- April 25, 2023
- Catagory Security
How Good Habits Secure Remote Work
Good habits have always been a key enabler of security in the organization, and they’re an essential part of your strategy to secure remote work.
With the hybrid workplace here to stay, your employees are not just working at home – they’re more mobile than ever, which means they’re connecting to your network infrastructure from many different locations. If you’re going to let staff work in an environment over which you have little to no control, you need to instill some good habits that enable secure remote work.
This is especially true if you’re going to permit your employees to work in public spaces, such as a park or a coffee shop. The argument could made that if you’re going to secure remote work effectively, you should put limits on what employees use as their workplace.
The most compelling reason is that they will use public, unsecured Wi-Fi, making them more likely to expose critical business information and even get hacked. Employees working in public spaces should only access corporate resources online through a virtual private network (VPN), even if they are working from home. Alternatively, they can use their smartphone as a hotspot rather than use public Wi-Fi.
The laptop employees use to work remotely must also be kept up to date so it’s able to handle the latest threats. You can’t secure remote work without anti-virus / malware protection software – any computer connecting to your network must have it, and it needs to be updated with the latest patches and virus definitions to protect against threat actors looking to exploit operating system and application vulnerabilities.
Just as you need to update your anti-virus software regularly, you need to update devices frequently – they should be rebooted often the latest software patches, firmware, and security fixes applied as soon as they are available. If the employee is working from home, you should make sure they’re updating their router regularly as well and any other devices on their home network.
Keeping hardware and software up to date is a habit that’s essential if you’re to secure remote work. Similarly, you must instill best practices when it comes to passwords management. Employees should understand the necessity of creating strong passwords that are unique to each login and account they use. Where possible, look at implementing multi-factor authentication (MFA). Adopting a Zero Trust approach can also help to secure remote work because it means employees are only accessing applications and data they need to.
Technology can only do so much to secure remote work – employee habits that foster good security hygiene are essential if you’re to support a hybrid workplace and mobile workers.
- January 31, 2023
- Catagory remote work
Your IT People Are Worried About Remote Work Security
If you haven’t fully adjusted to the era of remote work, your IT team leader has something to say about security.
According to a new Cisco Systems survey, the increasing number of employees working remotely today – even as some employees head back to the office – is stressing out both business leaders and those responsible for security, and a big culprit is unregistered devices.
The Cisco survey found that 84% of 6,700 respondents, including 81% of the 300 Canadian respondents, found that working remotely has increased cybersecurity risks to their organization, and nearly a percentage of respondents cites unregistered devices used by employees in support of remote to be the likely cause of security incidents. Unregistered devices might include laptops, tablets, and smart phones, the survey said.
In general, Cisco found that in the early days of the pandemic when the sudden shift to remote work occurred, security became an afterthought, as noted by a Cisco exec interviewed by IT World Canada. The reason security tends to take a back seat when employees work from home is that they want a similar experience to working in the office, but they don’t want security controls that make it harder to do their jobs. In addition, remote work isn’t just about working from home – employees now want the option of working anywhere.
Meanwhile, the International Association of IT Asset Managers (IAITAM) has similar concerns about the impact of remote work on organizational security, echoing the Cisco survey’s observation that security wasn’t top of mind when the initial rush to remote work occurred in March 2020. Not only are personal devices being used by remote workers to access the corporate network contributing to security issues, but there’s also “low-tech breach” danger if organizations don’t have proper IT asset disposal procedures, IAITAM warns.
Not having a proper asset disposal program for computer hardware is just as important for remote work security as having a strategy for warding against employee errors, rogue employees, errant third party vendors, and outside hackers, advises IAITAM. Any asset disposal program should include certified data drive sanitation or destruction, and robust tracking of the disposal process so that data thieves aren’t gaining access to mission critical business information.
Monitoring the lifecycle of computer hardware used for remote work can be especially complex if they include personal devices, but asset management is critical to any organization’s security strategy. If you don’t a program in place, consider consulting your managed service provider for support.
- January 17, 2023
- Catagory remote work
Remember the basics of remote work security
At the risk of sounding like a broken record, remote work isn’t going away, so you need always be mindful of some core security measures that protects what looks to be a perpetual hybrid workplace.
These measures are both technical and cultural in nature – your people are just as critical as the security technology you deploy to accommodate remote work.
