Portland Internetworks held a virtual meeting, “Your Technology Toolkit for the Post-Pandemic Landscape,” discussing the prudent technology investments in the face of a changed work environment. Doug Westervelt, CEO, was joined by Doug Miller, President of Straight Edge Technology.
Security when it comes to technology is a bit of a beast to begin with. Now that we have an influx of remote workers, it’s critical to have your security dialed in. When you’re in an office setting, there’s one central network to which everyone is connected; fewer variables. When your whole team is working from home, suddenly you’re faced with however many different connections – you have less control than you did before. This places much more responsibility than before on the end user. Figuring out what measures are necessary to protect you and your team isn’t very complicated, nor is it as expensive as you might think.
Over and over, the comment we’re hearing from business leaders is that they don’t want to be responsible for their newly remote team’s home computers and home networks. And it makes sense; when you lose control over your remote team’s devices and networks, they can become breeding grounds for security concerns. The easy answer is to invest in technology and security that your employees can take home. This does include choosing laptops over desktops, but we’re also talking about investing in teleworking devices, such as the Cisco Meraki Z3. Devices like this allow you to make each remote employee’s house sort of like a branch office; they will be afforded the same security features as if they were in the office. This is hugely advantageous over having your team remote in to the VPN; on the VPN, each person is connected via their home internet (meaning you’re reliant on their connection supporting their work, and probably their kids watching Netflix at the same time). As we get further and further into this world of working from home, the expectation in terms of reliability is almost the same as if you were working out of the central office.
One trend that is starting to emerge is the idea that the responsibility of security is shifting off of the business as a whole, over to each individual. It’s no longer possible for just one person to be the watchdog for your entire remote team’s security and connectivity; the onus is now being placed on the end user. We recommend investing in security awareness trainings. Everyone should have some sort of basic training when it comes to security so that you can be more confident in your team making good security decisions when they’re not under your constant watch. For instance, if you’re one of 15 people in the accounts payable department, and you get a suspicious looking email from your CEO requesting an urgent wire transfer of $45,000, it’s much easier when you’re in the office to shoulder tap your colleague and say “This looks odd, right?” But now when we’re isolated, there’s more of a tendency for your employees to say something like, “I don’t want the boss to be mad at me for not doing this,” and then proceed with wiring the money. Security awareness trainings can prevent situations like that from happening.
Even something as simple as multi-factor authentication (MFA) can be a great investment at this time. When everybody was in the office, it wasn’t as big of a concern; everyone was logging into the same machines from the same devices at the same locations all the time,. But now it’s a little harder for your IT professionals to determine who’s logging in from which device – MFA is a nice way to prevent what looks like Fred logging in from his home computer in Portland vs some bad guy in Unnamed Country working from a Linux box. These are high value, low cost security changes that can be made.
Another issue to consider is that of security in motion. At the beginning of the stay at home orders, there was a mass exodus from the office to home. Along with us, we brought our computers. At some point in the future, most people will have to move everything back to the office. Some of us will be continually traveling back and forth between the office and home, laptop in tow. Physical security of your devices is of real concern; the best thing to do is invest in a carry case. The increased frequency of moving around your computer also creates a greater possibility of your laptop being left in public, or even stolen. Let this be a reminder that encrypting your data is one of the easiest ways to add a level of security to your business.
Additionally, as people are moving back and forth, there are going to be more distractions. Scammers know that this is the case right now. The more distracted you are, the more vulnerable you are to attacks. Here at Portland Internetworks, and our peers agree: we’re seeing way more attacks being reported to us by our clients. Phishing attacks increased by quite a number when everyone shifted to working from home; it’s only reasonable to think that the same thing will happen as folks start to return to the office. Basic security investments are prudent at this time. Better to invest a few thousand dollars in security measures, rather than spending upwards of five or six figures to deal with the fallout of the lack of security features.
Security attacks are getting more and more sophisticated, and are adapting alongside our ever-changing workforce setups. Simple security upgrades, such as MFA, educational trainings and teleworking devices are cost-effective measures you can take to protecting your business. At a time like this, you can’t afford to not invest in technology and security for your team while working from home. You don’t want your employees’ workflow (or security) to be compromised by the equipment that you’ve supplied to them. Security is a scary issue, and it’s one to take seriously, but solutions are out there and places like Portland Internetworks exist to help you out.