• May 12, 2022
  • Catagory remote work

Disruption is an opportunity for improving security

By : Justin Folkerts

The pandemic has been a challenge from security perspective, but it can also be viewed as an opportunity to review your best practices, your cybersecurity tools, and the role of a managed service provider.

The move to remote work two years ago was quite sudden, and left many organizations caught off-guard. If they were in the process to moving to more cloud-based services, the pandemic accelerated that migration. It also brough to light security challenges that could not be ignored because the number of endpoints suddenly grew exponentially with the bulk of their employees working from home.

As Dell’Oro Group Mauricio Sanchez recently pointed out in a blog post about the top five demands and challenges faced by CISOs, the massive disruption of pandemic compounded the rate of technology and threat change, and provided an impetus for looking at security problems in new ways and drove investment that would not have been possible in a non-pandemic environment.

While small and medium-sized businesses rarely have a C-level executive in charge of security or even a CIO, there are lessons they can take from observing the cybersecurity trends affecting large enterprises.

Relationships matter

Sanchez notes that the security vendor landscape is highly fragmented, so if a CISO is trying to sort through many options, don’t feel bad as an SMB if you’re feeling a little lost about what to implement and who to work with.

It’s important not to be tempted by new and shiny security products simply because they are new and shiny. The products and services you choose should be guided by an understanding of what needs to be protected in your organization, both on-premises and through your distributed workforce. Vendors do have a role in helping you secure your organization by developing security controls and technologies that will benefit you, but bi-directional communication essential.

For smaller organizations, it’s often best to engage with a managed service provider who can keep abreast of the rapidly evolving landscape of threats and available cybersecurity products. They can help navigate the options, evaluate your current security posture, and implement and manage what works best depending on the nature of your business.

Consider Zero Trust, but remember it’s a strategy, not a product

The shift to remote work has given Zero Trust increased traction, but whether you’re a big enterprise with a CISO or a smaller organization with limited IT resources, don’t confuse tactics and strategy.

As Dell’Oro’s Sanchez notes, Zero Trust is a valuable strategy but it’s not a product you can buy. Having a coherent strategy and understanding what needs protected will help you avoid wasting your IT budget on products do very little to improve security. Simply buying “zero trust” product could create a false sense of security, he says, and ultimately lead to your business being compromised.

Even if you’re confident that they are the right fit for your organization, buying the latest and greatest security solutions only go so far if you don’t have a firm handle on the fundamentals. A managed service provider with security expertise can help you best understand how a Zero Trust strategy can be implemented, and what tools you need to support it.

  • March 31, 2022
  • Catagory Document Management

Assess your hybrid office for effective print security

By : Justin Folkerts

The need for printer security has waned during the remote work era, but as more employees return to the office, consider reviewing your fleet and how you’re managing it.

Protecting hard copies is especially important today given privacy legislation and other regulatory frameworks that outline how businesses must handle Personally Identifiable Information (PII), which is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) or the General Data Protection Regulation (GDPR).

Just as critical is that your employees may be printing sensitive business information, including financial data or other proprietary intellectual property that gives you competitive advantage in your industry. Many security teams today are more focused on making sure data doesn’t leak through corporate firewalls or via a remote worker, but with office life returning to normal, corporate data can be compromised or stolen in hard copy.

A managed print services strategy contributes to better endpoint security and controls access to any printed materials, which have the same potential to lead to a security or compliance breach if the wrong person gets a hold of a stack of paper that contains sensitive information.

Older printers are holding you back

An assessment of your current print infrastructure will likely reveal there’s room for upgrades. Older, legacy print technology is not only a security threat, it’s also a barrier to productivity, collaboration, efficiency.

Older devices are likely to break down more frequently, which means you’re pulling IT resources away from strategic projects for frequent break / fix incidents such print jams and toner shortages. This impairs employee productivity, too, in the form of slower outputs in terms of pages per minute. Software compatibility issues are also amplified if your office workstations are being modernized at a faster pace. Older printers are also less energy efficiency and costing you more in electricity.

