26
N EW HAM PSH I R E B USI N ESS R EVI EW
●
N H B R.C O M
ASK THE EXPERTS: DATA SECURITY
Work-at-home world faces increased data security risks Protect your business and workers from hackers, data loss and scams
When Governor Chris Sununu passed the stay-at-home executive order, the world went home to work. Starting that day, data security became more complicated. NH Business Review reached out to data security experts to learn where risk exists, and how to best protect your company’s sensitive information.
Our experts: Mark Benton, Director, Product Management, Systems Engineering. systemsengineering.com ING, PERSONAL FINANCE, ENERGY and Founder of Matt Mercier, President ONS, THEAcapella LATEST, ABOUT TOWN Technologies . acapella.com
ISM, NEWS, CHARITABLE GIVING, MORE ONLINE RD
MARK BENTON, SYSTEMS ENGINEERING
n What are some of the issues/mistakes you’ve seen businesses make with regard to their data security, as we’ve all been working remotely?
Benton: “The biggest mistake is not knowing who is accessing their business network. As we’ve seen in the headlines, cyber-intelligence companies frequently find stolen credentials (usernames and passwords) on the dark web. It is no longer
enough to allow employees to use credentials alone without a second authentication method, especially when accessing critical business apps with sensitive data. Businesses can address this by adding multi-factor authentication, or MFA. This solution makes it almost impossible for cybercriminals, with a set of stolen credentials, to gain access to a network. MFA requires an extra layer of authentication, such as entering a one-time pin number or facial recognition in addition to credentials. This process ensures the person accessing your network is who they say they are.”
n What are some security issues that people generally don’t know about?
Benton: “‘Shadow IT’ comes to mind. This term describes those applications and devices employees use for work but are not managed by the IT organization. Examples of some free or freemium shadow IT services are Google Docs, Dropbox and Zoom. Shadow IT has become more pervasive as a result of the work-from-home shift. The risk lies in sharing or storing business files within these shadow IT apps and devices. When this happens, the organization loses control of data and exposes itself to a breach. Word to the wise, don’t be too hard
on your staff. Most employees use shadow IT with the good intention of getting their work done. However, organizations need policies that set clear expectations around using office technologies and data. Such policies can significantly reduce the risks brought on by shadow IT. Not to sound like a broken record here, but multi-factor authentication is one security tool that many organizations have not fully adopted. This solution has come a long way in the last few years, and some may still view it as an expensive and cumbersome tool. Today, MFA is a costeffective solution that gives a business the most bang for its security buck. With so many businesses now living in or moving to the cloud, this is an absolute must-have. It is proven to prevent 99% of attacks via compromised credentials.”
n Are home routers and is residential Wi-Fi secure enough, and what can you do to improve that issue?
Benton:“That depends. Has the employee periodically changed their password and implemented the latest security updates? What does the rest of their environment look like? Are there other smart devices in the home – like thermostats or light bulbs – connected to the network? These factors all affect the security of a network and are challenging to manage and control. When working from home, you need to help the employee work as securely as possible. If it’s a personal computer being used for work, have them connect over some form of virtual desktop service. This service isolates the work experience from the home PC. In this scenario, employees should not store company data on their personal computers. It’s best to access the files in the cloud using a company-owned and managed solution like Microsoft Office 365. The best scenario and experience for your employees is to provide them with computers owned and managed by the company. ‘Managed’ means the device identity is known, regular security updates are applied, and anti-virus is up to date and running. In addition, the computer should have full disk encryption and be enrolled in a mobile device management solution.”
n What advice would you give a company whose employees are working remotely right now?
Call (603) 374-7712 for a Complimentary Technology Assessment
Benton: “Review your Information Security and Acceptable Use Policies and update them accordingly. If you don’t have these, I recommend you get them done now. These policies give employees clear expectations of handling a business’s sensitive information and devices. These policies include guidance on which files they can share with external parties or to prohibit downloading the coolest looking app to a networked computer. Again, because I can’t stress this enough, in today’s work-from-home environment, deploy MFA and get it adopted company-wide.”
n What concerns, new developments or changes in data security are coming in the near future that people should know about?
Benton: “First, email continues to be the primary vector of attack. It is reported that 95% of all breaches start with a phishing email scam. The more communication and work you can do outside of email, the more secure you will be. Next, there are great collaboration solutions now available, such as Microsoft Teams or Cisco WebEx Teams. These solutions are bringing people together to work more collaboratively and securely. The ‘Team’ is an exclusive experience by default. With email, anyone who has, or can guess your email address, essentially has access to your inbox. In a ‘Team’ concept, you must be a member of the organization to create or join a team. External members can join a Team, but they must be invited in to take part. Lastly, another other development is the concept of Data Loss Prevention, or DLP. This solution has been available for a while but was only used by large organizations due to cost. DLP allows you to secure individual files so they cannot be accessed by unauthorized users, sent outside the organization, or tampered with once they are transmitted. This is a complex solution to put in place, but it helps avoid the misuse of company data. The good news is the cost for this solution is now in reach of most businesses.” Benton: “In summary, the above recommendations are part of what is called the modern workplace. Year-over-year the criminals advance their skills and tactics at exponential rates. This means businesses need to keep pace. Can you remember the last time you made a dramatic change to how your business works and secures itself? The Covid-19 response has forced most of us to make some dramatic adjustments. This is a good time to push ahead and keep transforming the way you do business. Adopting a modern workplace strategy moves your business forward with better security, better work processes, and a better work from home experience for your employees.”
MATT MERCIER, ACAPELLA TECHNOLOGIES n For businesses suddenly needing to “work from home,” what are the most urgent needs that businesses face, and what tools are available to help them/ their employees function remotely?
Mercier: “When it comes to an urgent need to work from home, it’s all about ensuring secure, reliable access to data, applications, and systems for employees. For an optimal configuration, they will need a range of tools - starting with a proper, up-to-date device that’s running a supported operating system. In addition, a VoIP business phone system to make and receive calls, virtual private network (VPN)
