As the way we work has changed, the way we think about IAM has to change as well. Regardless of how long COVID-related lockdowns last, the shift to remote work was in force well before the start of the pandemic. Asking critical questions and enacting the appropriate solutions are important steps in protecting your modern workforce from cyber crime.

Here are four such questions to get you started:

Question #1: Do you have policies in place controlling the access users have to sensitive information while working remotely from personal devices?

Maintaining productivity while employees are away from the office is important — nobody wants to jump through multiple sign-in or network access hoops.

But granting access to sensitive information too freely can create unintended vulnerabilities. For instance, imagine that an employee is reviewing plans for an upcoming new product release on a personal tablet… and then accidentally leaves the device in a taxi.

Mistakes will happen; you can’t control every employees’ behaviour while they’re away from the office. But you can control their access to critical information — as well as implement tools that allow you to wipe data from misplaced devices — to keep your data secure.

Question #2: Have you educated team members on proper security protocols for remote networks and remote network usage?

How many of your employees log on to public Wi-Fi networks at cafes, hotels, or airports? Even if your organisation takes steps to educate users on internet security, the number may be more than you think.

One study from the University College London (UCL), found that “not only did many applications still fail to encrypt data in motion, many users continue to use unsecured public Wi-Fi networks.” Over the 150-hour experiment, researchers were able to find “private photos, emails, documents, and login credentials being transmitted in clear text without encryption” via public Wi-FI networks that were set up for the experiment.

Further, Norton’s 2017 Wi-Fi Risk Report found that:

• More than half of the survey’s 15,532 participants used free public W-Fi
• Eighty per cent of public Wi-Fi users dealt with sensitive information such as email and online banking while on these networks
• Sixty per cent of participants feel their personal information is safe when using public Wi-Fi

Although you may be able to enact certain restrictions that limit what employees can access when connected to unsecured Wi-Fi networks, education has a role to play here as well. Periodic training and regular reminders can help reinforce the importance of using secure networks to access company data.

Question #3: If employees are working remotely, does your IAM policy address risks associated with allowing others access to their employer-issued or personal devices?

Though it’s becoming more and more common for each member of the family to have their own device, companies still need to consider the possibility that employees may allow others access to the devices they use for work.

Take Proofpoint’s 2018 User Risk Report, which surveyed 6000 technology users across six countries, including the US, UK, France, Germany, Italy, and Australia. Roughly 55% of participants admitted to sharing their employer-issued devices with family members or trusted friends, who used them for activities including checking email, engaging with social networks, streaming media, shopping online, and more.

Even the most trusted contacts accessing a work device create unnecessary security risk; for example, by accidentally allowing unauthorised users to view confidential data and by increasing exposure to phishing threats. A far better approach is a blanket policy that prohibits access by others to devices used for work — one that’s codified and communicated to all relevant stakeholders.

Question #4: Have you implemented a policy around printing out sensitive data on home networks?

Another easy security win is limiting employees’ ability to print out sensitive information when they’re away from the office.

Certainly, you may not be able to fully restrict this behaviour if you have employees who work remote full-time. However, you can:

• Limit user roles and privileges around printing so that only those employees that truly need to be able to print whilst remote can do so.
• Educate employees on steps to take to secure their home networks.
• Educate them on the importance of not leaving printed materials lying about, including the potential security risks that could arise from documents inadvertently falling into the wrong hands.

Empower Your Modern Workforce Through IAM

The questions above reveal the breadth of security considerations that have arisen from the transition to modern work, where even something as commonplace as printing out documents can introduce unanticipated risk.

Your company’s IAM policies go a long way towards empowering your modern workforce and securing their activities. If you don’t already have an IAM policy in place — or if you aren’t sure it fully addresses the concerns of a modern workforce — download Mangano IT’s free checklist, “Measuring Your Identity and Access Management (IAM) Maturity” for more questions to better understand and improve your existing security posture.

The post 4 Questions for Protecting Your Modern Workforce from Cyber Crime appeared first on Mangano IT.

In fact, the Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) has specifically warned about, “an increase in the number of cybercrime reports and cyber security incidents,” as well as “an increase in frequency and sophistication of operations by a range of state-based actors and cybercriminal syndicates” and “an increase in the speed in which malicious actors have researched and then pivoted to exploit publicly-released vulnerabilities.”