High electricity consumption also means your business isn’t as sustainable is it could be. Retiring your older printers as part of a managed print assessment can help you evaluate how much you really need to print and establish greener practices to reduce waste. A more modern, efficient printer fleet can reduce paper use and improve ink and toner management, which also contributes to sustainability, as modern toner cartridges can be recycled and turned into new ones, and overall consumption can be reduced.

People will always want to print

Even organizations that are aiming for a paperless office will always have some hard copy output – accounting for human behavior is an essential part of any managed print services strategy. As offices get busy again, there’s going to be the potential for the wrong person to grab documents from a printer they shouldn’t have and walk out the door with them. So long as people are inclined to print out information in hard copy, if only for their own personal convenience, there will be a need to secure paper documents.

In the meantime, legacy print technology is costing you more money than necessary by having an impact on your budget, efficiency, productivity, and sustainability, while also posing a security risk. Just as a leaked email or hacked database can put the future of a business in a severe jeopardy and disrupt operations, so too can a stolen printed document.

A managed print services strategy beginning with a thorough assessment bolsters your endpoint security with printed output in mind.

  • October 29, 2021
  • Catagory Security

Security Policy Must Keep in Mind How People Work in the Hybrid Office

By : Sanjeev Spolia

If the hybrid workplace is here to stay, then security policy must put people first—understanding how the human element plays are role in protecting data is essential, but so is making sure any security measures don’t get in the way of their productivity.

People can be part of the problem but also part of the solution—cultural changes that go hand and hand with security policy can positively influence employee behaviours to make your hybrid office more secure.

Humans make mistakes

Quite often, people put the organization at risk and violate security policy unintentionally. Privileged users can unknowingly let their credentials get compromised, which allows threat actors to access systems and sensitive data. Although it’s usually an accident, occasionally a disgruntled employee may compromise the organization intentionally.

Human beings also fall for phishing scams, both on their personal devices and corporate workstations; in the hybrid office, this device can be one and the same. Scams that employ socially engineered malicious messages that encompass tax-themed phishing, dodgy downloads, fake payment and delivery, and invoice phishing, have become even more common during the pandemic and will likely continue apace in the hybrid office.

Some people are just plain careless, despite security policy guidance, by letting credentials lapse or not using multifactor authentication. Cybersecurity technology isn’t effective on its own without keeping people in mind. Yes, they need to be held accountable, but you must also meet them where they are. The hybrid office means your employees are moving between their work and personal lives more fluidly, including the devices they’re working in—this must be reflected in your security policy.

Remote work is here to stay

Meeting people where they are means your security policy outlines how they can help to keep their organizations securie without getting in the way of their productivity. Your security policy should assume that the hybrid office is here to stay for the foreseeable future and understand the impact of continued remote work.

IT teams must be prepared to support remote workers, who are likely to have less traditional schedules as they embrace flexibility, and adopt collaboration tools to work across different departments, including human resources as they onboard new workers who will be working remotely, on-site or a combination of both. The hybrid office has also meant a shift to “hoteling” as employees come to work a few hours a day or a couple of days week without their own dedicated workspace.

Remote work always had implications on security policy, even before the pandemic, but there has been an increase in malware incidents, data breaches and other poor security behaviors as more people work from home. Despite this spike, it’s important keep security simple for employees and engage regularly with through awareness training so they can help protect their hybrid office from threat actors.

A clear and concise security policy allows employees to be productive no matter where they are working so that security is not a barrier to productivity.

Sanjeev Spolia is CEO of Supra ITS

  • September 30, 2021
  • Catagory Security

Cybersecurity Attacks Target Remote Work Technology: Things You Can Do

By : Justin Folkerts

Remote work technology continues to be a prime target for cybersecurity attacks.

