Something many small and medium-sized businesses have discovered during the rapid shift to remote everything: There’s a lot to be gained by not relying on a physical space. It can save overhead, reduce travel expense and some
studies have found it has increased worker productivity (one found a 13% performance boost among at-home workers).1
As a result, many businesses are seriously considering tools and strategies to make the non-physical
workplace a permanent part of their businesses.
To succeed, this transformation of physical businesses will require new structures and processes, especially for smaller businesses that were not used to working remotely. Regardless of size, all companies now need to think about securing remote endpoints and IT resources. Employees need to be more vigilant than ever. Cyber attackers have made it clear they’re not taking any time off.
Many of us saw the additional security risks of the remote work explosion. Video data breaches represent only the visible fraction of other, less flamboyant, but more costly threats enabled by the new scale of endpoint devices in use. Just during the first quarter of 2020, COVID-19 opened up a floodgate of new data security threats, including:
– 159% increase in cybersecurity incidents from July 2019 through
June of 2020
– 2,266 instances of malicious activity including COVID-19 related attacks
– Multiple alerts released by the Australian Federal Police about the crisis2
And that’s only in Australia. Bad actors aren’t taking time off, so you, your IT teams and end users all need to be ready now for the increased security risks in this new age.
A Two Part Security Challenge: Volume and Security
Like so many other companies making the decision to shift to remote everything, your company’s first challenge was how to ensure unimpeded performance for your remote workers who are trying to access their tools and data—or just find a reliable internet connection.
Following close on this first issue is the question of security. Suddenly it’s the ultimate bring-your-own-device (BYOD) world. Every employee is now remote, and more focused on being productive than following your pesky security procedures. They’ll access the data they need however they can; often bypassing VPNs to access cloud services or grabbing hotspots wherever they can—secured or not. This do-it-yourself attitude can lead to risky activities beyond your control, such as employees downloading software on their own.
With everyone using whatever devices are handy—personal phones, home computers, even kids’ tablets (it has happened!)—the situation is especially perilous. One wrong click can instantly launch an attack that could jeopardise your entire business.
Given the limited capabilities of traditional perimeter firewall and VPN solutions to protect against these remote threats, companies need new security measures, new levels of expertise, and new technologies to protect their assets. And the good news is you can build on current measures to get there.
Get a Handle on Your Security Picture
If you haven’t had time to perform basic endpoint hygiene and connectivity performance checks on your computers and devices, better late than never. In addition to confirming all your laptops have the necessary endpoint protection configurations for all this new off-LAN activity, ensure your employees are following recommended security practices by asking these three important questions:
Have you reviewed and adjusted the security settings of your cloud tenant and internal network?
Have you made sure the security settings and measures for remote users are appropriate for current and foreseeable levels of usage?
Is your team proficient in all of the latest security threats or do they need help?
Make Remote Workers The Centre of Attention
Remote workers are now the core of your productivity. The devices they work on can no longer exist at the edge of your security planning; they are dead centre and must be treated as such starting now. All that mixing and matching of personal devices with company equipment demands different practices and elevated controls. That means much more than the basic antivirus and antispyware protection, including multi-factor authentication (MFA) and onboard endpoint detection and response (EDR) capabilities.
Not only should your remote workers be aware of these new measures, but the tools and safeguards you use to attain and remain at a new level of endpoint and data security should meet those needs. With the world rapidly—and permanently—changing, now is the time to enlist the help of a partner that has already worked out the best practices to face it. Without this critical help, you can’t be sure each endpoint requesting access to internal resources meets security policy requirements. You need the right tools to track and enforce policy on all devices and with employees everywhere, while delivering easy user onboarding and offboarding.
We can help.
Approach Your Business Like a Family
Security is people first – then technology
It doesn’t matter how advanced or iron-clad your security technology appears; if your people don’t understand and interact with it as a business value, you’re not protected. For 26 years, VITG has been leading local companies through more than the IT systems advances required for modern success; we’ve also been guiding the cultural and perception shifts needed with each new phase of the security environment.
