Businesses across the country have had to adjust to their employees working from home. For many it was a last-minute scramble to adjust to what has become "the new normal" in the face of the coronavirus pandemic.
As businesses and their employees settle into what could be for many a span of several weeks or months with a mandatory or recommended work from home order, organizations large and small face a potential company-killer: their surface of potentially vulnerable technology grew exponentially overnight.
How to keep all those remote connections from compromising their networks is a question that's only beginning to come up, as companies realize their cybersecurity policies are in desperate need of revision.
For starters, a scattered workforce is more vulnerable to phishing attacks. Increased reliance on email opens the door to potential problems. Employees cannot be reminded enough to think twice before clicking on links and attachments.
More prevalent a concern: the personal devices used by many employees who now work from home have not been updated with the latest security and software. With children now engaged in remote learning, devices may have to be shared--adding a terrifying new element to this nascent cyber nightmare.
In this new environment you should enlist the services of trusted cybersecurity organization to help you maintain best security practices. Before you engage with a cybersecurity vendor, you need to ask the following questions:
Are they reputable?
While few cybersecurity vendors willingly provide details about their clients, they should be able to provide letters of reference. A quick phone call or email to a past or current client can eliminate ambiguity about a vendor's credentials, qualifications, and capacity. A modicum of research can go a long way toward finding a good match for your company.
Are they qualified?
Many cybersecurity vendors tout their expertise with little, if any, industry-standard credentials or qualifications. Check for certifications such as CompTIA, GSEC, CISSP, or CCSP before engaging with a vendor and be sure that anyone with access to your network and data is fully trained and vetted.
Are they accessible?
Hackers are inherently opportunistic--ransomware, malware, and phishing campaigns have spiked during the Covid-19 pandemic, though of course they can hit a business at any time. IT and cybersecurity vendors should ideally have resources available to respond to a cyber incident every day and at all hours, and an established protocol to be able to communicate with you.
Do they understand your business?
While many elements of cybersecurity are universal, many industries have specific and individual technical requirements and regulations. Be sure your cybersecurity vendor has familiarity with the software and hardware used by your company, as well as any industry-specific legal requirements.
Are they offering a deal?
It's tempting to pick a vendor that promises a wide range of services for bargain basement prices. Before opting for the least expensive alternative, consider that the average cost of a data breach is $3.92 million. A recent survey found that 25 percent of SMBs declared bankruptcy following a data breach and 10 percent went out of business.
What is their plan if something goes wrong?
Since breaches have become the third certainty in life, it's important to select a vendor with a reputation for thoroughly preparing their clients to face the daunting reality of a breach and a proven track record of getting them through it.
The message here is simple: Cyber attacks are expensive, and there's no free lunch when it comes to preventing them.