The most obvious step you can take on the technology front is to regularly update and monitor your network security. This includes applying the latest security patches and upgrades to all devices, including updates to operating systems as well as keeping your antivirus and antimalware programs current. Don’t forget hardware updates such as those for your routers and switches, either.
A strong technology foundation is critical to remote work security and should also include secure VPN access for any employee working outside the office, as well as multi-factor authentication (MFA), both of which lay the groundwork for creating a Zero Trust environment. Also essential are tools for monitoring your environment so you have a complete understanding of what’s connected to your infrastructure, whether it’s devices that support remote work or other devices and services, including internet of things (IoT) devices. You should be able to interrogate the network so you can know for certain how every connected device behaves at the packet level.
In the era of remote work, MFA is a must have, and illustrates how critical the intersection of technology and people is to security. Employing MFA recognizes that even the best passwords can be broken and that the users who select and use them make mistakes. This is where employee education comes into play so all users, remote or otherwise, understand good password etiquette and the benefits of adding another layer of security with MFA.
User education is also the best defence against phishing emails, which remain the most common threat to your sensitive data. The upheaval of the pandemic has made for good cover for threat actors who send convincing emails that open the door to malware and ransomware.
The culture of your organization has always been critical for maintaining robust security, and the sudden switch to remote work was a stark reminder of that. Even as many employees return to the office, it’s a great time to remind your entire team that remote work requires the same level of attention to best practices around storing and security mission critical data.
The return to the office should also be seen as an opportunity to take another look at your entire security strategy – consider tapping into the expertise of a managed service provider to help you re-evaluate and refresh your technology and best practices.
- September 15, 2022
- Catagory IT management
Are you ready to support the hybrid office?
If you’ve got employees coming back to the office while still allowing staff to work from home, you’ve created a hybrid office environment that can create challenges when onboarding staff, providing ongoing support, and securing a vast array of endpoints.
In some ways, having everyone work remote is more straightforward – when you have employees coming and going from the office, the environment becomes even more dynamic because the definition of hybrid work can vary depending on how you manage it and company policy. Consider the different scenarios:
- The “at-will and remote-first” approach means employees are empowered to prioritize working remotely
- An “office-first” policy falls at the other end of the spectrum and resets the organization to pre-pandemic norms
- “Split weeks” mean days are assigned as either remote or office-based according to a schedule while certain employees might be assigned to be in the office on a week-by-week basis
- Some organizations are designating who must be in the office and who can work from home on a team-by-team basis
No matter what you choose, a hybrid work environment reinforces the need for a cloud-first approach for business applications and robust cybersecurity. You also need to support collaboration for remote workers and those who opt to be back in the office – and everything in between. A hybrid approach may also mean people no longer have assigned workspaces – hotdesking adds complexity to workstation support and endpoint security, which should always be a high priority. Employees who are on the move risk bringing threats to the office with them.
The emergence of the hybrid office comes at a time when threat actors are upping the ante and exploiting as many attack surfaces as they can – it’s can be difficult for your IT team to keep on top of everything and it takes time away from more strategic initiatives such as digital transformation.
Even before the pandemic and shift to remote work, your IT team was under a lot of pressure to secure infrastructure and protect customer data. If you haven’t already turned to your managed service provider (MSP) to help you bolster cybersecurity, a hybrid work environment should be your tipping point. They can take charge of many security tasks that can otherwise bog down your IT staff, such as overseeing antivirus software and firewalls, and even identity management for all workers, no matter where they decide to work.
If your MSP is helping you with a cloud-first approach, they’re able to monitor your end-to-end infrastructure, including every workstation in the office or at an employee’s home office. They can take charge of onboarding employees so they can access business applications from anywhere and deliver security training services.
Getting a handle on what the hybrid work environment means for your business and relevant IT requirements is an excellent opportunity to expand your relationship with your MSP. Not only can they securely provision and manage the services you need, but also help you better understand your workforce in this new, dynamic landscape so you can enhance service delivery to your customers and maximize employee productivity.
- May 12, 2022
- Catagory remote work
Disruption is an opportunity for improving security
The pandemic has been a challenge from security perspective, but it can also be viewed as an opportunity to review your best practices, your cybersecurity tools, and the role of a managed service provider.
