote worker’s laptop is a gateway to mission critical systems and information on your enterprise network, your fleet of printers represent computing endpoints that can be hacked.
Just as people used to send funny jokes via fax machines, networked printers are now the target of pranks, with hackers infiltrating through open printer ports to execute bogus test page with messages on them to let the organization they’ve been breached. More extreme examples involve hackers using unsecured printers to spew out ads and random documents no one your company wants – and wasting paper is the least of your worries.
If your networked printer gets hijacked, you should be as alarmed as if your laptop screen was suddenly filled with pop up ads. And just like your laptop – or smartphone – a printer is a great jumping off point for threat actors to sneak into your office network while your users are distracted by failed print jobs.
You may not even get any indication your printer has been compromised. Rather than bother with silly pranks, a serious hacker will use their access to move around your network until they find a way to do serious damage by stealing data or holding it hostage with ransomware. Before you realize it you’ve been compromised, it may be too late to prevent damage to your business and reputation.
But like any endpoint, a network printer can be secured by following protocols that prevent them from being accessed remotely or by unauthorized users. A managed service provider can help you audit and secure your printer fleet as part of a broader strategy to secure your IT infrastructure.
- July 14, 2022
- Catagory remote work
We’ve already talked a lot about the benefits of zero trust for securing your organization, but if you’re a small or medium-sized business looking at how to implement zero trust, it can be easy to get overwhelmed.
Your managed service provider (MSP) can be a great resource for implementing zero trust, and all things security, too. And while zero trust can greatly improve your security posture, it’s not the only thing you should be doing.
Implementing zero trust requires technical expertise and dedicated IT staff, and you’ll increase your odds of success if your break down your implementation in smaller, more manageable tasks. Different security vendors offer different frameworks, but regardless of the cybersecurity tools you deploy, implementing zero trust can be broken down into four elements:
- A system for tracking everyone on your network, their location and what applications and data they are accessing
- Selecting security tools, including next-generation firewalls, intrusion detection systems, and identity access management
- Comprehensive guidelines that outline who can access your network and resources, when and from where
- Network monitoring capabilities that track and log all traffic, both external and internal, that can establish a baseline to make it easy to spot suspicious activity and remediate it
A zero-trust model will greatly reduce your overall risk by limiting the impact and severity of a cyberattack. Even if you fall prey to an attack, implementing zero trust will reduce the cost to your business, including penalties related to regulatory compliance. Zero trust also increases visibility for your IT staff because it enables them to see who is on the network and granularly segment access – even employees are strictly managed to only access resources that are related to their responsibilities. In addition, what they are allowed to access requires multifactor authentication.
Implementing zero trust shouldn’t be your only strategy for securing your organization, but it has a high success rate of mitigating the damage caused by threat actors, especially social engineering attacks. A managed service provider can help you get started with the four key elements of zero trust as well as determine what other tools and polices can improve your security posture.
- May 12, 2022
- Catagory remote work
The pandemic has been a challenge from security perspective, but it can also be viewed as an opportunity to review your best practices, your cybersecurity tools, and the role of a managed service provider.
The move to remote work two years ago was quite sudden, and left many organizations caught off-guard. If they were in the process to moving to more cloud-based services, the pandemic accelerated that migration. It also brough to light security challenges that could not be ignored because the number of endpoints suddenly grew exponentially with the bulk of their employees working from home.
As Dell’Oro Group Mauricio Sanchez recently pointed out in a blog post about the top five demands and challenges faced by CISOs, the massive disruption of pandemic compounded the rate of technology and threat change, and provided an impetus for looking at security problems in new ways and drove investment that would not have been possible in a non-pandemic environment.
While small and medium-sized businesses rarely have a C-level executive in charge of security or even a CIO, there are lessons they can take from observing the cybersecurity trends affecting large enterprises.
Sanchez notes that the security vendor landscape is highly fragmented, so if a CISO is trying to sort through many options, don’t feel bad as an SMB if you’re feeling a little lost about what to implement and who to work with.
It’s important not to be tempted by new and shiny security products simply because they are new and shiny. The products and services you choose should be guided by an understanding of what needs to be protected in your organization, both on-premises and through your distributed workforce. Vendors do have a role in helping you secure your organization by developing security controls and technologies that will benefit you, but bi-directional communication essential.
For smaller organizations, it’s often best to engage with a managed service provider who can keep abreast of the rapidly evolving landscape of threats and available cybersecurity products. They can help navigate the options, evaluate your current security posture, and implement and manage what works best depending on the nature of your business.
Consider Zero Trust, but remember it’s a strategy, not a product
The shift to remote work has given Zero Trust increased traction, but whether you’re a big enterprise with a CISO or a smaller organization with limited IT resources, don’t confuse tactics and strategy.
As Dell’Oro’s Sanchez notes, Zero Trust is a valuable strategy but it’s not a product you can buy. Having a coherent strategy and understanding what needs protected will help you avoid wasting your IT budget on products do very little to improve security. Simply buying “zero trust” product could create a false sense of security, he says, and ultimately lead to your business being compromised.
