Commitment. We have to have it to succeed.
Thoroughness. Being willing to dot the i's and cross the t's.
In business we can't afford to do things in half measures but I often find that to be the exact case when it comes to protecting a company and their people, clients and data. Nowhere is that more true than in the work from home environment.
On March 17th the State of CT announced that it would permit State employees (13,000 of which worked in Hartford CT prior to the start of the pandemic) to work remotely up to 4 days per week. In 2020, the State sold or ended the lease on four properties in the city. Notwithstanding the economic impact of that many people suddenly not going for coffee, lunch, picking up prescriptions etc. the bigger question is how safe is their remote work environment?
A Proofpoint survey in 2019 found that 95% of respondents used a smartphone which is to be expected. Out of those that did, 10% didn't have any locking mechanism on their phone. No biometric (fingerprint or facial), passcode, PIN, nothing. Additionally the same amount had home WiFi but out of them, a full 51% had open wireless with zero passphrase. No security at all. Source: Proofpoint, “2020 State of the Phish Report,” January 23, 2020.
If those people don't work on company issued devices that perform a security protocol scan prior to connecting to the work network they are putting their employer at risk. A recent report published by a technology refurbisher stated that laptops were the most likely damaged items (67%) and that 81% of people would continue to use their damaged device. The most scary finding is that a third of the respondents had switched to using their personal devices.
A commitment to proper cybersecurity means that you are willing to enforce the same rules at "home" as you are at the office. This may mean providing staff with laptops or replacing desktop computers with a laptop or consolidating and issuing docking stations and moving away from desktop PCs for any staff that can work remote. It could also mean it's time to consider virtual, cloud-based computers. These can make the computer that accesses them almost irrelevant as data and the necessary security never actually interacts directly with the computer the user is actually in front of.
Yes, solve for the people problem with phishing education campaigns and education but don't forget the technology. During the last two years we've witnessed companies relax cybersecurity standards to get WFH implemented. I get it. But as it's not going away any time soon for many companies it's way past time to tighten things back up. Ransomware attacks are common. Zero day exploits and emergency patches are almost weekly occurrences. Time to get serious, to be totally committed to doing the right things even if they're painful.
If your IT department or outsourced IT partner/provider isn't having these conversations then you need to start them. You need to know how you are protecting yourselves, your staff, your clients, your intellectual property, your finances, your continued existence as a company.
A few years back I met with three prospects that had been the victims of wire fraud caused by phishing which lead to cyber-criminals gaining email or network access. Each one liked what we presented but asked if we could make it cheaper. Cheaper had got them where they were and wasn't going to move them forward. You can't always use your current IT budget, tools and maybe even support relationship/model as guidance for the way forward. New challenges dictate new solutions.
Want to find out how virtual desktops can transform how you work and save you money and possibly even help retain staff? Want to discuss what you should be looking for in cybersecurity protections? Unsure how to best ensure your staff stays safe and productive wherever they work? Schedule a quick initial virtual appointment here.
