403Tech’s Scott Gallupe Talks Remote Cybersecurity With Business In Calgary

403Tech’s Scott Gallupe Talks Remote Cybersecurity With Business In Calgary

A recent issue of Business in Calgary featured 403Tech President Scott Gallupe, who offered insight as to how local businesses can protect their IT systems from cybersecurity threats while working remotely.

The remote work model offers a number of benefits that you’ve likely taken notice of over the course of the pandemic. Remote workers have seen the benefits as well:

• 77% of remote employees say they’re more productive when working from home
• 76% of employees prefer to avoid their office completely when they need to concentrate on a project
• 98% of remote workers want to continue to work remotely (at least some of the time) for the rest of their careers

However, for all the ways remote work is beneficial to both the organization and end-users, it’s not without its challenges — especially cybersecurity. 36% of organizations have dealt with a security incident due to an unsecured remote worker.

According to Morphisec’s Work-from-Home Employee Cybersecurity Threat Index, 20% of workers said their IT team had not provided any tips as they shifted to working from home. Is that the case for your remote workers?

The State Of Remote Work Cybersecurity

Our very own President Scott Galupe was recently featured in a Business In Calgary article which explored the intersection of remote work and cybersecurity. The issue is that, as the use of video conferencing and file sharing solutions has ballooned with the global shift to remote work, there hasn’t been an equal adoption of remote cybersecurity solutions and processes.

“In the COVID world, where we are finding a lot of issues, people are moving away from their work, which has the necessary firewalls, and are now working from home on computers that might not offer that same level of security,” said Scott in the article.

The result is a major gap in cybersecurity. Those working from home may inadvertently put their organizations at risk.

For example, at its height, Zoom logged more than 300 million daily participants in a given month. At the same time, as many as 500,000 Zoom passwords were posted for sale on the dark web in April 2020.

What Are Cybercriminals Targeting Video Conferences?

As Scott noted, cybercriminals aren’t always interested in “zoombombing” or harassing professional meetings. More often, they may simply eavesdrop and try to gain information that will allow them to access other parts of the virtual workspace.

“The goal isn’t necessarily to hack into your call to gain information through that platform. It’s to piggyback onto another platform that you might use,” said Scott in the article. “Maybe you’re sharing similar credentials with your server account or your email? Once they’re in, that’s the scary part.”

If you don’t have a properly secured meeting, or if there are so many in attendance that you wouldn’t notice an additional member, then it’s rather easy for cybercriminals to sneak in. That’s why it’s so important to have the right security solutions and processes in place.

Organizations Need To Secure Their Remote Workers

The fact is that, when the COVID-19 crisis hit, it hit fast. Despite what, in retrospect, may have seemed like a gradual build-up, it was virtually over the course of a single weekend in March that businesses across the US had to pivot to a remote work model.

Obviously, the first priority was maintaining business continuity. Businesses needed to make sure their newly remote workers had the technology and the remote access necessary to do their work.

But the process doesn’t end there — security is a complicated undertaking for remote work models, and needs ongoing attention. Continuing with a remote work model, whether entirely or in part, will require:

• Enhancing security measures
• Providing the right hardware for users working permanently from home
• Implementing more permanent file-sharing and collaboration tools

How Can You Secure Your Remote Staff Members?

• Two-Factor Authentication: Two-factor authentication is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re able to make sure that the person using the login credentials is actually who they say they are. However, this isn’t just for websites and common user accounts — 2FA should also be enabled for VPN and Remote Desktops.
• Conditional Access: Conditional Access software gives you the ability to enforce controls on the access to apps in your environment, all based on specific conditions and managed from a central location. It’s an extra layer of security that makes sure only the right people, under the right conditions, have access to business data.
• Data Loss Prevention (DLP): A DLP policy tracks sensitive data and where it’s stored, determines who has the authorization to access it, and prevents the accidental sharing of sensitive information.
• Email Security: Did you know that 96% of phishing attacks and 49% of malware attacks originate as emails? That’s why you should have a powerful email spam and content filter protecting your organization’s inboxes. The right filter will defend against phishing, blatant malware threats, and that don’t involve malware, including impostor emails and business email compromise (BEC).
• Backups: Given that many businesses are using cloud-based platforms today, users often assume that their data is automatically backed up to a secure off-site location. But is that really the case? Reliable backup capability requires additional support. The key is in finding the right third-party backup solution to support your cloud-based accounts. By adding data backup capabilities, you can make sure all your bases are covered.
• VPN: When you use a virtual private network (VPN), your data is encrypted, or hidden, as it moves from your device to the VPN and then continues onto the Internet. That makes it harder for an attacker to identify you as the source of the data.
• Endpoint Protection: EDR is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. This is a vital service that protects endpoints like laptops, desktops, smartphones, tablets, servers, and virtual environments. Endpoint protection may also include antivirus and antimalware, web filtering, and more.

Need Expert Guidance In Managing A Successful And Secure Remote Workforce?

If you plan to continue with remote work in one way or another, you may need to change your model of IT support — as you and the other c-level executives at your business have likely discovered since the start of the pandemic, your ability to work remotely and securely depends directly on your IT support.

Discover how 403Tech protects businesses from cybersecurity risks by visiting their website or calling (403) 215-7506.