As many organizations have been focusing on the COVID-19 pandemic, an old nemesis has been creeping forward. As I write this blog, the United States is facing the most significant cybersecurity attack of record, with thousands of businesses impacted.
With a rapid news cycle, you may have missed the cybersecurity messaging over the past few months. Here are some stats that demand your attention and the attention of your IT team…
“Cybersecurity impacts 1 in 4 law firms”—LastPass
It gets worse…
“A flurry of new threats, technologies, and business models have emerged in the cybersecurity space as the world embraced a remote work model where there’s no network perimeter and more applications and data in the cloud than ever before.”–CRN
Current trends as we return to the office
As employees shift from work from home (WFH) back to the office environment, security issues follow. Some problems stem from bad habits, and some can be directly tied to cracks in the technology deployed during the rush to work from home.
As the Chief Strategy Officer at MainSpring, I meet with our CIOs, our clients, and prospects in the business community often. In recent weeks, the topic of returning to the office environment and the risks associated with the transition is top of mind.
Recently, I have posted a series of blogs that you may find helpful:
This blog serves as an outline of current topics. It’s a roadmap to discussions and blog posts that will continue over the next few months. Feel free to follow along as Team MainSpring addresses technology concerns while keeping a finger on current events.
The hardware time capsule
Talk to employees returning to the office environment in the DMV region, and you hear stories that could be taken directly from a suspense movie. Desks look just like they did when last used more than 18 months ago, including a layer of dust on a favorite coffee mug and family photos.
Desktops lay dormant in offices, like time capsules. Hardware was quickly replaced with laptops, tablets, and even new smartphones as everyone rushed to set up a home office. Your IT team should consider the abandoned hardware as a security risk. Your C-suite should consider the costs associated with those purchases. And the processes by which they could have used to avoid the capital expense morgue they find themselves in.
What is the plan for re-purposing or eliminating the hardware? It’s not only a question for the accounting department, but for the IT department.
As a business solution integrator for LastPass, we are in tune with today’s “password” messaging. We have also heard the stories from the field.
I know what you are probably thinking now, “Of course, our employees use passwords”…
Reflect back on the last 18 months. How many new company-owned laptops, tablets, and smartphones were deployed? Or are some employees using personal hardware to conduct business? What about software subscriptions and the cloud? Do you know the status of the passwords currently in use?
If your company does not have a comprehensive password policy, it is time to create a plan.
A new Microsoft OS on the horizon
Perhaps you have heard about the near-future deployment of Windows 11. Is your company considering deploying the next version of Microsoft?
With the migration to a new version of any new software comes risk. The good news is that you can mitigate risk with careful planning. Suppose you are considering a migration to Windows 11. In that case, it is also time to ensure that the migration does not leave a hole in your security.
How will Microsoft Authentication and an updated version of Teams fit into your security plan? Follow along as we discuss Windows 11 and offer tips from Team MainSpring in a future blog.
Have an IT security response plan
Cybercrime insurance policy premiums are on the rise. And an insurance policy, although beneficial, should not be your only plan.
If your organization does experience a cyber breach in security, what is your plan? Your plan should involve multiple team leaders within your organization, with your IT team as the lead. The plan should include both continuities of business steps and communication avenues for your staff, customers, and partners.
Close the crack in your office
As I am writing this blog, I am reflecting back to a blog from earlier this year on social media risk. The blog was an eye-opener to many and remains a top-read blog of 2021. Today’s blog also asks a lot of questions. Questions that you should be asking your IT team.
In the coming weeks, MainSpring virtual CIOs will address the questions outlined here. We strive to keep our finger on both technology trends and current events. One always impacts the other.
If you’re not already on our email newsletter list, please consider signing up to follow along and stay on top of IT security risks and best practices.