Recent research released by Tenable in collaboration with Forrester found that nearly three quarters of organizations have traced recent cyberattacks that have impacted their businesses to vulnerabilities in remote work technology. Even before the pandemic began, the traditional perimeter around enterprise IT infrastructure had become rather porous due to increased mobility of workers and cloud adoption. With a hybrid workforce that has fully embraced remote access tools, cloud services, and personal devices, that perimeter is pretty much gone.

The Tenable / Forrester research found that 80 per cent of security and business leaders say remote work has put their organizations at higher risk because IT teams lack visibility into remote employee home networks as more than half of remote workers use a personal device to access work data. This has meant three quarters of cyber attacks are targeting remote employees. Threat actors are also exploiting third-party software providers or leveraging vulnerabilities in those products, with 65 per cent respondents linking those compromises to recent cyberattacks. 

For small and medium-sized businesses, it can be challenging to invest a great deal of money in security technology and dedicated IT staff, but there several core things that can help to better protect remote work technology from cybersecurity attacks.

  • Use a Virtual Private Network (VPN): Implementing a VPN for anyone accessing corporate data and applications via the Internet provides an additional layer of security via multi-factor authentication and should be required for anyone looking to access valuable company intellectual property and other sensitive data.
  • Use complex passwords: Many employees opt for simple passwords they can remember and use them for more than one application or website, which means once a hacker guesses one of them, they have access to a great deal of private information. Since these can be difficult to remember, consider implementing password encryption software that stores usernames and passwords without the need to know what they are because the information is encrypted from the start.
  • Educate everyone: Having the right technology in place only goes so far; you need a culture where all employees understand the need for complex passwords, log in via VPNs, and recognize phishing attacks and other suspicious emails. In addition to employee training, set aside a budget for your cybersecurity team to attend webinars and other courses that help them keep up with an ever-changing threat landscape.
  • Keep everything up to date: Whether it’s hardware or software, getting behind upgrades and patches is sure fire to create vulnerabilities that threat actors will support. While much of this can be automated, you should have a program in place to verify all necessary updates are done on schedule.
  • Pick a reputable cloud service provider: A great deal of security misconfigurations that lead to data breaches are the result of connecting with the many cloud services available to businesses today. Make sure your chosen providers have a solid track record on the security front and understand what they’re responsible for securing and what must be done at your end.

Keeping ahead of cybersecurity attacks has always been a challenge and the remote work era hasn’t made it easier. Consider seeking out a managed security services partner who can help you evaluate your security posture, implement new technologies and policies, and automate where possible so that your business is a less appealing target for threat actors.

  • September 16, 2021
  • Catagory Security

Stay mindful of security misconfigurations as remote work continues

By : Justin Folkerts

Security misconfigurations continue pose to a threat to organizations, and remote work hasn’t helped. However, how you configure cloud security is just as critical as end user behaviour.  

The shift to remote work not surprisingly has led to a spike in cyber attacks just as organizations were spurred by the pandemic to accelerate adoption of the cloud. These conditions mean security misconfigurations can have an even bigger impact on overall security posture.

Threat actors are drawn to security misconfigurations

As remote work continues and endpoints flourish for other reasons, such as IoT and edge computing deployments, it’s essential to have a full inventory of all your internet-connected digital assets, whether it’s the laptops of your remote workforce or the cloud applications they’re accessing. Threat actors are working hard to compromise all your digital assets, and security misconfigurations for a single cloud application can give them an opening to gain broader access to your infrastructure.

Security misconfigurations are ultimately a form of human error, which are generally a bigger threat to your organization than technology flaws and failures. Among the ones to be mindful of are forgetting to remove unused access permissions, setting up incorrect access, or creating overly permissive rules. Even before the massive shift to remote work, network infrastructure even small and medium businesses have become increasingly dynamic with the adoption of the cloud and mobile technologies.

Having strong policies as a baseline combined with automation can help you avoid security misconfigurations that lead to costly data breaches.

Automation requires visibility

Automation is essential if you want to stay ahead of threat actors, but you to have visibility into the devices, assets, and processes before you do it.

