WFA Security: How MSPs Can Help Their Customers be Proactive
With faster internet, mobile hotspots, VPNs and cloud technology, the work from anywhere (WFA) model is becoming the norm for many organizations. Employees love the freedom and flexibility of a mobile office, and employers are seeing an increase in productivity when embracing remote work. But this new freedom comes with a cost of increased security concerns for organizations—and their managed service providers (MSPs).
So, what can MSPs do to help keep their customers and end users safe? Here are some of the most important things MSPs can do to help their customers be security-first.
Years ago, working remotely was different. We didn’t have as many meetings, and didn’t interface face-to-face as much. But fast-forward to now, and where many once had 2-3 hours of daily meetings, now people can max-out their day stuck in online meetings.
Perhaps the biggest thing that changed during COVID was not necessarily business- or security-related, it was people-related. During the initial transition to work-from-home, people lost a sense of balance and started working extended days just because they weren’t sure how to effectively work outside of the office.
Many remote-work veterans offer similar advice: create a space so you can sink into work mode. And for many, that helps work not feel any different than if you were in an office. In terms of security, the thing that really changes when you are working from home is mindfulness about your work laptop. When you’re WFA, you have family and friends in your office space, so you want to make sure that your work stays private and that you put away any confidential information before you stop working for the day.
One of the concerns for organizations that suddenly had a fully remote workforce was ensuring that employees are automatically logged in to the company VPN when they sign into their workstation. With tools like Zscaler or Global Impact, the VPN follows you, you don’t follow it, which is critical. Because then you have some perimeters and boundaries again for at-home working, versus in the office and behind a firewall. That world does not exist anymore, so the firewall must start following you. So, security suddenly shifted to see every laptop as an extension of the organization.
Helping customers stay secure
There are a few things that come to mind when it comes to helping customers stay secure. First, there are different layers of security at an organization. There is a layer of network and VPN security that includes making sure something is monitoring user behavior. There’s endpoint protection which used to just be ‘antivirus’ but now is wrapped with intrusion detection systems (IDS) and intrusion prevention systems (IPS). Then there is the physical layer of the laptop or workstation.
When it comes to that physical layer of protection, one thing that makes security pros everywhere cringe: admin rights on a laptop! Because admin rights are not about the end user making a right or wrong decision, it’s about the things that you click, like a link in an email or text message. If a user clicks on a compromised link and doesn’t have admin privileges, that bad actor could only go so far before it died, because it wouldn’t have access to anything else. But when you put admin rights on a laptop, you are giving bad actors the keys to the kingdom if a user makes just one wrong click.
And then on top of that physical layer and everything else, you’ve got the human layer—talking about and educating about security awareness and best practices—and that’s more important than any tool.
Finally—educate, educate, educate. Let your customers know about security best practices, and help their employees understand why these security measures are in place and important. That’s the best thing you can do as an MSP.
Proactive security starts with unified visibility. Learn how Liongard gives you full visibility all the way down to your endpoints—schedule a platform walk-through today.
This guest blog is courtesy of Liongard. Read more Liongard guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.