COVID-19: How Secure is Your Remote Workforce?
Businesses around the world continue to cope with the now normal requirement that most, if not all employees are working from home. Thankfully, the immediate demand to mobilize employees was quickly met with cloud based services like Microsoft, Google and Zoom. Now that the dust has settled on the initial move to WFH (work-from-home), it’s necessary to evaluate the security of these tools in your remote environment.
Managed service providers (MSPs) need to be aware of the increased risks posed by the global pandemic, including cyber-attacks, network stress, user error and compliance requirements. Unfortunately, no one had the time we’d typically expect to roll-out a remote workforce – and even when we do, issues often come up. In this post we’re highlighting the security challenges and solutions MSPs need to be considering, as well as discussing with clients in order to protect both of your businesses during this critical time.
Living in a hacker’s dream
The current COVID-19 state of business is ideal for hackers. With millions of employees now relying on cloud-based services – many for the first time – potentially using unsecure personal devices, amid rapid personnel changes, all happening within quickly created, unprepared environments…well, there’s a lot left on the table to say the least. For a hacker, this is a great time to infiltrate your network with phishing scams, ransomware attacks and other malware, or lay dormant in your system until business ramps back up and there’s more at stake for you and your clients.
According to a recent article by the Wall Street Journal, “During the second week of March in Illinois, hackers disabled the Champaign-Urbana Public Health District’s website as part of a ransomware attack, officials there said. Four days later, officials at the public health authority retrieved 99% of their files after paying a $350,000 ransom.”
The World Health Organization (WHO) has seen a spike in hacking attempts, including multiple ransomware attempts that have been stopped by their protection software. The article goes on to say, “The WHO, along with other global health organizations was already battling a surge of scams aimed at spreading misinformation about the new coronavirus or capitalizing on anxiety to invade networks of unwitting companies and their vast work-from-home workforces. The WHO said it is also aware of broader threats to health systems, citing soaring numbers of phishing campaigns against hospitals.”
As we already knew, MSPs were already being targeted for cyber attack due to the aggregation of data they hold. Now, with greater potential for open doors and unassuming employees, it’s crucial that the cloud-based services people are using to access data are secure, backed-up, compliant and accessible no matter what.
How secure are those cloud based services?
If you’re familiar with Microsoft Office 365, you know they don’t provide any guarantee against data loss, have a limited 14-day retention period, and actually recommend third-party apps for backup. As stated in section 6b of their Services Agreement:
“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-party Apps and Services.”
This is especially important as the number of Office 365 users skyrockets, thus putting extra pressure on their network. Microsoft added 12 million daily active users to their chat and collaboration app, Teams, in just one week, bringing the overall total to 44 million. And they’re not alone in their growth. Google’s G Suite business applications saw a surge of 25 times more users in February compared to January. And Zoom, a popular videoconferencing software, has brought in more active users so far in 2020, than during all of last year.
While a boost in users is highly desirable for companies and their bottom line, it adds an unprecedented amount of stress on their networks and highlights opportunities for cyber criminals. As you may have already experienced, it can be necessary to turn off video capabilities in conference calls to mitigate bandwidth issues. Services can go down for hours, as Teams users in Europe experienced, as well Xbox Live (a Microsoft steaming service) users after reaching a new online user record. Tools can also be interrupted, as we’ve seen in a new hacker craze called “Zoombombing.” This is the term used for infiltrating Zoom meetings with inappropriate content ranging from pornography to hate speech.
While remote enablement tools are necessary to keep remote workers connected, collaborative and productive, they aren’t perfect. MSPs have to plan for the worst in order to protect themselves and their clients from the probable. Data protection must be part of a layered, complete and compliant security program that accounts for service interruption, human error like accidental deletion or disgruntled employees with malicious intent, and of course, cyber-attacks.
Rest easy with a compliant backup and restore solution
We’re losing enough sleep with the stress of the times. Eliminate some of that anxiety with a backup and restore solution that has the features necessary to keep you and your clients protected no matter what.
- Maintain compliance standards with a SOC 2 compliant service provider who can also meet the long-term retention requirements of HIPAA, GDPR and other industry-specific regulations.
- Get unlimited data storage and retention, including for deactivated users, to avoid accidentally deleting important files that may be needed later.
- Ensure comprehensive backup of all Exchange, OneDrive, SharePoint and Teams data with detailed reporting, monitoring and verification of activities.
- Guarantee data access with granular, full text search across all users and services, and rich filtering for near-instant restores.
- Utilize point-in-time restores to quickly export data from your web browser so you can find what you need fast.
- Secure data with a best-in-class cloud that has been tested across multiple risk factors to decrease downtime and get your business up and running, should anything ever happen.
Axcient CloudFinder for Office 365
As you may have guessed, Axcient’s Office 365 backup solution, CloudFinder, does all of the things I’ve listed above (imagine that!). And in response to the coronavirus outbreak, we’re offering this solution for free. As part of the IT channel, we’re supporting our MSP partners with free CloudFinder licenses for your clients through June 2020.
We understand the pains of an unexpected move out of the office because we had to do it too. Our entire workforce is at home and luckily we have the ability to provide support to our partners during this transition.
Along with the capabilities I’ve listed above, CloudFinder is also incredibly easy to both install and adopt, as well as ensure complete recovery. In a recent interview with our partner, Oscillas Technology, Inc., their CEO, CJ Black offers some insight, “I even missed my initial onboarding call and was still able to get my organization integrated with Axcient in under eight minutes. …I cannot overstate just how straightforward this tool is.”
It’s critically important that your remote team feel comfortable with the tools that protect their data. If something is frustrating, hard to understand or causes unexpected interruptions, employees tend to disregard the tool which can lead to opportunities for hackers.
CJ also describes his experience recovering data for himself:
“I create tutorials and walkthroughs for our clients, and one day I somehow made almost every video in our Creative Team SharePoint unplayable. Rather than trying to figure out exactly what I did wrong, and then working to reverse the mistake – something that would’ve taken hours – I just restored the videos from their last known good state. With CloudFinder it was that simple. The savings we gained on productivity that day alone, justified our own investment in CloudFinder for the year at least.”
If you’re ready to take advantage of CloudFinder for free in order to protect your Office 365 data, sign up here (no credit card required). Learn more about our remote workforce solutions and if you have any questions, don’t hesitate to reach out. We’re here for you!
About the Author:
Dugan Crotty // Sales Engineer, Axcient
As a Sales Engineer for Axcient, Dugan Crotty helps MSPs focus in on their offerings for data protection, backup and DR. Dugan has 13 years of experience in IT and found his passion for data protection and the need for a strong backup working with Quest Software, Dell, Lexis Nexis and Axcient. When Dugan’s not helping MSPs, he enjoys getting his heart rate up in an Orange Theory Fitness class and supporting small businesses, specifically checking out new, local coffee shops.