One thing you must watch out for is shadow IT, whether it’s software or hardware. Employees or even lines of business sometimes find their own solutions out of expediency without understanding their impact and the doors that are open to hackers due to security misconfigurations. These either need to be excised from your organization or made officially part of your digital asset inventory. You need to fully understand what your inventory is and conduct regular updates, especially as remote work continues, and employees come and go.

Having the right people in place can also help you avoid security misconfigurations, whether it’s cybersecurity specialists or making sure all employees have a solid understanding of good security hygiene. However, there’s only so much internal talent development can do given all the pressures faced by an IT team today, and good security people are in high demand.

Given these challenges, you should consider tapping into the expertise of a managed security services provider that can help you evaluate your infrastructure, develop strong policies, and implement automation so you can mitigate the impact of security misconfigurations.

  • July 30, 2021
  • Catagory Security

Hybrid workplace security must account for the human element

By : Sanjeev Spolia

The hybrid workplace may be the new normal, but the high number of data breaches due to the pandemic don’t have to be. The solution is recognizing that people can be the cause of security incidents but also play a part in preventing them.

The “human element” is involved in as much as 85 percent of all data breaches, according to Verizon’s 2021 Data Breach Investigations Report. That’s actually good news—it means there are cultural changes that can be made to influence employee behaviours that will improve hybrid workplace security.

People still fall prey to scams

There are several areas where security is vulnerable because of how people behave, often without any intent to put cybersecurity and data privacy at risk.

The first is around privilege abuse, according to the Verizon study, wherein users have access to IT systems, data and applications that over time leads to compromised credentials that allow threat actors to access sensitive information. In most cases, the privileged user isn’t intentionally looking to cause their organization harm and the data exposure is accidental. However, a disgruntled employee can cause a lot of damage.

In the meantime, employees still fall for phishing scams, and the number of instances where people fall for these socially engineered malicious messages rose significantly during the pandemic, according to Verizon’s analysis. Examples of these scams include payment/delivery scams, invoice phishing, tax-themed phishing, and downloads. Remote workers are more likely to fall for phishing scams, which makes their prevention especially critical for improving hybrid workplace security.

Many data breaches are accidental, but these accidents shouldn’t be confused with carelessness, which can include credentials that aren’t regularly updated or failure to use multifactor authentication. Cybersecurity technologies only go so far without having a standard of behaviour throughout the organization. Employees must be held accountable—effective hybrid workplace security depends on culture as much as technology.

Meet people where they are

The hybrid workplace solidifies the need for every employee to do their part to foster company-wide security rather than putting on the onus on a small group of IT experts to implement and manage cybersecurity technologies. This where the human element becomes part of the solution, not just the potential cause of data breaches.

While it’s critical that remote workers do their best to secure their home office environment, it can be overwhelming for them. Communication and training go a long way to helping them develop good security habits, as well as streamlining the process as much as possible. It’s also important to remember that in the hybrid workplace not all remote employees are the same. Some are experienced road warriors and power users who innately understand they need to secure their mobile endpoints, while other users have got a tad complacent over the years because they’re always online.

Employees who have traditionally worked in offices and felt comfortable leaving their workstation unsecured for a few minutes may not fully appreciate that hybrid workplace security requires a shift in behaviour. There are also always employees who value efficiency over all else, so if they perceive security measures as a barrier to productivity, they will always find shortcuts and workarounds.

Make people part of the solution

Hybrid workplace security needs tools and processes with a short learning curve for all employees to they can be easily adopted and understood as an enabler.

Balancing the human element and technology is critical to securing the hybrid workplace due to its inherent flexibility—employees are shifting constantly between their work and personal lives throughout the day, and that includes the devices they’re working on. Each device along with the software and operating systems they’re running now fall under the purview of corporate security.

From a technology perspective, it means technologies such as Identity and Access Management (IAM) tools are more essential than ever, as are robust security protocols and employee training. However, these must be seen as an enabler, not a roadblock to getting things done. The least technologically savvy employee must be able to blend their daily task with good security habits without a steep learning curve.  