Even if you’re confident that they are the right fit for your organization, buying the latest and greatest security solutions only go so far if you don’t have a firm handle on the fundamentals. A managed service provider with security expertise can help you best understand how a Zero Trust strategy can be implemented, and what tools you need to support it.
- March 31, 2022
- Catagory Document Management
The need for printer security has waned during the remote work era, but as more employees return to the office, consider reviewing your fleet and how you’re managing it.
Protecting hard copies is especially important today given privacy legislation and other regulatory frameworks that outline how businesses must handle Personally Identifiable Information (PII), which is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) or the General Data Protection Regulation (GDPR).
Just as critical is that your employees may be printing sensitive business information, including financial data or other proprietary intellectual property that gives you competitive advantage in your industry. Many security teams today are more focused on making sure data doesn’t leak through corporate firewalls or via a remote worker, but with office life returning to normal, corporate data can be compromised or stolen in hard copy.
A managed print services strategy contributes to better endpoint security and controls access to any printed materials, which have the same potential to lead to a security or compliance breach if the wrong person gets a hold of a stack of paper that contains sensitive information.
Older printers are holding you back
An assessment of your current print infrastructure will likely reveal there’s room for upgrades. Older, legacy print technology is not only a security threat, it’s also a barrier to productivity, collaboration, efficiency.
Older devices are likely to break down more frequently, which means you’re pulling IT resources away from strategic projects for frequent break / fix incidents such print jams and toner shortages. This impairs employee productivity, too, in the form of slower outputs in terms of pages per minute. Software compatibility issues are also amplified if your office workstations are being modernized at a faster pace. Older printers are also less energy efficiency and costing you more in electricity.
High electricity consumption also means your business isn’t as sustainable is it could be. Retiring your older printers as part of a managed print assessment can help you evaluate how much you really need to print and establish greener practices to reduce waste. A more modern, efficient printer fleet can reduce paper use and improve ink and toner management, which also contributes to sustainability, as modern toner cartridges can be recycled and turned into new ones, and overall consumption can be reduced.
People will always want to print
Even organizations that are aiming for a paperless office will always have some hard copy output – accounting for human behavior is an essential part of any managed print services strategy. As offices get busy again, there’s going to be the potential for the wrong person to grab documents from a printer they shouldn’t have and walk out the door with them. So long as people are inclined to print out information in hard copy, if only for their own personal convenience, there will be a need to secure paper documents.
In the meantime, legacy print technology is costing you more money than necessary by having an impact on your budget, efficiency, productivity, and sustainability, while also posing a security risk. Just as a leaked email or hacked database can put the future of a business in a severe jeopardy and disrupt operations, so too can a stolen printed document.
A managed print services strategy beginning with a thorough assessment bolsters your endpoint security with printed output in mind.
- October 29, 2021
- Catagory Security
If the hybrid workplace is here to stay, then security policy must put people first—understanding how the human element plays are role in protecting data is essential, but so is making sure any security measures don’t get in the way of their productivity.
People can be part of the problem but also part of the solution—cultural changes that go hand and hand with security policy can positively influence employee behaviours to make your hybrid office more secure.
Humans make mistakes
Quite often, people put the organization at risk and violate security policy unintentionally. Privileged users can unknowingly let their credentials get compromised, which allows threat actors to access systems and sensitive data. Although it’s usually an accident, occasionally a disgruntled employee may compromise the organization intentionally.
Human beings also fall for phishing scams, both on their personal devices and corporate workstations; in the hybrid office, this device can be one and the same. Scams that employ socially engineered malicious messages that encompass tax-themed phishing, dodgy downloads, fake payment and delivery, and invoice phishing, have become even more common during the pandemic and will likely continue apace in the hybrid office.
Some people are just plain careless, despite security policy guidance, by letting credentials lapse or not using multifactor authentication. Cybersecurity technology isn’t effective on its own without keeping people in mind. Yes, they need to be held accountable, but you must also meet them where they are. The hybrid office means your employees are moving between their work and personal lives more fluidly, including the devices they’re working in—this must be reflected in your security policy.
Remote work is here to stay
Meeting people where they are means your security policy outlines how they can help to keep their organizations securie without getting in the way of their productivity. Your security policy should assume that the hybrid office is here to stay for the foreseeable future and understand the impact of continued remote work.
IT teams must be prepared to support remote workers, who are likely to have less traditional schedules as they embrace flexibility, and adopt collaboration tools to work across different departments, including human resources as they onboard new workers who will be working remotely, on-site or a combination of both. The hybrid office has also meant a shift to “hoteling” as employees come to work a few hours a day or a couple of days week without their own dedicated workspace.
Remote work always had implications on security policy, even before the pandemic, but there has been an increase in malware incidents, data breaches and other poor security behaviors as more people work from home. Despite this spike, it’s important keep security simple for employees and engage regularly with through awareness training so they can help protect their hybrid office from threat actors.