Yet, despite these trends, many organisations hold outdated notions about both the criminals perpetrating these attacks and their specific vulnerability to cyber crime. Whilst hackers do continue to pursue major targets — as in the case of the well-publicised breaches of Solar Winds and JBS Foods — every organisation represents a potential target for cyber attacks.

Here’s why organisations of all sizes and sophistication need to be aware of the risk of cyber crime, as well as the steps they can take to protect themselves.

Why Every Organisation is at Risk of Cyber Crime

One of the most common sentiments we hear when talking to Mangano IT customers regarding the threat of cyberattacks is, “it’s not going to happen to me.”

To a degree, that’s understandable. If you’re a small organisation, or if you don’t believe you have anything worthwhile to steal, you may see yourself as being less of a target for direct attacks. But as you’ll see, these concerns are irrelevant. You don’t have to be specifically targeted to suffer losses from a cyber attack.

For example, consider that:

Unsuspecting employees can be lured into broad phishing attacks that expose you to vulnerabilities.

Many of today’s most effective cyber attacks don’t actually target individual stakeholders. Broad phishing attacks may send compromised links to thousands of individuals at random, hoping that at least some of the recipients will click them. If one of your employees clicks a phishing link from a networked device, it won’t matter that it wasn’t your organisation that was specifically targeted.

Disgruntled employees may compromise your security by downloading company data without your knowledge.

Would you know if one of your employees downloaded data on your customers, products, R&D efforts, or suppliers? This type of information may have tremendous value to a criminal — yet because ‘the fire is coming from inside the house’, all the external firewalls in the world won’t keep you safe.

Even if you don’t have sensitive or proprietary data, others in your network might.

Sure, the information in your systems may not have much value on its own. But consider your customers. Do any of them have sensitive information? If hackers can access organisations in your network by breaching your defenses, you could face not only liability issues for failing to secure your systems, but significant relationship damage and loss of trust with your customers.

Protect Your Organisation with Proper IAM

Protecting against these types of scenarios requires a multifactor approach. In fact, you likely already have some security measures, such as firewall and spam blocking programs, in place. But one of the biggest security gaps we see when talking to organisations about their cyber security approach is identity and access management (IAM).

Essentially, IAM involves controlling who gets access to different information and systems. You can think of it as a foundational step in cyber security, because proper IAM influences so many areas of your business and IT environment, including:

• Data security and protection
• Device and endpoint management
• How you assign user roles and privilege levels
• Modern workforce and bring-your-own-device (BYOD) policies
• The way you hire and fire employees

For best results, your approach to IAM should be codified with documentation, reviewed periodically, and regularly enforced. If you don’t currently have an IAM policy in place — or if you aren’t confident yours is up to the challenge of today’s cyber security requirements — use Mangano IT’s free IAM checklist to evaluate your existing IAM posture:

How to Improve Your IAM Maturity

Once you’ve measured your existing IAM posture using Mangano IT’s checklist, you’ll be able to put together an action plan for securing your systems. A few quick tips to keep in mind:

• IAM can’t be an IT-only exercise. Every employee in your organisation can be a weak link in your cyber security defences. For that reason, IAM success requires that every employee be educated on the role they play and the actions they must take to help keep your data secure.
• IAM requirements change regularly. IAM is never ‘finished’. Lockdowns related to COVID-19 prove just how quickly work can change. IAM must be responsive to everything from modern workforce trends, to IT architecture changes, team turnover, and more.
• An expert perspective can help. Consulting with a Microsoft Gold-Certified Security Partner like Mangano IT can help uncover areas of IAM risk you may not be able to see on your own.

While our free IAM checklist can help reveal some of these opportunities, it can also be useful as a starting point in a much larger conversation about your organisation’s cyber security maturity.

Reach out to Mangano IT’s expert team for a more customised assessment of your unique cyber security risks and opportunities.

The post “It Can’t Happen to Me”: Why Every Organisation is at Risk of Cyber Crime appeared first on Mangano IT.

The question of what to manage in-house and whether to enlist a managed service provider (MSP) doesn’t have a perfect answer – much depends on your unique situation. We’ve put together a run-down of the pros and cons of managed services to help you get started.