Hybrid workplace security requires the creation of a security-first culture that puts people at its centre by enabling them to improve their workflow while doing their part keep the business secure.

  • July 15, 2021
  • Catagory Security

Implement Hybrid Security for the Hybrid Office

By : Justin Folkerts

As offices move to a mix of remote and office work, hybrid security takes on a new meaning. It’s no longer just about securing public cloud services along with on-premises data centers, but also securing the hybrid office.

While many organizations want to go back to pre-pandemic office occupant levels, some are looking at easing into the return to work. The hybrid office will see fewer workers on-site at a time, with employees splitting their time between home and work. Not only do IT teams need to secure remote workers, but they must also be able to secure a workforce that’s even more dynamic. In some ways, every worker is becoming a road warrior that must be kept track of.

Keep tabs on hybrid office traffic

The pandemic brought on a very sudden shift to remote work, but the easy part was every employee was in one place all the time. The hybrid office means workers will be back and forth a lot, and the flow could be uneven and unpredictable, especially if they’re hot desking while on-site.

Hybrid security means you need full visibility and control over all traffic in both your on-premises data center and public cloud platforms, with a clear understanding who is responsibility for security and what the available tools and functions are, but with the added context that many mobile workstations are moving back and forth between two locations. Streamlining applications and platforms, and the tools need to secure the hybrid office, will help to make these traffic patterns clearer. More dashboards to stare at aren’t better.

Employee cybersecurity training and awareness remains key in the hybrid office era. Most business users are not security experts, but people are a critical factor when securing staff who can work anywhere. You need to have policies and controls to govern access to corporate applications, data and infrastructure while also making it easy for people to do their work, so they don’t try to circumvent hybrid security measures. Again, you want to reduce complexity, while still controlling access.

Hybrid security should take a Zero Trust approach

If you want to fully secure your hybrid office, consider taking a Zero Trust approach as to limit user and device access to the applications required to complete work functions.

A Zero Trust architecture assumes everyone is a threat unless they can verify their identify. Requiring employees to do so no matter where they’re working will go a long way to strengthening the security of your hybrid office. Even when employees are in the office—inside the perimeter, so to speak—robust user identification, authentication, authorization, and access permissions remain essential.

In addition to Zero trust approach, you need to always think about security in tandem with networking by leveraging SD-WAN, next-generation firewalls, and advanced routing capabilities. When your employees can work everywhere, your networking becomes a key factor in your hybrid security, just as it does in a hybrid cloud or multi-cloud environment.

Think about flexibility and the future

Many workers want the flexibility of the hybrid office, so you need to consider the future of work as part of your overall security strategy.

Connectivity is key to embracing new cloud platforms and supporting workers wherever they want to work, but it must always be paired with security. You should assume the hybrid office is here to stay and that it will guide your cloud, mobility, and security strategies. A managed security service provider can help you architect your business for the future of work and help you to secure the hybrid office at scale as technologies and threats evolve.

  • May 31, 2021
  • Catagory networking

Bolster your wireless security in the hybrid workforce era

By : Justin Folkerts

After more than a year of focusing on securing remote workers, it’s time to prepare your office for a hybrid workforce and reinforce your wireless security.

The threats to your on-site wireless security haven’t gone away and having workers who are in and out of your office post-pandemic ends means the network security landscape is just as dynamic as ever. The hybrid workforce is a stark reminder that there is no network perimeter, and you must constantly review your network security checklist—Bring Your Own Device (BYOD), the Internet of Things (IoT), and ubiquitous connectivity remain important considerations.

Secure your office for a hybrid workforce

As people come back to office, the best practices for wireless security are more important than ever, especially as many employees may no longer have a permanent office or workspace as hot desking becomes more prevalent. In addition to guests, you’ll have employees connecting to your office network on-site in an inconsistent manner with devices that are connecting a variety of other networks, whether it’s the employee’s home network or a wi-fi hotspot as it becomes possible to work from coffee shops again.

