Kraft Technology Group’s Don Baham recently joined the StratoZen team on a webinar to talk about COVID-19 and the effects it has had on the MSP and IT support community as a whole.
In light of the ongoing COVID-19 pandemic, the idea of working from home has to be considered carefully – after all, your clients may be working there for a while. The right practices and tools can make a big difference in terms of how effective your clients’ remote employees will be for the foreseeable future.
How MSPs manage and support their clients’ newly remote workforces will directly affect their productivity and continuity. There are a number of key challenges you need to overcome, which is precisely what SratoZen and Kraft Technology Group discussed on a recent webinar.
“There’s no playbook for how to respond to a global pandemic that has some serious technical, and security and economic impacts to the community as well as our customers,” says Eric Gravett, CRO for StratoZen.
Challenges Stemming From COVID-19
“We have a lot of clients that had some capabilities, but by and large, most clients did not have the scale, capacity or training for all of their employees to work from home,” says Don Baham, President, Kraft Technology Group. “That’s been the primary challenge, is making sure that their infrastructure, their policies, and procedures, and the way that they’re training employees can scale to all employees vs. just a select few.”
Pivoting to a work-from-home model as quickly as possible can be difficult, and presents a number of challenges:
Configuring remote access for all team members, not just those that already had remote work capabilities
Developing and sharing new policies and procedures for a remote workforce
Making sure all staff members have the right equipment at home, either by improvising with hardware on hand, or trying to acquire from distributors’ small supply
“We’re seeing it across the board, distributors and equipment manufacturers are having a hard time keeping the supply chain filled,” says Don.
Businesses Are Sacrificing Security For Continuity
It’s a dangerous time right now, and not just because of COVID-19. Cybercriminals are taking advantage of the confusion and lack of awareness resulting from the global pandemic.
Businesses that have pivoted to a work-from-home model are likely to compromise their security in order to provide data access to the employees. In many cases, they’re choosing continuity over security.
“We are trying as best as possible to make sure security stays somewhat in the conversation while trying to revive some operations,” says Don.
The Kraft Technology team is fortunate to work with many clients in the finance and healthcare industry that always have cybersecurity and compliance top of mind. For other clients that are more worried about providing data access to their remote works, our team makes an effort to prioritize cybersecurity as much as possible.
The fact is that during a global crisis like this, cybersecurity is more important than ever. A remote workforce simply has more points of contact and more potential vulnerabilities than a conventional workplace.
“You go from having one perimeter (your corporate firewall) to having a dispersed perimeter of two, three, four hundred people working from home,” says Chris Gebhardt, VP of Cyber Operations for StratoZen. “That’s a huge increase in the attack surface, so we’re seeing that in the alerts that are coming in.”
Consider this – at the client’s office, everything is protected by the same set of cybersecurity solutions – firewalls, antivirus software, etc. These are defenses that they’ve invested in and can trust. That’s likely not the case for their employees’ home networks and personal devices.
What should MSPs keep in mind when it comes to protecting their clients during the pandemic?
Password Reset Protocols: MSPs are fielding an increased number of requests for password resets from end-users working at home. Cybercriminals can take advantage of this process, impersonating a user and requesting their login info. MSPs need processes in place to make sure they can authenticate these requests.
Scan The Home Network: You need to find out what vulnerabilities may be present in the expanded network of remote workers. The more MSPs know about their clients’ new network, the better they can protect them.
Protect VPNs With 2FA: A VPN shouldn’t be deployed on its own. Two-factor authentication (2FA) helps you protect your identity and accounts. More and more organizations are using it for its security and ease-of-use. 2FA requires the user to utilize two methods to confirm that they are the rightful account owner. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re better able to ensure that the person using your employee’s login credentials is actually who they say they are. Without 2FA enabled, if an employee’s VPN credentials are stolen, a bad actor could have unrestricted access to corporate data. That’s why VPNs need to integrate with 2FA solutions.
Like this article? Check out the following blogs to learn more:
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.