March 16, 2020
It’s one thing to say that workers will work remotely, and access sensitive and confidential information via the internet. It’s quite another to be able to assure executive management that information is protected and compliance mandates are met, according to Janco Associates.
Janco’s Victor Janulaitis
“In talking with a number of our clients, as they rushed to allow a greater percentage of their employees to work from home, we highlighted several risks small and midsized companies faced,” said Janco CEO Victor Janulaitis. “The risks ranged from a more complicated record management, destruction and retention process to exposure of confidential and sensitive information to individuals within the companies that did not know what they could not do with that information.”
Getting telecommuting going is not as difficult as it may sound, he said. What is an issue is the volume of sensitive and confidential information that will be exposed without the proper infrastructure to protects those corporate assets, he said.
Bitdefender’s Liviu Arsene
Liviu Arsene, global cybersecurity researcher at Bitdefender, tells us remote workers can severely increase the risk of suffering breaches or inadvertent data leaks if their employer has inadequate security procedures involving access and handing of critical customer data.
“For example, an employee using his/her work laptop at home may use it for private activities, or even share it with family members,” he said. “Inadvertently copy-pasting sensitive data into the wrong window, installing an unsanctioned applicationor using an unsecure internet connection are just a few scenarios where an employee could pose security risks that could lead to compromise of on-device data or company infrastructure.”
Surveys have shown as much as half of SMBs have suffered a cyberattack within a single year, and that a data breach can be devastating, even potentially leading to the business’s permanent shutdown, Arsene said.
“Allowing remote employees to connect to and access critical infrastructure without having proper authorization, authentication and accountability in place significantly increases the risk of cybercriminals misusing that access,” he said. “The current cybersecurity skills shortage coupled with small cybersecurity budgets and the security challenges brought forward by remote employees can spell disaster for SMBs.”
SMBs that face the challenge of fortifying security while supporting remote employees can confidently turn to MSPs and MSSPs for expertise, support and 24/7 reliability in terms of deploying the right tools and procedures at a fraction of cost, Arsene said. Investing in an in-house cybersecurity team can drive operational costs well beyond the comfort zone of SMBs, while partnering with managed service or security service providers offers the same benefits with minimum expenses, he said.
“Another option that SMBs have is relying on managed detection and response (MDR) services that act as security operations center (SOC)-as-a-service,” he said. “Security operation centers are something that only large organizations have traditionally been able to afford for threat hunting of advanced and sophisticated intruders. However, through MDR, SMBs can also defend themselves…
…against potential advanced persistent threats (APTs) with the same power at a fraction of the cost. Staffed by seasoned security experts wielding some of the best security technologies, they can quickly and effectively respond to malicious activity, actively removing the threat to reduce dwell time and limit any damage.”
NordVPN provides the following advice for staying secure and connected while working remotely:
Make sure your home network is secure. The bare minimum will be to password-protect your router if you haven’t already.
Use a separate device or account for work. It’s best to keep your personal and professional devices and accounts separate. This way, if one account or device is breached, the other will remain safe.
Use companywide cybersecurity tools.
Encrypt sensitive files in transit and in storage.
Stay informed on cybersecurity and social engineering, Read up on different forms of social engineering and phishing so you know what to look out for. Now more than ever, scammers will try to pose as your colleagues or managers to try to get you to give up sensitive company information.
Avoid public Wi-Fi, which is far more likely to have malicious actors connected to it or running it, as is the case with a hotspot.
Read more about:MSPs
About the Author(s)
You May Also Like