Now is a great time to review your management policy for all IT endpoints and provide refresher courses on wireless security for your staff. For some organizations, a hybrid workforce was already familiar to them before the pandemic, but for others it will be just as jarring as going fully remote. Given that you’re about to experience another paradigm shift, it can’t hurt to bring an outside partner to evaluate your current wireless security posture.

What’s in a name

A good place to start is to review your inventory of wireless routers access points.

No matter how many you have or where they are located, you should review their service set identifiers (SSIDs) to make sure they are suitably named as to be found by authorized users, but not so easy for unwanted guests to connect to because the names are obvious or remain the factory default. Your network naming should be just as well thought out password selection—avoid creating one that’s likely to help a hacker guess the network password. Rotating passwords and SSIDs can also make it harder for devices and networks to be breached, and the more unique, the better.

With a hybrid workforce, you may want to segment your network so that transient employees have dedicated wireless access points to connect to that are separate from employees who are back on-site full time. Either way, you should hide your SSID so only users who know the actual wireless network name can search it out.

Apply access controls

Even before the advent of the hybrid workforce, there was never a need for every employee to access the same network resources or devices. Just as you segment wireless router access, consider giving specific users access to specific devices such as network printers depending on whether they’re occasionally on-site or in the office everyday.

No one needs to be connected to every device in the organization, so segmenting access will limit the impact of a breach should one endpoint be compromised. At the end of the day, not all employees are equal, including post-pandemic visitors, who wireless access for their mobile devices. Adopting a Zero Trust model for wireless security can go a long way because it’s based on the mindset that organizations shouldn’t automatically trust anything inside or outside its perimeter—every connection must be verified, whether it’s an endpoint, switch or IP address if the organization is to prevent breaches.

Secure and scan everything

Wireless security demands that all access points been encrypted, and yet surprisingly, many wireless networks are left wide open, making them easy avenues for threat actors to gather sensitive information, or as a means to gateway to hack more secure systems.

No matter how stringent your wireless security, it’s often just a of time before someone or something gets past the firewall because today’s cyber threats are so persistent. The trick is to balance security with productivity—you don’t want it to be a barrier to getting things done, otherwise employees will find shortcuts around it whether they’re working at home or in the office.

If you’re feeling rusty about in-office wireless security and would like a refresher to prepare your organization for the hybrid workforce, seek out the help of a managed security services provider.

  • May 18, 2021
  • Catagory remote work

Remote Work Drives Zero Trust Security Adoption

By : Justin Folkerts

The Zero Trust model for security isn’t new, but it’s getting more attention due to the massive shift to remote work.

Also known as the Zero Trust Network or Zero Trust Architecture, it’s a model that was first created more than 10 years ago by then Forrester Research analyst John Kindervag. It has since become more mainstream thanks in part due to the evolution of security technologies, but also because remote work has made it more challenging to secure enterprise networks.

The ABCs of Zero Trust

Zero Trust isn’t just a suite of technologies you buy. It’s a security model based on the foundational belief that organizations shouldn’t automatically trust anything inside or outside its perimeter—every connection must be verified, whether it’s an endpoint, switch or IP address if the organization is to prevent breaches.

Even before the massive uptick in remote work last year, the Zero Trust model recognized that organizations already have an increasingly porous network perimeter—it was no longer a castle surrounded by a moat. The old model assumed everything already inside was cleared for access. The Zero Trust model is a paradigm shift in that it assumes everything is a threat it until it’s certified safe. It also recognizes that once a hacker gains access via a single vulnerable spot, they can easily move around the enterprise network and attain increasing levels of access.

Zero Trust combines technologies with governance policies as to segment access at a granular level, taking into account the user, their location, and other information to decide whether to authorize any user, device or application. It’s not enough to authenticate the user, even if it is the CEO or CFO, but also the device they are using to gain access to the enterprise network, and where they are physically. Even if the user can be authenticated, policy may decide that the location—a coffee shop Wi-Fi hotspot, for example—isn’t secure enough. Or, it may decide that the user can’t access the network with a personal device, only one that was issued by the organization.

