The challenges in establishing data security best practices in a WFH environment

The COVID-19 pandemic changed the landscape of the corporate world drastically by making WFH, mainstream.. What does that mean for your business data? How does it change your business’s cyber risk profile? Download our whitepaper, The WFH environment & associated data risks, a new perspective, to find out.

Restrictions on installing firewalls, antivirus, system/software updates, and security patches

When your employees are in the office physically and using your computers, you can install firewalls and access control mechanisms. For example, you can block non-work-related sites or sites with 3rd party cookies, or set up password policies for them to follow when using the device, etc. But, if they are working from home, and using their own devices, there’s no way you can install firewalls or have access restrictions like that in place at the system level. Similarly, you can ensure your work computers are up-to-date in terms of security patches, system updates, and software upgrades, but you can’t force an employee to install security patches or antivirus on their PC at home!

Keeping your data safe after an employee quits

When your employees are working from home using their own devices, how can you be sure you recovered all your data and erased them permanently from your former employee’s devices? How do you ensure they don’t have a copy of the sensitive information stored somewhere that could be misused intentionally or unintentionally cause a data breach.

Safeguarding access to your data in case of unexpected events such a device theft or breakdown

If your employee is using their personal device for work and it gets stolen, how do you handle the data loss and any data compromise that could possibly follow. Similarly, if something goes wrong with their device, how do you ensure your data is not lost and your work is not stalled? Also, if the device goes into repair, how can you be sure of the security of your data then?

Challenges brought on by device sharing

If your employees are using their own devices for work purposes, you can’t stop them from sharing their devices with friends and family. But, device sharing can put your data at risk of being stolen.

Remember WFH is not necessarily just WFH

When we use the term, WFH, the first image that comes to mind is of a person sitting in their living room or home office desk and working on a laptop. But, remember that’s not necessarily true. When you follow the WFH model, it enables your employees to work from anywhere! The recent ‘workation’ (work+vacation) trend that’s catching on quickly is a testimonial to this fact. For all you know, your employee may be working from the Starbucks two states away, or they may be at the airport sending that last report in before they take off for a vacation, or they may dial into that important meeting from the resort they are staying at–all instances where they may be using public Wi-Fi networks, compounding the risk to your data from cybercriminals

Let’s face it! The WFH environment coupled with the BYOD (Bring-your-own-device) makes organizations much more vulnerable to cybersecurity threats than the traditional office setup. However, that doesn’t mean there’s no solution. As a company, you can still put various mechanisms in place to ensure the safety and security of your data. You should also train your employees on how to safeguard themselves and your data from cybercriminals. A managed service provider (MSP) specializing in cybersecurity, data back, and recovery can help you with both of these. They would know what tools you can use to keep your data secure even in the WFH scenario and they will also be able to train your employees on the common mistakes that people make unwittingly which often leads to major data breaches.

Social media at work…what could go wrong?

As a business, there is no doubt today that you need to make your presence felt on major social media platforms such as Facebook, Twitter, Instagram and LinkedIn. But social media also exposes you to cybercriminals. In this post we talk about the steps you can take to ensure your social media account doesn’t become a gateway for cybercriminals to access your data.

Make someone accountable
The first step to a successful and safe social media experience as a company is to make someone in your organization accountable for it. Designate a social media manager who is responsible for maintaining your company’s social media accounts. This person should oversee everything–from the posts and pictures in your company account to approving/disapproving ‘Friend’/’Follow’ requests.

Train your employees
Of course you should train your employees who handle your official social media accounts about the security threats and how they need to steer clear of them, but you also need to train other employees who are not on your social media team as they could be a weak link that a cybercriminal could exploit to reach your business. Seems far fetched? Not really. A lot of people trust their ‘friends’ on social media and also unwittingly share a lot of information, which can be used to hack their personal accounts and devices, which in turn, may act as a gateway to your business. Teach your employees about general social media best practices in terms of security and also educate them about the privacy settings they can use to ensure there data is shared with trusted individuals only.

Take the necessary security measures
Make sure the devices you use to access your social media accounts are protected with firewalls and anti-malware tools and all security updates and patches are up-to-date.

Password hygiene
Practice good password hygiene and encourage your teams to do the same. That means no password sharing, no sequential letters/numerals, no obvious words or numbers as your social media account password.

Frame a social media policy
You should also frame a social media policy that spells out the dos and don’ts of social media that everyone in your organization should follow. This is important from various perspectives as employee’s statements on social media may be perceived as a reflection of your business’s values, whether you like it or not. This can make your business a target of cybercriminals and lawsuits.

Putting your business out there on the social networking sites gives your brand a lot of exposure, presents paid advertising opportunities and even helps you build and manage customer relationships, but as discussed, it can be tricky to navigate in terms of security. Businesses may find it overwhelming to manage their social media security strategy all by themselves can reach out to a managed services provider. An MSP with experience in social media security can be a valuable asset in helping you build a strong social media security strategy.

Do your homework: 3 things to do when looking for an MSP

Thinking of hiring a Managed Service Provider, but not sure how to go about it? Here are a few things to do before you zero in on one.