A clear and concise security policy allows employees to be productive no matter where they are working so that security is not a barrier to productivity.
Sanjeev Spolia is CEO of Supra ITS
- September 30, 2021
- Catagory Security
Remote work technology continues to be a prime target for cybersecurity attacks.
Recent research released by Tenable in collaboration with Forrester found that nearly three quarters of organizations have traced recent cyberattacks that have impacted their businesses to vulnerabilities in remote work technology. Even before the pandemic began, the traditional perimeter around enterprise IT infrastructure had become rather porous due to increased mobility of workers and cloud adoption. With a hybrid workforce that has fully embraced remote access tools, cloud services, and personal devices, that perimeter is pretty much gone.
The Tenable / Forrester research found that 80 per cent of security and business leaders say remote work has put their organizations at higher risk because IT teams lack visibility into remote employee home networks as more than half of remote workers use a personal device to access work data. This has meant three quarters of cyber attacks are targeting remote employees. Threat actors are also exploiting third-party software providers or leveraging vulnerabilities in those products, with 65 per cent respondents linking those compromises to recent cyberattacks.
For small and medium-sized businesses, it can be challenging to invest a great deal of money in security technology and dedicated IT staff, but there several core things that can help to better protect remote work technology from cybersecurity attacks.
- Use a Virtual Private Network (VPN): Implementing a VPN for anyone accessing corporate data and applications via the Internet provides an additional layer of security via multi-factor authentication and should be required for anyone looking to access valuable company intellectual property and other sensitive data.
- Use complex passwords: Many employees opt for simple passwords they can remember and use them for more than one application or website, which means once a hacker guesses one of them, they have access to a great deal of private information. Since these can be difficult to remember, consider implementing password encryption software that stores usernames and passwords without the need to know what they are because the information is encrypted from the start.
- Educate everyone: Having the right technology in place only goes so far; you need a culture where all employees understand the need for complex passwords, log in via VPNs, and recognize phishing attacks and other suspicious emails. In addition to employee training, set aside a budget for your cybersecurity team to attend webinars and other courses that help them keep up with an ever-changing threat landscape.
- Keep everything up to date: Whether it’s hardware or software, getting behind upgrades and patches is sure fire to create vulnerabilities that threat actors will support. While much of this can be automated, you should have a program in place to verify all necessary updates are done on schedule.
- Pick a reputable cloud service provider: A great deal of security misconfigurations that lead to data breaches are the result of connecting with the many cloud services available to businesses today. Make sure your chosen providers have a solid track record on the security front and understand what they’re responsible for securing and what must be done at your end.
Keeping ahead of cybersecurity attacks has always been a challenge and the remote work era hasn’t made it easier. Consider seeking out a managed security services partner who can help you evaluate your security posture, implement new technologies and policies, and automate where possible so that your business is a less appealing target for threat actors.
- September 16, 2021
- Catagory Security
Security misconfigurations continue pose to a threat to organizations, and remote work hasn’t helped. However, how you configure cloud security is just as critical as end user behaviour.
The shift to remote work not surprisingly has led to a spike in cyber attacks just as organizations were spurred by the pandemic to accelerate adoption of the cloud. These conditions mean security misconfigurations can have an even bigger impact on overall security posture.
Threat actors are drawn to security misconfigurations
As remote work continues and endpoints flourish for other reasons, such as IoT and edge computing deployments, it’s essential to have a full inventory of all your internet-connected digital assets, whether it’s the laptops of your remote workforce or the cloud applications they’re accessing. Threat actors are working hard to compromise all your digital assets, and security misconfigurations for a single cloud application can give them an opening to gain broader access to your infrastructure.
Security misconfigurations are ultimately a form of human error, which are generally a bigger threat to your organization than technology flaws and failures. Among the ones to be mindful of are forgetting to remove unused access permissions, setting up incorrect access, or creating overly permissive rules. Even before the massive shift to remote work, network infrastructure even small and medium businesses have become increasingly dynamic with the adoption of the cloud and mobile technologies.
Having strong policies as a baseline combined with automation can help you avoid security misconfigurations that lead to costly data breaches.
Automation requires visibility
Automation is essential if you want to stay ahead of threat actors, but you to have visibility into the devices, assets, and processes before you do it.
One thing you must watch out for is shadow IT, whether it’s software or hardware. Employees or even lines of business sometimes find their own solutions out of expediency without understanding their impact and the doors that are open to hackers due to security misconfigurations. These either need to be excised from your organization or made officially part of your digital asset inventory. You need to fully understand what your inventory is and conduct regular updates, especially as remote work continues, and employees come and go.
Having the right people in place can also help you avoid security misconfigurations, whether it’s cybersecurity specialists or making sure all employees have a solid understanding of good security hygiene. However, there’s only so much internal talent development can do given all the pressures faced by an IT team today, and good security people are in high demand.
Given these challenges, you should consider tapping into the expertise of a managed security services provider that can help you evaluate your infrastructure, develop strong policies, and implement automation so you can mitigate the impact of security misconfigurations.