While technologies such as multifactor authentication, analytics, encryption, and file system permissions all play a role in a Zero Trust architecture, governance policies and good habits are just as critical to realizing its benefits, and that includes remote work environments.

Applying Zero Trust to Remote Work

For organizations to truly benefit from a Zero Trust model in the era of remote work, the same mindset must be brought into the home.

Whether they’re accessing the Internet for work or personal reasons, users need to apply a Zero Trust approach that keeps the wrong people out. And it’s more than just security awareness training or a strong password policy. Users at home should always be questioning every interaction online, including emails and texts with links, and communications that seem out of character by the sender, even if it appears to come from an official source. Phishing attempts and other attacks rely heavily on complacency, so a Zero Trust requires vigilance out of habit.

A common threat to enterprise network security in the remote work era is sharing passwords across work and personal devices and granting access to corporate devices to family members for personal use. The average person may think this is harmless, but a Zero Trust model requires that every employee think about their behaviour from a security perspective. Careless uses of a corporate device by a family member could compromise the enterprise network and lead to a data breach.

Zero Trust means password and device sharing a no-no. Every home user should have their own separate passwords and device as much as possible, and devices should either be for personal use or corporate use, not both.

These habits and overall mindset are essential to successfully applying a Zero Trust approach to security in the organization, regardless of where employees are doing their work. Having the right technology is a critical enabler, but you need the right governance policies and employee engagement if you’re to fully secure your business.

  • April 29, 2021
  • Catagory remote work

5 Things You Can Do to Secure Remote Work Environments

By : Justin Folkerts

If you’re looking for ways to secure remote work environments, there’s no shortage of dos and don’ts.

And while there’s always a danger of impeding employee productivity with cumbersome security, there are polices and procedures that balance threat protection with efficient business operations so that you can secure remote work environments without creating barriers to getting things done. Often, it’s just as much about how you implement security, not just what implement.

Encryption should be end to end

Security implementation should never be half-hearted, which is why bi-directional encryption of data and communications is an essential enabler of secure remote work environments. Ideally, you should embrace the cloud so you can leverage a web platform that is completely secure so it’s the primary means for remote employees to get their work done. You should also use strong VPN connections to secure remote work environments. All it takes is one vulnerable employee to be exploited by a threat actor to put your entire network at risk.

Secure all devices

Similarly, all workstations and devices accessing applications and data via your network must be fully secured without any workarounds—that includes the executive team. Giving one employee a pass to use a smartphone or laptop that doesn’t adhere to security policies and procedures is a data breach waiting to happen. Take advantage of tools that evaluate the vulnerability of all devices, and make sure all of them can be managed and updated from a central location by the IT team.

Contain any breaches

Because it only takes one device or one employee to open the door to the broader network, you need to secure remote work environments in such a way where access to a single workstation doesn’t lead to wider access to other systems. Your policies, procedures and chosen tools should mitigate against a domino effect where a single intrusion via one employee’s credentials or workstation can lead to threat actors taking down other systems or your entire network.

Clearly define security policies and communicate goals

Secure remote work environments are more likely to stay secure if you clearly outline security objectives and make it easy for employees to comply. Otherwise, they will find workarounds to make their lives easier, thereby making any security policies and procedures ineffective.

Put someone in charge

Even smaller organizations should designate someone to act as their Chief Information Security Officer (CISO), even if it’s not their only duties on the IT team. The organization will benefit from someone taking point on all things security, including the selection and implementation of tools, the development of policies and procedures, and being the point of contact for both employees and the executive team.

Even if you do have an IT team member who takes on responsibility for security, you may find there’s value in getting external support to help secure remote work environments. A Managed Security Services Provider can help you evaluate your current security posture, make recommendations, and help deploy the right tools, either on a project-by-project basis or through an ongoing partnership.