Guest blog by Mit Patel, Managing Director
of London based IT Support company,
Netstar.
In this article, Webroot sits down with Mit
Patel, Managing Director of London-based MSP partner, Netstar, to discuss the
topic of remote work during a pandemic and tips to stay cyber resilient.
Why is it important to be cyber resilient, specifically when working remote?
It’s always important to be cyber
resilient, but a lot has changed since the start of the COVID-19 lockdown that needs
to be taken into consideration.
Remote work has posed new problems for
businesses when it comes to keeping data secure. Since the start of lockdown,
there has been a significant increase in phishing scams, ransomware attacks and
malicious activity. Scammers now have more time to innovate and are using the
widespread anxiety of coronavirus to target vulnerable people and businesses.
Moreover, the sudden shift in working
practices makes the pandemic a prime time for cyber-attacks. Employees can no
longer lean over to ask a colleague if they are unsure about the legitimacy of
an email or web page. Instead, they need to be confident in their ability to
spot and avoid potential security breaches without assistance.
Remote work represents a significant change
that can’t be ignored when it comes to the security of your business. Instead,
businesses need to be extra vigilant and prioritise their cyber resilience.
What does cyber resilience mean to you?
It’s important to differentiate between
cyber resilience and cyber security. Cyber security is a component of cyber
resilience, referring to the technologies and processes designed to prevent
cyber-attacks. Whereas, I believe cyber resilience goes a step further,
referring to the ability to prevent, manage and respond to cyber threats. Cyber
resilience recognises that breaches can and do happen, finding effective
solutions that mean businesses recover quickly and maintain functionality. The
main components of cyber resilience include, training, blocking, protecting,
backing up and recovering. When all these components are optimised, your cyber
resilience will be strong, and your business will be protected and prepared for
any potential cyber threats.
Can you share some proactive methods for staying cyber resilient when working remote?
Absolutely. But it’s important to note that
no solution is 100% safe and that a layered approach to IT security is necessary
to maximise protection and futureproof your business.
Get the right
antivirus software. Standard antivirus software
often isn’t enough to fully protect against viruses. Businesses need to
consider more meticulous and comprehensive methods. One of our clients, a
licensed insolvency practitioner, emphasized their need for software that will
ensure data is protected and cyber security is maximised. As such, we
implemented Webroot SecureAnywhere
AnitVirus, receiving excellent client feedback, whereby the client stressed
that they can now operate safe in the knowledge that their data is secure.
Protect your network. DNS Protection is a critical layer for your cyber resilience
strategy. DNS will protect you against threats such as malicious links, hacked
legitimate websites, phishing attacks, CryptoLocker and other ransomware
attacks. We have implemented DNS Protection
for many of our clients, including an asset management company that wanted to
achieve secure networks with remote working capability. In light of the current
remote working situation, DNS Protection should be a key consideration for any
financial business looking to enhance their cyber resilience.
Ensure that you
have a strong password policy. Keeping your
passwords safe is fundamental for effective cyber resilience, but it may not be
as simple as you think. Start by making sure that you and your team know what
constitutes a strong password. At Netstar, we recommend having a password that:
- Is over 10 characters long
- Contains a combination of
numbers, letters and symbols - Is unpredictable with no
identifiable words (even if numbers or symbols are substituted for letters)
You should also
have different passwords for different logins, so that if your security is
compromised for any reason, hackers can only access one platform. To fully
optimise your password policy, you need to consider multi-factor
authentication. Multi-factor authentication goes a step further than the
traditional username-password login. It requires multiple forms of
identification in order to access a certain email account, website, CRM etc. This
will include at least two of the following:
- Something you know (e.g. a
password) - Something you have (e.g. an ID
badge) - Something you are (e.g. a
fingerprint)
Ensure that you
have secure tools for communication. Collaboration
tools, like Microsoft Teams, are essential for remote working. They allow you
to communicate with individuals, within teams and company-wide via audio calls,
video calls and chat.
When it comes to
cyber resilience, it’s essential that your team know what is expected of them.
You should utilise collaboration tools to outline clear remote working guidance
to all employees. For example, we would recommend discouraging employees from
using personal devices for work purposes. The antivirus software installed on
these devices is unlikely to be of the same quality as the software installed
on work devices, so it could put your business at risk.
Furthermore, you
need to be confident that your employees can recognise and deal with potential
security threats without assistance. Individuals can no longer lean across to
ask a colleague if they’re unsure of the legitimacy of something. They need to
be able to do this alone. Security
awareness training is a great solution for this. It will teach your team
about the potential breaches to look out for and how to deal with them. This
will cover a range of topics including, email phishing, social media scams,
remote working risks and much more. Moreover, courses are often added and
updated, meaning that your staff will be up to date with the latest scams and
cyber threats.
Implement an effective backup and disaster recovery strategy
Even with every
preventive measure in place, things can go wrong, and preparing for disaster is
crucial for effective cyber resilience.
In fact, a lot of
companies that lose data because of an unexpected disaster go out of business
within just two years, which is why implementing an effective backup and
disaster recovery strategy is a vital layer for your cyber resilience strategy.
First, we advise storing
and backing up data using an online cloud-based system. When files are
stored on the cloud, they are accessible from any device at any time. This is
particularly important for remote working; it means that employees can collaborate
on projects and access necessary information quickly and easily. It also means
that, if your device is wiped or you lose your data, you can simply log in to
your cloud computing platform and access anything you might need. Thus, data
can easily be restored, and you’re protected from potential data loss.
Overall, disaster
recovery plans should focus on keeping irreplaceable data safe. Consider what
would happen to your data in the event of a disaster. If your office burned
down, would you be confident that all your data would be protected?
You should be
working with an IT support partner that can devise an effective and efficient
disaster recovery plan for your business. This should set out realistic
expectations for recovery time and align with your insurance policy to protect
any loss of income. Their goal should be to get your business back up and
running as quickly as possible, and to a high standard (you don’t want an IT
support partner that cuts corners). Lastly, your IT support provider should regularly
test your strategy, making sure that if disaster did occur, they could quickly
and effectively restore the functionality of your business.
What else should fellow MSPs keep in mind during this trying time?
In the last four years, cyber resilience
has become increasingly important; there are so many more threats out there,
and so much valuable information that needs protecting.
We have happy clients because their
machines run quickly, they experience less IT downtime, and they rarely encounter
viruses or malicious activity. We know that we need to fix customers’ problems
quickly, while also ensuring that problems don’t happen in the first place.
Innovation is incredibly important to us, which is why we’ve placed a real
focus on proactive client advisory over the last 24 months.
That’s where a strong cyber resilience
strategy comes into play. MSPs need to be able to manage day-to-day IT queries,
while also focusing on how technology can help their clients grow and succeed
in the future.There is plenty of advice around the nuts and bolts of IT
but it’s the advisory that gives clients the most value. As such, MSPs should ensure
they think like a customer and make technological suggestions that facilitate
overall business success for their clients.