The move to remote work two years ago was quite sudden, and left many organizations caught off-guard. If they were in the process to moving to more cloud-based services, the pandemic accelerated that migration. It also brough to light security challenges that could not be ignored because the number of endpoints suddenly grew exponentially with the bulk of their employees working from home.
As Dell’Oro Group Mauricio Sanchez recently pointed out in a blog post about the top five demands and challenges faced by CISOs, the massive disruption of pandemic compounded the rate of technology and threat change, and provided an impetus for looking at security problems in new ways and drove investment that would not have been possible in a non-pandemic environment.
While small and medium-sized businesses rarely have a C-level executive in charge of security or even a CIO, there are lessons they can take from observing the cybersecurity trends affecting large enterprises.
Sanchez notes that the security vendor landscape is highly fragmented, so if a CISO is trying to sort through many options, don’t feel bad as an SMB if you’re feeling a little lost about what to implement and who to work with.
It’s important not to be tempted by new and shiny security products simply because they are new and shiny. The products and services you choose should be guided by an understanding of what needs to be protected in your organization, both on-premises and through your distributed workforce. Vendors do have a role in helping you secure your organization by developing security controls and technologies that will benefit you, but bi-directional communication essential.
For smaller organizations, it’s often best to engage with a managed service provider who can keep abreast of the rapidly evolving landscape of threats and available cybersecurity products. They can help navigate the options, evaluate your current security posture, and implement and manage what works best depending on the nature of your business.
Consider Zero Trust, but remember it’s a strategy, not a product
The shift to remote work has given Zero Trust increased traction, but whether you’re a big enterprise with a CISO or a smaller organization with limited IT resources, don’t confuse tactics and strategy.
As Dell’Oro’s Sanchez notes, Zero Trust is a valuable strategy but it’s not a product you can buy. Having a coherent strategy and understanding what needs protected will help you avoid wasting your IT budget on products do very little to improve security. Simply buying “zero trust” product could create a false sense of security, he says, and ultimately lead to your business being compromised.
Even if you’re confident that they are the right fit for your organization, buying the latest and greatest security solutions only go so far if you don’t have a firm handle on the fundamentals. A managed service provider with security expertise can help you best understand how a Zero Trust strategy can be implemented, and what tools you need to support it.
- April 14, 2022
- Catagory Collaboration
Any business can benefit from a UCS
If you’re an SMB who thinks a unified communication system (UCS) is a luxury for large organizations, think again.
With remote work still the norm even as employees head back to the office, having the right tools for remote workers is essential for attracting and retaining talent by offering flexibility to your team, as well as maintaining competitive advantage in your industry through efficiency and productivity.
A UCS enables distributed employees to collaborate effectively by pulling together all the communications and file sharing tools they need into a single platform, including calendaring, video conferencing, voice calling, chat and email. Together, your staff can communicate, share information, and easily keep everyone in the loop through advanced project management capabilities and cloud-based storage.
The right UCS platform will work with multiple devices, too, with an emphasis on mobile device optimization to enable employees to connect from anywhere. Your chosen UCS should balance simplicity to ensure an intuitive experience for all users while also offering advanced functionality such as one-button push to join, in-meeting chat, call-in and callback, and whiteboard capabilities.
If you’re already invested in cloud-based business tools such as Microsoft Office 365, Google Docs, and popular customer relationship management (CRM) software, you can integrate them and other software with a UCS through application programming interfaces (APIs). Any UCS should readily integrate with your existing IP network or on-premises IP telephony network.
All these capabilities and integrations might suggest that adopting a UCS is an expensive, complicated proposition best left to a large organization with an in-house IT team, but because today’s UCS solutions are cloud-based, it’s feasible and relatively easy to adopt and scale up a UCS in line with the growth of your business and headcount. A cloud based UCS streamlines ongoing management, so it’s easy to add users, devices and locations and keep an eye on all of them through a centralized, holistic dashboard.
Adopting the right UCS sets your employees up for success in an era of hybrid work, no matter where they’re working, enabling them to connect and collaborate cohesively to keep your business competitive. If evaluating and deploying a UCS still seems overwhelming, you don’t have to go it alone. A managed service provider can help you select the best platform for your needs and integrate with your existing telephony and productivity apps, as well as understand how a UCS aligns with your broader business goals.
