Data security in the ‘Work-from-home’ environment

2020 threw a lot of challenges at the world. One of them, from the business perspective, that overshadowed the others was cybersecurity. How to ensure data safety and security in an environment where businesses can’t really control what employees do even during work hours? With the world almost a year into the pandemic, new best practices emerged that will be in use not just during the pandemic, but probably also in the future, post-pandemic era. Because the trend of working from home now seems to be here to stay. This blog will discuss some best practices for data security that can be deployed when working remotely.

  • If you can provide your employees with a computer that they will solely access for work, then that solves the majority of the issues. When employees use their own devices for accessing work data, the risk of a security breach is higher as businesses don’t have any control over staff’s personal devices. Your employee’s computer may have security loopholes such as pending updates and security patches or unauthorized software programs. If, instead, it is a company device, you can install control mechanisms that limit what your employees can do with the device. You can impose firewall restrictions, make it a part of your intranet and also monitor employee activities freely.
  • If you are allowing employees to use their personal devices for work purposes, you can encourage them to keep their device safe by alerting them about software updates, security patches and offering to install the latest version of antimalware software for their devices. This is a win-win situation for you and your employees, as you get to keep your data safe, while they get to keep their device and personal data secure.

In either case, you need to educate your employees on the basics of data security. These include password hygiene, identifying phishing attempts, attachment hygiene, etc.

Don’t forget the cloud! The cloud can help you keep your data safe and secure even in the remote working environment by adding layers of data security and eliminating storage of data on local hard drives and removable storage devices. Contact a cloud service provider today to learn more!

How the cloud is a solid survival tool for your business during a crisis

One thing the Coronavirus pandemic taught businesses is the fact that it is important to move with the times and adopt and adapt to the latest technology. While you don’t have to be the first one in the market to invest in the newest technology, once its effectiveness and usefulness is proven, it does make sense to switch to it. Here’s how the cloud allowed businesses to overcome the challenges posed by having to suddenly switch to the remote operations model.

Challenge-1: Access to critical data and applications

This could have been easily resolved by migrating to the cloud. The cloud offers unparalleled connectivity to your data—from anywhere and at any time, with any internet-enabled device.

Challenge-2: Data safety, cybersecurity concerns

The cloud provides solutions to data safety and cybersecurity challenges as well, as data stored in the cloud is naturally much safer and difficult to break into than data stored on your employee’s home computer. The cloud offers multiple layers of security, including some from your cloud service provider.

Challenge-3: Data loss

With the cloud, businesses wouldn’t have to worry about losing data, as it wouldn’t be stored on their employee’s personal computer, but at a centralized location in the cloud.

Challenge-4: Hardware issues

The cloud rendered any hardware issues non-existent, as the employee’s personal devices were just gateways to access their work stored in the Cloud. They needed devices that met the basic specifications, and the rest of the work was happening online, without additional load on personal devices.

Challenge-5: Phones

Businesses that had adopted the VoIP (Voice Over Internet Protocol) were able to overcome this challenge easily. VoIP allows you to communicate by sending voice as data packets using the internet. The VoIP system is primarily software-based and can be accessed from anywhere, using an application that your VoIP provider offers. (Physical instruments are optional). This meant, companies with VoIP systems could keep their office phone numbers responsive even when their staff were working from home.

While these technologies can help a great deal to maintain business continuity, you will need the assistance of a reputable MSP to deploy them and also to ensure they are functioning as they are supposed to. Plus, there are always other security concerns that crop up in a remote working environment when you can’t monitor your staff’s IT activities. Your MSP will be able to offer solutions and control mechanisms that can help put those concerns to rest.

Tech agility: A must-have for crisis survival

It is a known fact that survival of any species depends on its ability to adapt to change. One major change for businesses in 2020 was the need to switch to the work-from-home model to keep things running during the time of pandemic. When countries all over the world started imposing lockdown restrictions, companies had no choice but to switch to remote operations if their line of business allowed them to do so. This blog post discusses the key challenges faced by businesses that had failed to adopt the latest technology on time.

Access to critical data and applications

For businesses that didn’t store their key data and applications in the cloud, this was a huge challenge. How do you ensure each of your employees have access to all the business data, programs and apps they need to operate efficiently? Companies that had already adopted the cloud as their core data storage means they didn’t face this challenge: everything was cloud-based and accessible from anywhere, using any internet enabled device (laptops/PCs/tablets/smartphones, etc., )

Cybersecurity concerns

With employees working from home, businesses’ fears of cybersecurity incidents were increased. Cybercriminals, on the other hand, knew full well all the security lacunae that existed in a hurried remote working environment setup and exploited them to the fullest. Industry reports showed that the initial few months of the pandemic saw an increase in cybercrime and related attacks on businesses.