Figure out what you have already
The first step in a good plan is to figure out where you stand currently. Before you talk to an MSP, conduct an audit of your IT infrastructure to decide what you have currently. List all your hardware and software. When performing this IT audit, don’t forget other technologies that you are using, such as biometric access systems, CCTV systems and even telephone systems. You may think they are irrelevant as they are not directly related to your IT infrastructure, but, in the near future you may want them all to be connected to one another, and so, including them in the audit and inventory right now is a good idea.

Figure out what you need
This is the next step. After you determine what you already have, the next step is to figure out what you need. What do you want to add on or remove from your existing IT infrastructure? Are your servers too slow? Do you want to switch to the Cloud instead of traditional services? Do you want a Unified Communications set up instead of your current PBX phone line? Do you want to shift to a work-from-home model and need the infrastructure to support that?

Do your research
Now that you are clear about what you have and what you need, start doing your research. If you have an in-house IT team, you can ask them to evaluate the various options that can help you reach your goal. If not, then there are plenty of resources available online for SMBs that help with tech questions. https://www.sba.gov/learning-center is one great resource and a Google search will get you more.

As a part of this research, you should also make a list of credible MSPs in your area and learn more about them. A Google search can help you with that, but it would be even better if you reach out to a couple of your peers requesting them to refer you to their MSPs, if they have one.

Hiring an MSP means trusting them with your IT infrastructure, so it is very important that you have a clear understanding of what you really want and need, so you can share your expectations with your new MSP. This transparency and clarity goes a long way in determining the success or failure of your relationship with the MSP.

Four reasons to opt for the co-managed IT services model

Co-managed IT services model is one in which the business has its own IT team, but still contracts with an external managed services provider for certain services. In this blog we discuss four benefits of a co-managed IT services model.

Expertise
Your in-house IT team may not have all the expertise needed to manage all your IT requirements. There are new developments happening in the tech space everyday and an MSP is better positioned to stay up-to-date with them as IT is their business.

Flexibility
Opting for a co-managed IT services model allows you the flexibility to scale your IT up or down based on your business requirements. This is especially useful for companies that experience seasonal spikes in their business, such as CPA firms, around taxation times, or retail businesses around the Holidays. You don’t have to hire new IT staff to handle the sudden extra load on your IT.

Lower costs
Choosing a co-managed IT services model saves you costs that you would otherwise incur when hiring new IT staff. Bringing someone on your payroll involves HR expenses including health insurance, 401 (k) etc., which can be avoided when bringing an MSP onboard.

Help your IT team focus better
Research indicates that in companies that have an in-house IT team, their IT specialists are so caught up with the day-to-day IT tasks that they don’t have the time to focus on new technology. Tasks like security patches, software updates, backups etc., keep them busy, so they don’t get time to research or learn about the latest on the tech front. This defeats the purpose of having an in-house IT team, doesn’t it? If you could have your MSP take care of the mundane IT routine, you will be enabling your in-house IT technicians to focus on new technology, which will help you become more efficient as a business.

If you already have an in-house IT team, it is not unusual to think you don’t need the services of a managed services provider. But, as you can see, co-managed IT has its advantages and you shouldn’t strike an MSP off your list completely just because you have your in-house IT technicians.

5 Lesser known benefits of choosing the co-managed IT model

Even companies with IT staff on their payroll can’t deny having an MSP onboard offers benefits that exceed what they get from having just an in-house team. This blog explore 5 lesser known reasons why the co-managed IT model is popular.

An extra hand during emergencies
In the event of any unforeseen emergency such as a natural disaster or a terror attack, you may need additional IT support to get things up and running again. Your IT team may not be able to do it all instantly and of course adding to your IT staff wouldn’t be an option during such times. In a co-managed IT services model you will have your MSP to support your IT team which will help you recover faster.

Especially useful when you have a small in-house IT team
For a lot of SMBs, an in-house IT team comprises one or two IT technicians who take care of all their IT needs. But what happens when they are both out of office at the same time, due to unforeseen circumstances? You can only cross your fingers and hope no major IT problem comes up. But, in the co-managed IT services option, your virtual IT team is just a call away!

24/7 Support
24/7 IT support is a luxury for most SMBs. Their in-house IT staff usually works the same hours at the business. Most managed service providers, however, offer 24/7 services at affordable costs.

You still retain control over your IT
In a co-managed services model, you are not completely entrusting your IT to an MSP, as your in-house IT team will be collaborating with your managed services provider to meet your IT needs better. Thus, you retain quite a bit of control over your IT.

You get useful IT insights
When you bring an MSP onboard, you benefit from their expertise and on-ground experience. They can advise you on the latest IT trends in your industry and help streamline your processes and IT infrastructure based on what’s effective. This kind of insight cannot be gained with an in-house IT team as they would only be working with you.

Co-managed IT model is not replacing your IT team with an MSP. It is augmenting your existing IT support setup with an MSP and leveraging their expertise to bring thought leadership IT strategies into your organization.