- November 16, 2021
- Catagory cloud backup
Keep your data protection simple by using cloud backup
When it comes to data protection, simple is always better, even as remote work and hybrid offices makes things more complex.
Even as endpoints flourish, you should continue to streamline your systems by leveraging cloud backup and combat complexity—the more systems you have in place, the more likely something will go wrong. You must balance redundancy with simplicity.
Even before the pandemic and the massive proliferation of remote endpoints, there were already many different applications and systems needing backup as lines of businesses spun up their own Software-as-a-Service (Saas) applications such as Microsoft Office 365 and Salesforce. Even worse, they assumed data is automatically backed up by the vendor. But in addition to those applications, you need to keep track of your servers, physical and virtual machines, and multiple endpoints that include workstations and laptops, satellite offices, and of course, remote workstations, which may even be an employee’s personal device.
The attack surface has expanded since the pandemic but having multiple data protection systems isn’t the answer. Instead, consider a single cloud backup service with built-in redundancy. As with any application, a data protection system has its own maintenance requirements and processes, so it’s best to have one that’s well-managed and reliable that makes verification simple. That way, you can be confident all your data, regardless of application, server or endpoint, is being consistently backed up. Having as single cloud backup service is also better for your IT budget.
However, depending on your environment, it may not be realistic to have a single cloud backup solution; your best approach is to implement a select few data protection systems to meet user requirements so that your IT team isn’t overwhelmed by too many backup tools as the resulting complexity will lead to misconfigurations and ultimately, a data breach that leads to a business disruption.
Having confidence in your cloud backup isn’t just important for your IT team. Data protection plays a strong role in maximizing business uptime, so you’re not only trying to keep senior IT management happy—the CEO has a stake in data protection, whether they realize it or not.
Like any application you implement to realize business goals, not all data protection and cloud backup systems are created equal. In addition, IT environments are more dynamic than ever thanks to digital transformation efforts, the emergence of the hybrid office, and the persistence of remote work. When selecting a cloud backup solution, be sure they meet all your data protection criteria including compliance, security, and restoration windows. You might want to consider taking the opportunity to replace legacy systems that can be difficult to back up, rather than keeping them going because it will reduce maintenance costs, add data management capabilities, and improve your overall data protection effectiveness.
Remember that data is more portable than ever, too, especially when fewer people are working in the office behind the corporate firewall. If applications and data are spread cross multiple clouds, as well as endpoints and workstations, then your cloud back solutions must consider that your data is distributed across many platforms, as well as understand the built-in data protection of SaaS productivity applications—not just what they can do, but also what they don’t do.
A dramatic increase in the number of remote workers and the emergence of the hybrid office are great reminders that the need for robust data protection is never going to go away. As the year ends, take the opportunity to revisit the cloud backup solutions you have in place and implement a strategy to modernize it as needed to reflect the world of work with the help of an experienced managed services provider.
- October 17, 2021
- Catagory PCaaS
PC-as-a-Service (PCaaS) streamlines and procurement and enhances productivity
With the trend toward remote work evolving to a hybrid office modelv, the case for small and medium-sized businesses to embrace PC-as-a-Service (PCaaS) is more compelling than ever.
Businesses need their employees to be as productive as possible no matter where they are without worrying if their PC workstations are fast enough, secure enough or properly connected to the data and applications they need to get things done.
PCaaS offers many benefits, allowing you to scale up your employee PC footprint as quickly as needed to support essential on-site employees, remote workers and hybrid offices with the latest and greatest Windows-based desktops and laptops.
Predictable costs and more secure data
Moving to PCaaS eliminates the upfront of cost of buying PC workstations and reduces the time and effort necessary to source and negotiate with vendors. Guided by your requirements, a managed service provider acquires the best hardware on your behalf, and you subscribe instead of buy through a monthly leasing model.
A PCaaS subscription provides predictable budget because your costs are fixed over the course of the agreement rather than occasional small or large capital expenditures and all the associated costs with deploying, managing, and maintaining a fleet of workstations. The cost savings of embedding the cost of equipment into a monthly fee add up quickly because lifecycle management of hardware becomes the responsibility of your service provider, including device disposal. You also have the flexibility to scale up or down as needed without worrying about whether you have the available management expertise or devote resource to sourcing and negotiating with vendors.