Data loss

For businesses that didn’t operate in the cloud, data loss was another angle to look into. How do you ensure data backup and recovery when your staff is using their personal devices for work? Also, how to ensure they are taking all the precautions necessary to keep the data they are storing on their devices, safe?

Hardware issues

Some businesses provided their employees with work devices at home. For example, employees in some companies were allowed to take their office computers home for work use. But, that still didn’t solve the backup and recovery or cybersecurity challenges entirely, because the management still lacked ways to maintain control over the devices.

Phones

With employees working from home, it was a challenge for many businesses to manage their phone numbers–especially for client facing employees. Businesses with VoIP phone systems could make this transition easily, whereas those still relying on the traditional phone setup had to resort to cell phones and couldn’t use their business numbers for a while.

Key lesson: Move with the times, adopt new technologies, adapt to newer ways of working

What the COVID-19 crisis taught us about the cloud and business continuity

The COVID-19 pandemic has changed life as we know it, in many ways. While its impact on our day-to-day lives has been huge, the impact has been even more severe from a business perspective. The social distancing norms, staggered operating hours so as to limit crowds, the masks, shields, barriers, and what-not! From the business continuity perspective, companies have had to adapt themselves to the new normal very quickly.

During this global crisis, one technology that truly came to the rescue of business big and small was the cloud. The cloud made it possible for businesses to keep their operations running even with staff working remotely. With all critical data stored online, all that was needed was a compatible device with an internet connection and it was business as usual…well, almost.

Here are some core business challenges that were resolved due to the cloud.

  • Access to core business data and software programs that were needed for smoothd day-to-day operations
  • Data security concerns, though not entirely non-existent due to the use of personal devices, were largely taken care of, thanks to multiple layers of security offered by the cloud service providers
  • There were no “hardware hassles”…companies that were already on the cloud didn’t have to worry about the logistics of providing office computers to their employees working from home. With all the data stored online, they could use their home computers or tablets to get the work done.

Earlier what was perceived as an advantage for employees (the permission to work from home) was now mandatory for survival of the business. Even businesses that allowed employees to operate from home before the pandemic had a tough time migrating their entire setup to the work-from-home model.

What’s your argument against an SLA with an MSP? (And why it doesn’t hold water) Part-2

In our last blog post, we discussed 3 reasons SMBs usually cite for not signing a service level agreement with an MSP. In this blog post, we suggest how an SLA with an MSP will add value to your business, irrespective of your business size, budget and the presence of an in-house IT team.

Reason#1: Our IT requirements are limited

IT is not a one-time thing where you can follow a set-it-and-forget-it approach. Want this to run smoothly? IT needs regular maintenance– a service level agreement with an MSP is the answer. Regular data backups, timely security patch application, software updates, etc, are all important and won’t happen unless you have a dedicated resource working on them. Plus, there’s the issue of network latency. Services like periodic network monitoring offered by MSPs ensure that any latency issues are identified and taken care of before they result in a major system failure.

Reason#2: We are tight on budget

Agreed that SMBs may not have the kind of revenue inflow as expected in large organizations, but that’s no reason to skimp on your IT requirements. Skimping on IT needs and diverting the funds elsewhere may sound tempting, especially when your IT infrastructure is running great, but this can cost you a lot more in the event something goes wrong. Let’s take a look at a malware attack scenario, for example. If you don’t have an SLA in place, you are most likely to reach out to an IT expert or MSP on a transactional basis. It will not only result in a sky-high bill, but also, there’s no guarantee that you will be immediately attended to: customers with SLAs get preference over transactional ones in the event of an emergency. Plus, every minute your IT infrastructure is down, you are losing potential revenue–through online or even offline sales. In the event of a data leak or a compromise in customer/vendor data due to the malware attack, you are liable for penalties and may be even sued by your clients. So, saving a few bucks here and there by cutting back on IT expenses can prove much more expensive later.

