MSP Summer Security Report Card: Getting Back to ‘Normal’
Here’s how MSPs can create a safe and secure re-entry as clients work to get back to normal.
June 29, 2021
Sponsored by Kaseya
As vaccination rates increase and the COVID-19 pandemic begins to quiet in some parts of the world, businesses face an entirely new set of challenges: getting back to normal … or whatever the “new” normal might look like for their office environments.
After more than a year of being partially or exclusively remote, offices in many industries have either already reopened or are planning for a return to in-person work later this year. What began in a panicky scramble is ending more gradually and, in some cases, is permanently changed.
Whether it’s to save money on office space or to accommodate the workforce’s new-found appreciate for remote work and flexibility, some aren’t coming back to the office at all, and those who do aren’t necessarily clocking in five days per week. Terms such as “hot desking” and “hoteling” are back in vogue as businesses try to navigate the financial, emotional and productivity-related aspects of post-pandemic workspaces.
At the same time, many employees are opting to work from home part or all the time. Some surveys show that as many as one-third of workers would rather quit their job than work in-person full time.
When employees do return, they’ll be bringing with them company-owned devices that have been running exclusively on home Wi-Fi networks for months, personal devices that have been co-opted for work purposes, and lots of bad security habits that developed when toggling between updating spreadsheets and their third grader’s math homework all day.
Updating Your Security Report Card for the Return to the Office
How can MSPs create a safe and secure re-entry? Here’s a guide to making sure your clients are ready:
Updated device policies – Caution was thrown to the wind last March, but now it’s time to restore some order. Have your customers decided what their ideal device strategy should be? Is BYOD OK? Should workers be bringing laptops back and forth from the office or have dedicated devices for each? Will workers use shared workstations when they’re on-site or always have a dedicated device? After some intentional thinking, companies should revise and restate their expectations and rules.
Inventory review – Regardless of each client’s new work modality (fully remote, everyone back, hybrid/flex), they’ll need enough devices to go around. Are they on-site and loaded with the right software? Or is it time to restock and refresh some older computers?
Collaboration platforms – The pandemic may have quickly ushered in new tools and platforms to allow workers to communicate, share screens and jointly work on files. Once some workers return to the office, those platforms won’t disappear; instead, they will be used far more often within the office network. It’s important to standardize and ensure that these platforms aren’t creating any security risks, and that employees are trained regarding which devices to use them on and what types of information should or shouldn’t be shared using them. Are you prepared to shut down these shadow IT solutions and migrate workers to approved tools?
Inspecting and updating returning devices – Before everyone plops down at a desk and plugs in an Ethernet cable or logs into the corporate Wi-Fi network, is there a plan to ensure those devices don’t have any viruses, are appropriately patched and are running the latest versions of key software? This critical step is easy to overlook in the excitement and chaos of returning to the office. Staggering re-entry and running these checks as a pre-requisite to return can reduce the risk of someone bringing back any unwelcome stowaways. Using a “quarantine” LAN for these devices until they’re fully checked out is one route to ensure everything is up to snuff.
Inspecting and updating “abandoned” devices – Many devices may have been gathering dust in the office the past 16 month–especially printers!–and could use a review and refresh of their own. Patches, OS updates, virus scans and the like should be a priority before they get booted up on the network.
Password updates – Businesses should always be requiring regular password updates, but re-entry is the perfect opportunity to force everyone to do so. All systems should be reset to a “zero trust” state with two-factor authentication used whenever possible to regain access.
Physical security on-site – It’s a good opportunity to review who has access to which spaces in the office before everyone floods back in. Are servers locked away to prevent direct physical access? Have keycard permissions been checked to ensure former employees or non-essential workers can’t get into places they shouldn’t?
Physical security at home – When everyone was locked down, few remote workers were entertaining houseguests in their home office. But the return to normalcy also means much more foot traffic in spaces that have been used for months as workspaces. Employees should be trained (and reminded) to keep physical documents secure and devices with work access locked when others are about. Time to take that sticky note with all your passwords off your monitor!
Staff turnover – Every business has employees coming and going over time, and the job market hasn’t stood still during the pandemic. New workers will need a lot of training on security protocols and best practices, while former employees must be prevented from physically or digitally accessing things. Is a new hire orientation that includes security part of the re-entry plans?
BCDR – Business continuity solutions may need a refresh or some tweaking as employees return, as well. Are the right devices and systems being backed up in this new environment? Can the BCDR solution handle a hybrid environment?
Compliance and PII review – Things may have been a little fast and loose during the pandemic as business struggled to maintain their level of service during a major disruption. With employees returning to the office, it’s a good time to make sure that the way in which personal information is being handled still meets regulatory compliance standards. Are policies accurate and enforced, and is old data being cleaned up from places it shouldn’t be?
Network capacity planning – Things have changed a lot since March 2020. Many businesses are relying on the cloud more than ever, and not all employees may be in the office at the same time. This could easily put a strain on bandwidth limits that were adequate pre-pandemic. Do you have enough pipe to support the new normal?
Ensuring equal opportunities – In a hybrid environment, remote workers should be able to do pretty much anything on-site employees can do … other than use the coffee maker. Is bandwidth and access sufficient so remote workers aren’t penalized or prevented from doing their jobs? Are meeting rooms outfitted with the right audio and visual equipment so remote participants don’t feel left out yet don’t open any new security holes?
Traffic cop – During the early days of returning to work, it’s vital that MSPs are on the lookout for unexpected and unusual data traffic. This can be an early warning sign that viruses, malware, footholds or other entry points for bad actors have made an appearance along with returning workers. Do you have monitoring tools in place and know what to look for?
VPNs – If hybrid work is here to stay for your clients, then their VPNs must be up to the challenge. Do the right people have access? Are you using two-factor authentication and unique passwords? Can they handle the traffic?
Third-party partners – In today’s connected world, you’re only as secure as your weakest link–and that link might not be your own. Contractors, vendors and the like should also be fully vetted for an updated security profile. Do you know that your partners aren’t creating weaknesses that could be exploited by bad actors?
The Right Tools Can Help You and Your Clients Prepare
Many of the important items above can be done early and be automated using purpose-built management tools. Endpoint security, network monitoring, dark web monitoring and more don’t have to wait until the neon “Open” sign is flashing again.
Most importantly, you must start these conversations with your clients now, so what’s needed is in place before employees flood back through the doors in the coming weeks and months.
Taking preventative steps today will prevent a future crisis tomorrow.
Watch our webinar, Managing IT for Remote & Hybrid Workforces, and learn more best practices for overseeing a hybrid workforce.
Dan Tomaszewski is SVP of Channel & Community, Kaseya.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
MSPsAbout the Author
You May Also Like