With remote employees having laptops or other connected work devices, there is a risk if they're connecting to a public wifi network. Even their in-house office isn't the same as being in an office with certain precautions and safety measures in place. Owners worry about important assets an individual can have for a company that has now taken it outside the office. Client lists are significant assets, as is any customer data. So what are some actionable steps companies could take to try preventing risk around those types of assets?
The following answer is an excerpt from an interview with Steve Lofesky, President of Medicus IT.
When talking about managing risk, the first thing I want to say is, for a business owner or a CEO-level person, the first thing you want to do is make sure you have cyber liability insurance. The reality is, these days, it's not if you're going to have a breach, it's when, and how bad is it going to be, and what's that impact going to be? I can tell you it's an expensive proposition. When it hits, it's usually not a great day, and there are negative impacts, so make sure that you have cyber policies in place, and you're covered in the likely event that something will happen to you.
The reality is, these days, it's not if you're going to have a breach, it's when, and how bad is it going to be, and what's that impact going to be? I can tell you it's an expensive proposition.
It's the risk first. Let's make sure we can mitigate those risks you're worried about by having insurance in place. The next step is that the most important thing we have as a company, next to our employees is our data. I tell people all the time, 'I can buy you a new laptop, I can buy you a new server, I can buy you a new router, I can buy you anything, I can't buy you data. I can't buy all of that intellectual property that you've worked for so hard to build and grow your business on.'
So focus on making sure your backups are there, making sure you know where your data is, how it's being stored, and how it's being replicated off-site, so that in the event something happens, you know that at least your data is secure. So if you got hit with ransomware, one of your remote employees did something they shouldn't have, your systems are down, but at least you know 'hey, we know where our data is, it's safe, we know how to recover it. It may be a couple of days interruption, but it's not going to take us out.'
So focus on those things first. And then, spend a lot of time working on your internal infrastructures, your business. I don't want to get too technical, so I try to use different ways of getting people to visualize technology. If we think of our business as our castle, we've built this infrastructure within the castle to keep our data and our people and our applications protected. So now if we say, 'hey, I'm going to send these people home, or I'm going to send them outside the castle,' the easiest way to protect all that stuff is to have them access the data that's in the castle. The data never leaves the castle, so send them home with a Chromebook or a laptop, and all they're able to do is come in, leverage resources inside the castle, and the business is never moving data outside of the castle to the end-user. The end-user is just seeing video and keystrokes, but we're not allowing any of that stuff to get outside our world.
So from an ideal perspective, that's ideal. We have some clients who have built an infrastructure, either in-house or in the cloud, where we leverage technologies like remote desktop, RDS, Citrix environments, VDI environments. Basically, your desktop resides inside the castle, and when you leave the castle, you're just connecting back, and you're leveraging the resource that's inside the castle, and all you see again, are just screenshots. So now you still benefit from all of that security that you built within that castle, you're extending it to that remote employee.