Our EOS (or entrepreneurial operating system) puts the goals of the business, the employees, and the community at the centre of every strategy. We do this by embedding our experts with your teams. We internalise your business objectives and make recommendations for technology, operations and culture that best support your real goals. It’s a more holistic approach that learns what the business is first, then designs and recommends a solution that makes deeper sense.
Putting your business in the healthiest environment
Remote work revolution aside, companies no longer have $50,000 to pour into technology upgrades every few years just to keep up with threats. More than ever, your business relies on lean and efficient practices at every point—security included. That’s why Microsoft cloud solutions make so much sense. They’re the world-leader in innovation and efficiency.
As Microsoft Gold Partners, VITG brings the highest level of expertise and ingenuity to every client, every project, every task. So when we talk strategy or process or culture, you know we’re considering every angle: migration path affects business culture; revenue opportunities affect security considerations; IT workload affects business growth strategy. And it all connects to the tools you deploy to make them happen. We’ve found the Microsoft ecosystem to be the most robust for the health of businesses.
Three Ways to Enhance Security Now
1: Phishing: be the one that got away
Social engineering has always been a successful vector for malicious actors. But now with more employees working on their own, the bad guys have more targets of opportunity. With cloud providers hardening their security more than ever, phishing for credentials and spoofable material is becoming a path of least resistance. Once they have convinced a user to give up their sign-in information, hackers can accurately spoof the emails of internal users. The user receives an internal email, clicks on the link and that’s it. The links lead to websites that look very real.
For example, they might mimic the Microsoft Office 365 sign-in page. When a user enters credentials on this site to sign in, the bad actor then has access to your environment for further attacks.
Phishing is successful because even with the proper training, anyone can be fooled. So training must be regularly performed and reinforced through simulated activities—just like fire drills—to remind users to be skeptical of
any email they receive.
If a single phishing attack gets through, it can cost your organisation hundreds of thousands of dollars, and a reputation damaged beyond repair. Just look at the news in the last several years. For training that’s unmatched, Attack Simulator for Office 365 uses the Microsoft Intelligent Security Graph. It’s constantly learning from global signals received from one of the largest telemetry systems on the planet. For example, Microsoft Office 365 scans
400 billion emails every month and finds a large number of malicious spear-phishing emails.
The Attack Simulator carefully crafts simulated spear-phishing emails based on this real data, ensuring the most realistic attack experience for your user population. It then tracks and reports on user responses to the simulated email security events, providing invaluable data on how to better secure the organisation.
2. Watch out for the well intentioned ‘Shadow It’
As we’ve said, the new remote world of work is full of bright end users. They’re bound to think they have better tools than those your IT department authorises. And they will use them. Sometimes a tool can go internally viral, becoming the app-of-choice before IT can stop it, or even become aware of their existence. Though your users see these as smart and cool new solutions, and see themselves as taking initiative to deploy them, they’re dangerous to your data security and can obviously become the source of network breaches. We can help you through our managed security service to continuously monitor for these unsanctioned applications and the “shadow IT” they engender.
3. Keep your defenses strong
We can help. Your known tools can help protect you from unknown new threats—if you know how to use them. Our team of security experts will help ensure that your company’s critical data protection is innovative enough to stay ahead of the threat environment with tactics that include:
– Security alert monitoring of Office 365 with Security Score
– Baiting and trapping of threats using honey pots
– Setup of antivirus active threat monitoring and mitigation
– App installation monitoring to prevent “shadow IT” behaviors with Device Guard
– User data classification setup
– Simulations of email phishing attacks raising awareness
– Simulated password spray and brute force password attacks to better secure credentials
Take a Closer Look at Your Security
Our cyber security team operate across across Melbourne, Sydney and Brisbane.. Our get in touch with with them today to gain a new perspective on your security position.
1 “Remote Working: The New Normal?” Casey Rue, Forbes, May 20, 2020.
2 “CSC Annual Cyber Threat Report July 2019 to June 2020,” Released by Australian Cyber Security Centre,
Australian Signals Directorate, Australian Federal Police, and Australian Criminal Intelligence Commission.