security best practices

Top 3 Security Threats Related to a Remote Workforce

With so many businesses still having a distributed workforce, it is important to prioritize computer and network security.  While there are various security threats associated with employees working remotely, today, I will be focusing on the top 3 threats that you should be aware of and address to ensure that your employees and business are secure.

Home Networks

One of the main security risks of a remote workforce is the possibility of unsecured home networks. Did you know that according to PC Magazine, in a study of 2000 US residents, 23% of people reported that they are using default credentials on their router/modem, and 11% were not even sure of what their credentials are? That is very concerning with the number of cyber threats that are out there. Most home networks are set up by a local ISP and use a modem/router to provide WiFi. These home networks are often set up by a technician whose focus is function, but not necessarily security. Therefore, your network traffic may be open for anyone to snoop on without your knowledge. The best way to protect that data is to encrypt all non-public information you and your company send over the wire. This would require the use of a VPN (virtual private network). With the proper configuration of a VPN, your data will be encrypted in transit and unreadable to those who may be listening. To make sure you have a secure home connection, you will want to make sure that:

  1. You have encryption set up with a VPN to protect corporate data.
  2. Your WiFi has a secure password associated with it.
  3. Default credentials on all network devices are changed.

These three steps go a long way to ensure you have a secure home connection better defended from hackers with malicious intent.

Personal Computer Equipment

When the rapid shift to remote work took place last year, many employees started using their home PC to access company data and perform their business functions. While it is crucial to ensure that the devices in an environment that allow data to flow through the network are locked down, the machine that holds all your data- the PC, will be a hacker’s biggest target. According to Forbes.com, in a recent study, “56% of people were unable to bring equipment from their employer to work from home” and “a third admit to personally purchasing equipment to help them work remotely during COVID-19.”  That is an extremely high number of personal devices, considering how many people are still working remotely.  Furthermore, home PCs are often shared with children or significant others, further increasing your cyber risk. It is vital to your company’s security that remote employees use company-managed PCs or laptops. It takes the management out of the users’ hands and provides a higher level of security while handling the company’s data.

Cell phones and mobile devices are another component that need security when being used for company email and accessing files. Make sure your infrastructure management includes a plan for keeping these devices protected.

Security Updates

According to bleepingcomputer.com, “based on a sample size of 163 million computers, 55% of all programs installed on personal computers running Windows are outdated.” Whether it is a firmware update for your hardware or a software update for your line-of-business application, this is something that the typical end-user often does not take the time to do. What can you do about it? Turn on automatic updates. This can go a long way in ensuring that updates are installed, and personal devices remain secure. While many of the software companies’ releases may be feature updates, you will also get vital security updates that help prevent exploitation of vulnerabilities in the system. This brings me back to having company-provided hardware.  When your company provides and manages home devices, your IT department can manage, audit and ensure that updates are promptly and correctly installed, which will go a long way in protecting your company’s data. Keep your devices up to date!

These are just a few of the security risks associated with a remote workforce. Unfortunately, there are many more threats to consider as malicious actors continuously search for opportunities to access your company’s data. It is essential to keep security top of mind and continue strengthening your security posture. There are many resources out there that can help you evaluate your current environment and provide recommendations for improving your security standards. 

We at Kite Technology can be that resource and can help you identify vulnerabilities and provide the tools, like cloud solutions, you need to eliminate them. Contact us today to learn more.

A Message from our CEO: KiteTech Achieves The CompTIA Security Trustmark+™

CompTIA Trustmark CertificationAt KiteTech, we have always taken our responsibility for the security of our clients’ data seriously. But the stakes have continued to grow. As the challenges of data protection and compliance have multiplied and the impact of security threats have escalated, we felt we needed to take our security posture to a whole new level. We wanted to be sure that the services we were providing were unquestionably delivered with excellence. So, we decided to find a third-party expert who could vouch for the quality of our security systems and processes. That led us to CompTIA’s Security Trustmark+ Certification.

The Security Trustmark+ Certification checks all the boxes. First, the certification process is firmly based on the NIST Cybersecurity Framework which is the national standard for managing and responding to cybersecurity risks. Second, it provides tons of guidance and templates for us to standardize our security documentation and processes based on best practices. Finally, it includes a review by an independent third-party cybersecurity expert.

We kicked off a project last February to obtain our certification. No sooner than we got started, we had to put the whole project on hold as the pandemic rearranged our priorities. COVID restrictions resulted in urgent requests from our clients who needed us to help get their staff up and working productively from home. Once that emergency was addressed and we settled into “a new normal”, we were able to turn our attention back to obtaining the certification. A lot of the effort consisted of confirming practices that were already in line with the NIST standards. But in other cases, we found that we needed to improve or even rewrite processes to comply with Security Trustmark+ requirements. The effort left us in even better position to advise our clients on security best practices.

Like many of our clients, we have been evolving from local infrastructure to cloud infrastructure over the last several years. One of the most profound insights we had during the certification process was that the benefits of having local systems and data in our main office were outweighed by the risks of maintaining local systems and data. A thorough risk assessment revealed that we were better off “cutting the cord” and moving ALL our systems and data to cloud environments. And so we did. We no longer are saddled with managing the risk of safeguarding local systems and data. It’s kind of like moving the bank vault out of the bank. Robbers might still find their way in, but they will be disappointed to find that the money is elsewhere. The process of moving all our technology infrastructure to the cloud positions us perfectly to help our clients do the same.

Earlier this month, all our efforts paid off. We were notified by CompTIA that we had achieved the CompTIA Security Trustmark+. We are now one of only 2 IT providers in Maryland and 30 IT providers in the country that can boast of achieving this prestigious certification.

The end result is not just the piece of paper, it’s the confidence that we have industry-leading security practices. Consequently, firms who partner with us can be confident that their security needs are being addressed by a technology expert using best in class security practices.

Picture of Greg DiDio

Greg DiDio

CEO
Kite Technology Group

adam atwell

Adam Atwell

Cloud solutions architect

Adam is passionate about consulting with organizations across the country to help them develop and execute a cloud adoption strategy that meets their business needs and future objectives. Adam oversees and manages our company strategy for Microsoft 365 adoption and is responsible for future growth and development inside Microsoft 365 and other cloud technologies.