Experience and Skills

A great MSP will put a lot of effort into knowing your business, but your in-house team are the experts who live and breathe the organisation. That said, the MSP can draw on a far greater variety of high-level skills that aren’t available in-house, and they have experience across many customer sites in varied industries. They are experts in cyber-resilience, disaster recovery, networking and collaboration technologies… it would be costly to employ even a fraction of that skillset. A broader team can be useful when it comes to seeing alternative ways of getting results.

The strongest outcome is often delivered when in-house knowledge and MSP expertise and broader skillset are married well, which means careful assessment before selecting the best partner. Your in-house team should be empowered to work on business growth and efficiency projects, confident that the foundations are in good hands.

Cost

When it comes to economies of scale, the MSP has a clear advantage. The user centric model means that you can have exactly the right skills when you need them, without bearing the cost of retaining staff when you don’t. You don’t pay for holidays, sick days and all the other expenses involved in human resources.

That said, timing matters, and so it is always important to weigh up factors like existing contracts, type and age of infrastructure and how well the current situation aligns with business needs. An IT audit may be a valuable investment when it comes to getting value for IT spend, and it can help to determine the right time and type of MSP investment.

Flexibility 24/7

This is one place that the MSP wins easily. Few organisations can justify paying IT staff to work round-the-clock shifts, and calling out IT staff at 3 a.m. then expecting them to give their best 9-5 is unfair, and unlikely to work long-term. There is considerable variation between MSPs, but our customers say that the ability to create a tailored services package was a key consideration for them.

Connectivity improvements and matured service options have reduced many of the barriers to employing a managed service, and this can be a viable way to accelerate digital transformation. Overcoming cultural barriers can usually be achieved with the right planning, and our MSP specialists recommend thorough preparation as a way to make any transition successful. It is not the perfect answer for every business, but if you are creating an always-on, mobile-friendly workplace without an unlimited budget, it is certainly worth evaluating managed service options to see how they stack up.

Time to evaluate the pros and cons of managed services for your own business? Chat to the friendly Mangano IT specialists today.

¹ https://resources.idg.com/download/white-paper/2018-digital-business

The post Weighing Up the Pros and Cons of Managed Services appeared first on Mangano IT.

Cloud

New cloud services emerge almost daily, and keeping track takes intense focus. We find that our role as an IT partner must adapt to act as a filter for our clients, so they can identify relevant, suitably secure cloud services from the crowd.

The key here is a strong cloud management strategy. We have seen truly outstanding use of cloud to enable collaborative, mobile workplaces. Some organisations we work with take advantage of the off-site backup options available. For most, though, cloud is ideal used for specific, identified needs where bursting capability is essential.

On-Site Infrastructure

Cloud, though, is far from a perfect, blanket answer to every IT question. Visibility can be problematic, leading to cost blow-out. Aside from the associated monthly bill shock, security becomes an issue: you can’t secure what you can’t see.

There are many very compelling reasons to retain on-premise infrastructure, and progress in new generation products certainly can reduce management and administration burden. Even with these gains the requirement for ‘always on’ business is at odds with sparse skilled IT resources. Given the high value of the IT team’s time when it comes to creating new apps and services, or reducing operating costs, is it wise to focus a sizeable chunk of their energy into managing infrastructure?

Flexible Managed Services

For most organisations, a hybrid mix of on-premise and cloud is the current reality. Adding into the recipe for success, a new breed of managed services fill the gaps and act as an extended IT department. If some shred of IT department sanity is to be maintained, and users still given the round the clock service needed, this support acts as an essential prop.

While once, IT services came in rigidly packaged, on-size-fits-all solutions, today it is all about custom-design. Typically, our services team begin by working out the best balance between budget and needs, right down to covering holidays or offering helpdesk out of hours. Some customers opt out of infrastructure management altogether and focus entirely on business growth, others prefer a more fluid, when needed outcome.

Supporting your IT team to build a future can take many forms, and as new choices become available, it is worth undertaking a regular review. Those with the combination of in-depth knowledge of your business and understanding of new technologies will be key to a successful digital transition, and liberating them from the 24/7 IT overload allows them to achieve amazing. Why expect anything less?

Need to know more about cloud, infrastructure or services to support your future success? Contact the friendly Mangano IT team today.

The post Achieving Business Amazing: What Happens When You Liberate IT? appeared first on Mangano IT.