PCaaS frees up your own IT teams for more strategic projects aligned with business objectives because you can trust that a managed service provider will provide the technicians needed to manage any hardware and software regardless of location, including on-site troubleshooting or remote updates and maintenance. This also translate into reduced downtime because this IT support is available 24/7. Productivity is also enhanced because any new device that lands on an employee’s desk is pre-configured to desired specifications with all needed apps necessary for them to do their job.
Another added benefit to PCaaS is enhanced data protection due to better business continuity and security. The right service provider will also offer off-site data so that in the wake of a natural disaster or power loss they can easily restore critical data and re-provision your equipment quickly so there’s little to no disruption to your business operations. PCaaS also encompasses security safeguards such as hardware-based security measures, secure authentication for users, and data encryption and malware detection/remediation as part of any device deployment. By managing your fleet from a central location, your provider can update all devices with any security patches remotely, as well as keep a real-time inventory by tracking their location and status.
Workstations on demand
Supra ITS’ PCaaS, also known as “Workstation-as-a-Service” (WaaS) takes on the day-to-day management of all your employee workstations, no matter where they work or what they do. We manage any software updates and hardware upgrades, answer any technical support calls, and reconfigure the PC as needed to improve productivity and meet business objectives. This enables both your employees and IT staff to focus on strategic initiatives that drive revenue for the business rather than get bogged down with PC troubleshooting.
Because we automatically deliver the latest patches and updates to every endpoint in alignment with robust security policy and any mind any regulatory requirements that govern your industry, you can have peace of mind your business is protected without any barriers to productivity. Our sourcing strategy future-proofs your business with workstations that will be able to run your core applications for years to come.
- September 30, 2021
- Catagory Security
Cybersecurity Attacks Target Remote Work Technology: Things You Can Do
Remote work technology continues to be a prime target for cybersecurity attacks.
Recent research released by Tenable in collaboration with Forrester found that nearly three quarters of organizations have traced recent cyberattacks that have impacted their businesses to vulnerabilities in remote work technology. Even before the pandemic began, the traditional perimeter around enterprise IT infrastructure had become rather porous due to increased mobility of workers and cloud adoption. With a hybrid workforce that has fully embraced remote access tools, cloud services, and personal devices, that perimeter is pretty much gone.
The Tenable / Forrester research found that 80 per cent of security and business leaders say remote work has put their organizations at higher risk because IT teams lack visibility into remote employee home networks as more than half of remote workers use a personal device to access work data. This has meant three quarters of cyber attacks are targeting remote employees. Threat actors are also exploiting third-party software providers or leveraging vulnerabilities in those products, with 65 per cent respondents linking those compromises to recent cyberattacks.
For small and medium-sized businesses, it can be challenging to invest a great deal of money in security technology and dedicated IT staff, but there several core things that can help to better protect remote work technology from cybersecurity attacks.
- Use a Virtual Private Network (VPN): Implementing a VPN for anyone accessing corporate data and applications via the Internet provides an additional layer of security via multi-factor authentication and should be required for anyone looking to access valuable company intellectual property and other sensitive data.
- Use complex passwords: Many employees opt for simple passwords they can remember and use them for more than one application or website, which means once a hacker guesses one of them, they have access to a great deal of private information. Since these can be difficult to remember, consider implementing password encryption software that stores usernames and passwords without the need to know what they are because the information is encrypted from the start.
- Educate everyone: Having the right technology in place only goes so far; you need a culture where all employees understand the need for complex passwords, log in via VPNs, and recognize phishing attacks and other suspicious emails. In addition to employee training, set aside a budget for your cybersecurity team to attend webinars and other courses that help them keep up with an ever-changing threat landscape.
- Keep everything up to date: Whether it’s hardware or software, getting behind upgrades and patches is sure fire to create vulnerabilities that threat actors will support. While much of this can be automated, you should have a program in place to verify all necessary updates are done on schedule.
- Pick a reputable cloud service provider: A great deal of security misconfigurations that lead to data breaches are the result of connecting with the many cloud services available to businesses today. Make sure your chosen providers have a solid track record on the security front and understand what they’re responsible for securing and what must be done at your end.
Keeping ahead of cybersecurity attacks has always been a challenge and the remote work era hasn’t made it easier. Consider seeking out a managed security services partner who can help you evaluate your security posture, implement new technologies and policies, and automate where possible so that your business is a less appealing target for threat actors.