Millions of workers worldwide are now finding themselves employed remotely. They are trying to keep the gears of earth’s economy turning, even as the COVID-19 causes many industries to halt.
Working from home has created unfamiliar terrain for many people unaccustomed to doing so, but hackers — who are continuing their activities unabated — may see this time of uncertainty as an opportunity. That’s why you and your clients need to be on guard.
MSPs have a crucial role to play during this crisis
Networks will need to be maintained and security needs to be beefed up more than ever. MSPs also have challenges, because your own workforce may be working remotely while managing clients whose employees have scattered in hundreds of different directions.
For clients and MSPs, the line between work and home blurs when working out of the “home office.” There are all sorts of small, inconsequential decisions when working from home that may have significant ramifications. Choosing to wear your most casual attire when working from home might not seem like a threat, but it’s the mindset comes with it that creates the danger.
“It all comes down to psychology and human behavior,” stresses Chuck Davis, a cybersecurity executive and instructor at the University of Denver.
Coronavirus has sent millions of people into their homes to work. With that, the line between office and home has been blurred. MSPs need to make sure that line isn’t blurred, either where you are working from, or your clients.
There’s a tendency to let one’s guard down when children are fighting over a toy in the next room, the dog wants out, or the smell of beef stew wafts through the room. Add to that a spread-out workforce, and all the ingredients are ripe for a successful spear phishing campaign.
“I could see someone falling for something in this environment that they wouldn’t normally fall for at work,” predicts Davis. These attempts could be very targeted. In this new work-from-home environment, a call from someone purporting to be in human resources or accounting asking for a login or credentials might well be responded to, when it’d be flagged in the typical office environment.
MSPs need to send out guidance to clients about best practices when working from home, from workspace and dress issues to hardware and VPN intricacies. All these seemingly disparate parts have to work together to create a safe and secure home-office environment because the security threats go beyond phishing vulnerability.
Remind clients about these vulnerabilities
Printers: This isn’t a cybersecurity issue as much as it a general security issue that is easy to overlook. Working from home may require one to use their own printer to obtain hard copies of documents. Make sure people aren’t printing sensitive company projects or financial data and leaving it strewn around the house.
Someone may think that only their cat will see the data, but laws like HIPAA mandate security, even off-site. Employees need a plan to destroy documents in an approved way when dealing with sensitive data.
Personal devices: With more employees working from home, the temptation to use one’s Gmail account or phone’s text messaging to communicate with coworkers is going hard for many to resist. “By communicating within your company’s established framework, you have more cybersecurity protections but also legal protection. Just imagine the fall-out if credit card numbers or PHI were compromised because you were sloppy,” warns Bianca Turner, a cybersecurity consultant in St. Petersburg, Florida. She tells Smarter MSP that MSPs need to work with companies to make sure their email and messaging systems remain encrypted and secure for employees working in their homes.
Google docs: This is less a cybersecurity issue and more of a privacy issue. Undoubtedly, the surge in remote working will cause Google’s convenient cloud-based document collaboration to be used even more. Teams can work remotely on a text-based project quickly and seamlessly using Google Docs.
But beware of the program’s link sharing features, which, if not monitored, can result in a privacy train wreck. Unless you are sending out a press release or some other public document, there’s no reason to have it turned on. You may end up sharing proprietary company data with a far wider audience than intended if you have link sharing enabled.
If someone doesn’t want to create a Gmail account (it takes about 30 seconds to do so), then you’re better off just sending someone a document attachment and sharing back and forth. You’ll lose the Google Doc features, but the trade-off is privacy.
In addition to Google Docs link sharing vulnerabilities, never get too complacent on Google Docs. Google is scanning anything you create and then they use the data obtained to serve you ads or beef up their algorithms.
Smarter MSP will continue to provide tips and insights into the sudden jolt of work-from-home for MSPs and businesses. Meanwhile, employees across the ecosystem need to view their home space as office space and organize it accordingly.
“Try to have a designated work area where you do work. You don’t want your whole house to become an extension of the office. Doing this helps maintain separation and balance between work life and home life,” advises Brian Alcorn, an IT specialist in Cincinnati. It can also tip the balance between creating a cybersecurity cesspool and a secure, safe environment.
Photo: Dean Drobot / Shutterstock