Security and remote working: fighting the other pandemic

Oct 13, 2020
  • IT
  • Microsoft

If 2020 has taught us anything, it’s that disaster can strike at any time, with devastating consequences. That’s true for respiratory viruses – but also for data breaches and cyberattacks. Now that remote working has become the norm in many organizations, it’s time to put cybersecurity front and center. 

Over the last couple of months, many companies have had to deal with the new reality of remote working, while also safeguarding productivity and meeting employees’ needs. All of a sudden, cloud solutions – and their scalability and accessibility – became essential for workers to be able to access company data from their own home computers, tablets and smartphones. But what does this mean for security? 

The dangers of increased accessibility

Cloud solutions allow you to access resources from nearly anywhere in the world using any device. However, this also means that anyone can try to access it. A study from 2017 by the Clark School from the University of Maryland shows that computer systems with active internet connections are attacked by hackers every 39 seconds on average. One little mistake, like opening up a management port, can be an entry point for hackers to gain access to your systems. It doesn’t take long before they notice the holes and exploit the opportunity – which happens quite often. Needless to say, it’s important to have a good overview of the devices and users who are connecting to your cloud solutions. 

Changing your security approach

All of this begs the question: are the devices that employees are using to work from home sufficiently protected to withstand this constant onslaught? Personal devices are, almost by definition, outside of the control of the company’s IT department. As a result, they often lack necessary security updates and are more prone to being hacked. A hacked device will likely compromise accounts – both personal and company accounts. 

This means we need to change our security approach. Traditional security solutions offer safety because they shield information systems from the outside world through VPN tunnels and firewalls. Unfortunately, in this new world where we work in the cloud almost 24/7, this is no longer enough. It’s necessary to protect data and user accounts outside the IT perimeter of the office as well. 

Exchanging quick wins

It’s also important to realize that cloud solutions like Office 365 do not automatically protect you. Much depends on the type of license you’re using. Sometimes, a simple switch suffices to adequately shield your data from the most common attacks, like phishing and malware.

Many companies don’t see the value of cloud security (yet), or maybe they’re not fully aware of the risks. Yet, did you know that Microsoft will start blocking legacy authentications for Exchange Online in the second half of 2021? The traditional protocols used to connect your mailbox server to an email client – like IMAP and Pop3 – will be blocked, since they don’t offer the necessary support for security and multi-factor authentication. This change will have a huge impact on your users – and on the security of your organization. 

While changes like these require expert intervention, there’s a lot companies can do themselves to improve security that’s relatively easy, including:

  • Checking if you’re using all the security options in your licenses to the best of their abilities. 
  • Raising security awareness throughout the company. After all, no security measures are ever 100% airtight. And as phishing campaigns get more sophisticated, it’s becoming increasingly likely that at least someone in your organization will fall for them. 
  • Patching your systems as much as possible. Every month new vulnerabilities are detected that can be solved by just updating your systems. 60% of breaches in 2019 involved unpatched vulnerabilities.
  • Taking care of your admin accounts. Separate normal user tasks from admin tasks by creating admin-only accounts. When it comes to administrative tasks, never allow cybercriminals to take advantage of human error. Keep admin tasks separate, take the user account offline, and enforce strict policies.
  • Changing your mindset and embracing cloud security solutions. We use cloud technology to do our work. We need cloud technology to protect it. The machine learning and automation capabilities of those solutions will reduce your efforts.

Security as second nature

The best way to uncover the weak spots in your organization’s security is through an external assessment. Security experts can track how many hacking and phishing attempts your organization is dealing with. This gives them a clear view of the threats you’re facing, making it easier to identify and implement the right security solution. 

At delaware, for example, we actively check our clients’ cloud environments for weak spots via a security assessment. Moreover, we are experienced in all types of implementations, from device management and multi-factor authentication to advanced detections, threat prevention and e-mail and information protection. At the same time, we put a lot of effort into making cybersecurity second nature throughout all levels of your organization via training sessions and workshops. 

Learn more about our security & compliance offering in the delaware store.