Guest blog by Mit Patel, Managing Director of London based IT Support company, Netstar.
In this article, Webroot sits down with Mit Patel, Managing Director of London-based MSP partner, Netstar, to discuss the topic of remote work during a pandemic and tips to stay cyber resilient.
Why is it important to be cyber resilient, specifically when working remote?
It’s always important to be cyber resilient, but a lot has changed since the start of the COVID-19 lockdown that needs to be taken into consideration.
Remote work has posed new problems for businesses when it comes to keeping data secure. Since the start of lockdown, there has been a significant increase in phishing scams, ransomware attacks and malicious activity. Scammers now have more time to innovate and are using the widespread anxiety of coronavirus to target vulnerable people and businesses.
Moreover, the sudden shift in working practices makes the pandemic a prime time for cyber-attacks. Employees can no longer lean over to ask a colleague if they are unsure about the legitimacy of an email or web page. Instead, they need to be confident in their ability to spot and avoid potential security breaches without assistance.
Remote work represents a significant change that can’t be ignored when it comes to the security of your business. Instead, businesses need to be extra vigilant and prioritise their cyber resilience.
What does cyber resilience mean to you?
It’s important to differentiate between cyber resilience and cyber security. Cyber security is a component of cyber resilience, referring to the technologies and processes designed to prevent cyber-attacks. Whereas, I believe cyber resilience goes a step further, referring to the ability to prevent, manage and respond to cyber threats. Cyber resilience recognises that breaches can and do happen, finding effective solutions that mean businesses recover quickly and maintain functionality. The main components of cyber resilience include, training, blocking, protecting, backing up and recovering. When all these components are optimised, your cyber resilience will be strong, and your business will be protected and prepared for any potential cyber threats.
Can you share some proactive methods for staying cyber resilient when working remote?
Absolutely. But it’s important to note that no solution is 100% safe and that a layered approach to IT security is necessary to maximise protection and futureproof your business.
Get the right antivirus software. Standard antivirus software often isn’t enough to fully protect against viruses. Businesses need to consider more meticulous and comprehensive methods. One of our clients, a licensed insolvency practitioner, emphasized their need for software that will ensure data is protected and cyber security is maximised. As such, we implemented Webroot SecureAnywhere AnitVirus, receiving excellent client feedback, whereby the client stressed that they can now operate safe in the knowledge that their data is secure.
Protect your network. DNS Protection is a critical layer for your cyber resilience strategy. DNS will protect you against threats such as malicious links, hacked legitimate websites, phishing attacks, CryptoLocker and other ransomware attacks. We have implemented DNS Protection for many of our clients, including an asset management company that wanted to achieve secure networks with remote working capability. In light of the current remote working situation, DNS Protection should be a key consideration for any financial business looking to enhance their cyber resilience.
Ensure that you have a strong password policy. Keeping your passwords safe is fundamental for effective cyber resilience, but it may not be as simple as you think. Start by making sure that you and your team know what constitutes a strong password. At Netstar, we recommend having a password that:
- Is over 10 characters long
- Contains a combination of numbers, letters and symbols
- Is unpredictable with no identifiable words (even if numbers or symbols are substituted for letters)
You should also have different passwords for different logins, so that if your security is compromised for any reason, hackers can only access one platform. To fully optimise your password policy, you need to consider multi-factor authentication. Multi-factor authentication goes a step further than the traditional username-password login. It requires multiple forms of identification in order to access a certain email account, website, CRM etc. This will include at least two of the following:
- Something you know (e.g. a password)
- Something you have (e.g. an ID badge)
- Something you are (e.g. a fingerprint)
Ensure that you have secure tools for communication. Collaboration tools, like Microsoft Teams, are essential for remote working. They allow you to communicate with individuals, within teams and company-wide via audio calls, video calls and chat.
When it comes to cyber resilience, it’s essential that your team know what is expected of them. You should utilise collaboration tools to outline clear remote working guidance to all employees. For example, we would recommend discouraging employees from using personal devices for work purposes. The antivirus software installed on these devices is unlikely to be of the same quality as the software installed on work devices, so it could put your business at risk.
Furthermore, you need to be confident that your employees can recognise and deal with potential security threats without assistance. Individuals can no longer lean across to ask a colleague if they’re unsure of the legitimacy of something. They need to be able to do this alone. Security awareness training is a great solution for this. It will teach your team about the potential breaches to look out for and how to deal with them. This will cover a range of topics including, email phishing, social media scams, remote working risks and much more. Moreover, courses are often added and updated, meaning that your staff will be up to date with the latest scams and cyber threats.
Implement an effective backup and disaster recovery strategy
Even with every preventive measure in place, things can go wrong, and preparing for disaster is crucial for effective cyber resilience.
In fact, a lot of companies that lose data because of an unexpected disaster go out of business within just two years, which is why implementing an effective backup and disaster recovery strategy is a vital layer for your cyber resilience strategy.
First, we advise storing and backing up data using an online cloud-based system. When files are stored on the cloud, they are accessible from any device at any time. This is particularly important for remote working; it means that employees can collaborate on projects and access necessary information quickly and easily. It also means that, if your device is wiped or you lose your data, you can simply log in to your cloud computing platform and access anything you might need. Thus, data can easily be restored, and you’re protected from potential data loss.
Overall, disaster recovery plans should focus on keeping irreplaceable data safe. Consider what would happen to your data in the event of a disaster. If your office burned down, would you be confident that all your data would be protected?
You should be working with an IT support partner that can devise an effective and efficient disaster recovery plan for your business. This should set out realistic expectations for recovery time and align with your insurance policy to protect any loss of income. Their goal should be to get your business back up and running as quickly as possible, and to a high standard (you don’t want an IT support partner that cuts corners). Lastly, your IT support provider should regularly test your strategy, making sure that if disaster did occur, they could quickly and effectively restore the functionality of your business.
What else should fellow MSPs keep in mind during this trying time?
In the last four years, cyber resilience has become increasingly important; there are so many more threats out there, and so much valuable information that needs protecting.
We have happy clients because their machines run quickly, they experience less IT downtime, and they rarely encounter viruses or malicious activity. We know that we need to fix customers’ problems quickly, while also ensuring that problems don’t happen in the first place. Innovation is incredibly important to us, which is why we’ve placed a real focus on proactive client advisory over the last 24 months.
That’s where a strong cyber resilience strategy comes into play. MSPs need to be able to manage day-to-day IT queries, while also focusing on how technology can help their clients grow and succeed in the future.There is plenty of advice around the nuts and bolts of IT but it’s the advisory that gives clients the most value. As such, MSPs should ensure they think like a customer and make technological suggestions that facilitate overall business success for their clients.