Q: Most of our clients have sent their workers home to work remotely due to the COVID-19 epidemic. How can we keep our technicians and our client’s data safe?
The spread of COVID-19 has wreaked havoc on businesses across the globe. Many companies have shut their doors, but their networks need to keep running. You, the MSP, play a vital role in doing that.
Fortunately, MSPs are better positioned to help enable remote workers than most businesses. Your technicians are often out in the field, so chances are you’ve developed a communication system that works well; unlike accounting firms or restaurants, you don’t have to develop a system from scratch.
The main difference during the COVID-19 crisis is most workers HAVE to work from home. Working remotely is no longer a luxury or flexibility; it’s a mandate in many localations.
While MSPs may have it easier working remotely in one respect, in another, they have more challenges. MSP technicians are not just working from home themselves, they’re also managing the networks of many enterprises that now have employees scattered all over, working from sofas and bedrooms with poor security standards.
COVID-19 has forced many companies to shut their doors, but their networks need to keep running. #MSPs play a vital role in keeping #RemoteWork data safe. #Coronavirus #CyberSecurity
Smarter MSP caught up with Chuck Davis, a cybersecurity executive and instructor at the University of Denver, who has worked remotely for two decades. Davis shared his thoughts about working from home, both from an employee standpoint and a managed services perspective.
Clients’ whose workforces are suddenly remote. To make sure they are secure, you need to make sure they’re working on the company’s VPN at home. If the client has balked at setting up a VPN, now’s the time to do it.
“If an employee is working for a company that provides them with a computer and a VPN, you want them to be using that VPN anytime they are doing work. The more they are using it, the more secure the environment will be,” states Davis. The VPN will be outfitted with the same security tools as at the office, so employees should be in good shape from a cybersecurity standpoint.
If someone is doing work on their home network, consider segmenting the home network. Yes, hard to believe we are talking about doing this for a home network, but the breadth of connectivity in many residences demands that.
“Most home networks are small enterprises now,” notes Davis, meaning the average home has a range of IoT devices, routers, and USB connections that can be appealing targets for hackers.
“To create a healthier home network, we need to create some network segmentation in our homes. People working from home could put business or company at risk without some segmentation,” warns Davis. Make sure data is frequently backed up, with drives swapped out. Doing so would make a ransomware attack less crippling,
In most states, you’ll want to do everything you can to eliminate the need to visit a client on-site. Health authorities are recommending people to limit contact with others to avoid spreading the novel coronavirus.
Due to better bandwidth and smarter tools, Davis says MSPs can help remotely in terms of network maintenance and cybersecurity. If there is an actual hardware failure or computer forensics issues, then an on-site visit probably can’t be avoided. Still, with today’s tools, you should access an individual’s desktop, with permission, to solve problems remotely.
Due to better bandwidth and smarter tools, #MSPs can help remotely in terms of network maintenance and #CyberSecurity.
Beware coronavirus phishing attempts
Davis warns that as people are adjusting to remote work and company policies are shifting, that might create a vulnerability for hackers to exploit.
If someone calls claiming to be from the IT department asking for credentials or passwords, make sure employees don’t fall for it. MSPs with a remote clients need to make sure that employees are practice the same cyber-hygiene at home that they do at work. That means being extra alert for phishing attempts by phone or email.
Make sure meeting software is current
Many companies are now using Webex or Zoom for virtual meetings. Make sure clients are using updated versions.
“If someone installed Zoom two years and now are going to open it up again, there are vulnerabilities a person might not be aware of,” explains Davis. The vulnerabilities are fixed in newer versions, so make sure programs are up-to-date.
If you are having trouble getting your bearings in this strange new world you suddenly find yourself in, take heart in knowing that you aren’t alone. You may have to make up some rules as you go along. Just ensure that you’re keeping your client first and doing the best you can.
“We are kind of all on our heels at this point, because we’ve never experienced this before,” admits Davis. He adds that there may be a silver lining to this: if there is ever a situation that occurs again that pushes people out of the office, most companies will be better prepared.
“A lot of companies will put a plan in place for if we ever have to do this again,” predicts Davis.
Photo: Vitalii Matokha / Shutterstock