security

All Hands on Tech – Security in the Hybrid Office – IT World Canada


Want to hear some mind-blowing stats? Get this. 65% of Canadian office workers have expressed a preference for a hybrid work model where they split time between home and office. And here’s the most important nugget. Over 40% of these individuals say that they would begin hunting for a new job if their current employer mandated the return to the office full-time. Translation. If you are not actively finding ways to embrace and optimize your hybrid workspace, you’re in for a world of hurt. It’s not a question of if, but when. And in this episode of All Hands on Tech, we’ll discuss a few things you may not have considered.

The hybrid workspace is a reality and the vast majority of businesses are not going back to work as it was. The issue you face now as a business outside of how to transition staff to a hybrid world is how to make the new workspace as safe as the old one was, whether in your home, at your office, or wherever you may be. Security was much easier when everything was under one roof. However, in today’s world, we’re not always in the same location. That translates to a dire need for a 360 degree review of your company’s best practices when it comes to internet safety and security. Put it this way, the evil that’s out there absolutely loves the vulnerability of this new hybrid workspace.

Let’s start with email. Look, I know you’re thinking it’s not that difficult. Let the fake duct cleaning rep prey on someone more gullible than you. The thing is, anyone can be fooled. Okay, look, literally the fourth day at my IT World Canada career, I got an email from a kindhearted soul about a litter of puppies who needed a new home. Attached to the email was a contact form that you had to print out, fill in, and fax back to them. Yep, it was an email to send a fax. Like a responsible person, I emailed it to the entire company distribution list.

Readers Also Like:  Google Mandates Unsubscribe Button in Emails For Those Sending ... - Slashdot

Speaker 2:
Houston, we have a problem.

Someone even more responsible than me Googled, identified it as a scam, and let the company know. The point is it can happen to anyone.

So how do you guard against that? By setting up a strong email security policy and culture. Here are five guidelines we feel are important. One, keep your work and your home emails separate. We’re all guilty of signing up for coupons with our work email address, but you can just make a special address for that. Gmail. Yahoo. Outlook. They give them away like their candy at Halloween. Two, using multi-factor authentication. Why use multi-factor? Because when they get more sophisticated, we need to get more sophisticated. Three, double check links and attachments. Hover over them and see if they make sense considering who sent them and exercise common sense. Why would the company’s bank be contacting you through an email, especially since you’re not accountant? Four, use strong and unique passwords. Let’s face it, passwords get stolen, so you need to keep strong, unique passwords. If you can’t remember them, there are so many password management tools out there. Consider rolling out one to your staff. And remember, password is not a password, Kevin.

Oh crap.

Mat Pancha:

Five and most importantly, embrace cybersecurity training. There is no question too stupid to ask. And in the online world, no mistake is too small. Get your staff trained.

Next up, backups. By now, we all likely have a great horror story that keeps us up every night. But in case you don’t, here’s a unique one that some of you may have heard before. During production of Pixar’s Toy Story 2, 90% of the movie was deleted during production. Luckily, the film supervising technical director was on maternity leave and didn’t want to lose out on doing her work. So she had a machine at home with the entire movie on it. The bottom line, have a backup. Have a backup plan, and have a backup plan to your plan.

Readers Also Like:  Alibaba’s Ele.me platform extends welfare coverage to 3 million couriers - South China Morning Post

A few guidelines on building your backup strategy. First, ransomware protection built in. It’s a must, because you don’t want your backup to have the ransomware in it that you’re trying to recover from. It’s human to forget to backup. So number two is automate. With your team working from home, consider having your backups go to the cloud as well. And finally, not everyone has the fastest internet at home, so deduplication and compression are very important, to shrink the size of your backups, thus keeping your recovery very fast.

Lastly, comes the company security audit. Basically, how secure are you, your team and the whole company. Even the biggest and best of us out there have some serious head-shaking moments. For example, just in July 2022, a single employee’s computer getting breached, caused theft of 20 gigabytes of data from Marriott Hotels. Also, in July 2022, a Twitter data breach exposed the contact info of some 5.4 million accounts. #oops.

Let’s be real. You’re faced with two dilemmas when it comes to security auditing. First off, it’s extremely difficult to do internally since no one ever seems to have the time to dive into. And secondly, doing so will likely give you a skewed and inaccurate scope of your actual security posture. Your perception and reality are rarely the same thing. Not convinced? Try asking people this question. Do you work out? See what I mean? Nothing is as telling and as honest as the input from outside of your circle. And it’s even more honest when the people doing the telling are experts in the field. It’s what they do.

Readers Also Like:  For the tech giants, security is increasingly a paid feature - Nieman Journalism Lab at Harvard

Having said that, we have a white paper from the people at Ricoh who can tell you everything you need to know about baseline security audits. It’s well worth the read, but I will let you in on a couple of the tasty nuggets. A few things that we dive into. Who has access to what information? What are your software and equipment standards? What are your company cybersecurity policies? Do you even have cybersecurity policies? What are your biggest threats? And of course the proverbial much, much more. It even ends with this really cool car chase.

Look, we all love the new hybrid workspace. And when I say all, I mean all those creepy crawly threats out there as well. Do yourself a favor and beat them to the punch, or scam or bot or virus or Trojan. You get the picture. Anyway, thank you for watching. Be sure to like, subscribe, and check out that Ricoh white paper I mentioned and tell me what you thought of the car chase. Mat out.





READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.