Reason#3: We have our in-house IT person/team

So, you have in-house IT personnel? Great! But there are ways in which an SLA with a managed service provider can still add value to you. This kind of setup is called the co-managed IT model. By bringing an MSP onboard when you have an in-house IT team, you B

  • Benefit from their expertise and enrich your in-house IT team’s knowledge
  • Enjoy flexibility in terms of meeting your IT needs as you can scale your IT up or down based on your business needs
  • Reduce payroll expenses incurred as result of hiring new IT staff in-house
  • Help your in-house IT team focus on more important tasks by outsourcing the mundane IT processes to the MSP
  • Get an extra hand to assist your in-house IT personnel in the event of a major IT issue
  • Have 24/7 IT support, something that may not be viable with a small in-house IT team

Having a service level agreement with a managed service provider adds value to businesses under all circumstances, and should be considered an essential, not an option.

What’s your argument against an SLA with an MSP? (And why it doesn’t hold water) Part-1

Managed IT services are becoming more popular by the day. Businesses, big and small, are bringing managed service providers onboard to handle their IT requirements. The bigger IT players like IBM, Accenture, CISCO act as MSPs to larger organizations, while the typical managed service provider is often hired by SMBs. However, there’s a question that crops up time and again–Do SMBs really need an MSP? SMBs are sometimes in two minds when it comes to bringing an MSP on board and typically use one of the following justifications.

Our IT requirements are limited

A lot of businesses in the small to mid-size range believe that their IT needs don’t warrant a full-time service level agreement with an MSP. They believe the only times they need to invest in IT is at the start of their business or when rolling out new technology. As a result, they don’t see much value in signing a service level agreement with an MSP.

We are tight on budget

SMBs also tend to cut on the IT budget and invest those funds elsewhere–generally in areas where they see tangible results, such as hiring new customer-facing staff or a new advertising campaign. So, when SMBs find themselves a little tight on the budget, the IT department sees the cut.

We have our in-house IT person/team

Businesses with an in-house IT expert or even a small in-house IT team feel that is sufficient for handling any IT needs and an SLA is just an added expenditure.

So, did your reason make it to the list? Stay tuned for our next blog post, where we will discuss how an SLA with a managed service provider can add value to your business.

Equip your business with the IT foundation it needs to compete and win

In a recent industry survey, it was found that one of the biggest factors holding back small and mid-sized firms from achieving their business goals was IT. One may argue that smaller businesses lack the capital that the bigger players have to invest in their business, but even with all other aspects being more or less equal, the difference brought about by their lack of investment in IT was found to be a key differentiating factor–far more than other elements such as marketing, human resources and even industry expertise.

There’s no denying that IT plays an important role in keeping any business running. Ignoring your IT infrastructure can prove disastrous, but maintaining an in-house IT team to take care of it can be expensive–especially for SMBs. By outsourcing IT to a trusted MSP, businesses can benefit from significant cost savings that arise from not having to hire an entire IT team in-house.

The second instance where having an Service level agreement (SLA) with an MSP helps is where you don’t have an in-house IT team. Calling on an IT service provider when there is a crisis or a there is a one-off event may mean significant surcharges

When businesses have SLAs, the MSP will be regularly monitoring their IT infrastructure. A typical service agreement will cover regular backups, periodic network monitoring for latency issues, timely security updates and patch application, etc., This means the chances of severe IT issues will be drastically reduced. Most of the time, the problem can be identified much sooner before it becomes a full-blown issue. And, in the event of an IT emergency, a client having a service agreement will be prioritized by the MSP. One time emergency requests fall to the end of the line.

Irrespective of the size of business, MSPs can add tremendous value by bringing scalability, flexibility and innovation to the standard IT set-up and help build the IT foundation it needs to compete effectively and efficiently in the industry.

Transitioning from average to best-in-class with IT

Many small or mid-sized businesses don’t focus much on IT as they should. For a lot of them, the focus is on customers, ensuring they have enough staff to meet their client needs, expanding their business and driving revenue by selling. IT comes into the picture initially when the business is being set up. Once they have their IT infrastructure up and running, it tends to take a backseat. The typical mid-sized or small business owner seems to prefer the firefighting approach to IT–meaning, they reach out to an IT service provider only when they have an IT problem.

Interestingly, this is the key difference between the average SMB and best-in-class SMBs. The best-in-class SMBs tend to adopt a more proactive approach towards IT. They either have an in-house IT team or sign-up with a Managed Services Provider to take care of their IT needs on a regular basis. In contrast to the average SMB, the best-in-class almost always has a Service Level Agreement (SLA) with a reputed MSP.

Businesses that have service contracts with MSPs have access to the latest technology. The IT industry is constantly evolving and managed service providers are well aware of the changes. They know it first when a new technology is gaining widespread adoption across various industry verticals and can advise their clients accordingly. On the other hand, the in-house IT team may be too busy handling the day-to-day IT requirements to be able to focus on new technology and the various ways in which it can be applied to benefit the business. This specialized focus of MSPs also makes them a great asset to have on board when implementing new technologies or deploying new IT projects within the business.

Having a dedicated MSP-partner to take care of all IT needs helps businesses give 100% to other areas that help the business grow. With IT issues off their shoulders, management can focus more on clients, brand and market expansion.

Cyber hygiene: The key to your business’s good cyber health

We all know that basic hygiene is a must to lead a healthy life. Did you know that the same rule applies to IT as well? There’s something known as cyber hygiene that plays a key role in keeping your business healthy from the IT perspective. So, how do you ensure your business doesn’t fail when it comes to cyber hygiene? Here are a few tips.

Follow industry benchmarks and standards
Remember that if an IT practice has gained industry-wide recognition and adoption, it is because it certainly offers some benefits. Protocols like the HTTPS implementation, SSL security certificates, CIS Benchmark, etc., are examples of industry standards that you must follow to maintain good cyber hygiene. Following these standards enhance your cybersecurity quotient and also play a positive role in helping you win your customer’s trust.

Stronger IT administration
The role of an IT administrator is very critical in any organization. IT administration involves exercising control over most of the IT activities with a view to ensure the security of your IT environment is never compromised. Make sure your IT admin rules and policies are clearly formulated and covers everything including-

 
  • Clear definition of user roles
  • Permission levels for each user role
  • Restrictions regarding download/installation of new software
  • Rules regarding external storage devices
IT Audits
Conduct regular IT audits to spot vulnerabilities and gaps that may threaten the security of your IT infrastructure. During the IT audits pay special attention to-
 
  • Outdated software or hardware that is still in use
  • Pending software updates that make an otherwise secure software vulnerable
Fix what you can and get rid of what is too outdated to be made safe.

Password policy adherence
When it comes to cyber hygiene, passwords are the weakest link as often, people compromise on the password policy for convenience’s sake. Here are a few things to look into at the time of your IT audit to ensure your password policy is being adhered to.

 
  • Check if passwords are strong enough and follow the standards set for secure passwords
  • Discourage password repetition or sharing
  • Ensure multi-factor authentication, where apart from the password, there is at least one more credential, such as a secret question, a one-time password (OTP) sent to the user’s mobile phone, or a physical token or QR code, to verify and approve data access
Ensure basic security mechanisms are in place
As a part of your cyber hygiene check, ensure you have all the basic security mechanisms in place. These include
 
  • Anti-malware software programs
  • Firewalls
  • Data encryption tools
  • Physical security and access control tools like biometric access

Pay attention to what happens with obsolete data
How do you get rid of data you no longer need? Even though old data may not be of any use to you from the business perspective, a breach of that data can still hurt you legally. Ensure you get rid of old data safely. It is a good practice to deploy data wiping software and also create policies for the safe destruction of physical copies via shredding or other methods.

Strong cyber hygiene practices can keep your data safe from cybercriminals lurking out there. However, consistently following up and ensuring these best practices are being adhered to, can be taxing on your internal IT team. It may be a good idea to bring an MSP on board who is well versed in cybersecurity to assist you with cyber hygiene.

Free Internet Access? Don’t fall for this one

One of the popular internet scams that has been doing the rounds since 2017 is the one about “Free Internet”. This scam seems to resurface and somehow manages to claim quite a few unsuspecting victims. Here’s how they catch you.
 
  • Ads are created on Google, Facebook, popular search engines and social media platforms advertising free internet hours.
  • The ads look professional and show up on general searches and on social media when surfing. This offers a sense of validity.
  • Once you click on the ad, you will be taken to their website, where you will be asked to perform an action, such as
    1. Filling out a form with your Personally Identifiable Information (PII)
    2. Sharing your credit card information, and though you will be promised that your card won’t be charged, you may end up signing up for something or subscribing to a service for which your card will be charged later.
    3. Sharing a few email IDs or phone numbers–basically contacts with whom you will be asked to share the message in return for free internet service.

How to stay safe?
As always, remember no one offers something for free. Whether it is free internet access or tickets to a concert, if it is something of value, then you will be expected to provide some value in return. Steer clear of offers that seem too good to be true. If you receive a message from someone you know and trust, please let them know that their link may be a problem. No matter what, don’t open a link from anyone if you aren’t entirely sure the links are valid.