“As COVID-19 continues to change the way we work, and where we work, businesses are reconsidering decisions made in a crisis mitigation mindset, and planning for the future we now live (and work) in.”
Open Source, High Security Collaboration
As COVID-19 continues to change the way we work, and where we work, businesses are reconsidering decisions made in a crisis mitigation mindset, and planning for the future we now live (and work) in. At the outset of the pandemic, teams were sent home and often directed to do what they needed to do to stay operational as fully (and quickly) as possible. Leaders had to move quick and make decisions that would impact their organization’s ability to continue to thrive, or even just to survive, and cybersecurity was often not a high priority, if it was considered at all. As it looks increasingly likely that remote working will not be going away, and actually looks to become the “new normal”, organizations are taking a breath, a step back, and looking at some of those decisions with a different eye.
Our company, like many others, did have some apparatus in place for remote working before COVID-19. Many members of the onShore team worked from home for at least a portion of their time. The preparation and planning that allowed our staff to be able to work from home securely paid off in a big way when we, as many companies did, made the transition to remote work quickly, and without much warning.
As many offices do, onShore uses an online collaboration tool to work together, and this has proven invaluable during the pandemic. Our choice to use RocketChat was influenced in no small part by our security concerns, and we have found that working and living in the software has not only allowed us to maintain our high security standards, it’s actually increased our base level of security, through no additional effort or expense on our part.
One of the reasons we choose open source software like RocketChat is that we could host and run the software on premise, meaning on our own servers. As a cybersecurity company, we know that one of the biggest vectors for damaging cybercrime are third party vendors. The cloud, as they say, is just someone else’s computer. When one gives up hosting, akin to physical possession, they also give up control and awareness of the security of the data they store in the cloud. When this data makes up a large part of the private communication of an organization, giving up possession should not be taken lightly.
One reason organizations may be deterred from an on-premise solution is a perceived cost or operational difficulty inherent to doing so. However, RocketChat and other open source solutions often come with all the support of their higher priced alternatives, and the community support is unrivaled. Professional, first party support and management can typically be retained, as a service, much like they can be for non-open source software, or disregarded (if unneeded).
Living in an online collaboration tool reduces the inevitable (though often unintentional) skirting of cybersecurity and compliance policy. As employees are one of the other biggest vectors for cybercrime, encouraging and enforcing adherence to policy is more important now than ever, but can surprisingly be easier to do under WFH conditions. Without physical proximity, for example, it actually becomes more cumbersome for employees to communicate with each other out-of-band, and thus less likely to occur.
As 2020 draws to a close, businesses and organizations will continue to live with choices they made in the haste of the early pandemic. Those choices allowed them to survive 2020, but may not be right for the changed environment that will exist through 2021. If your organization is using online collaboration tools, it’s time to consider how they serve you and how you might be better served now that you have the space to examine the best options available.
To hear more about how onShore Security uses RocketChat to ensure the security of our online communication, please see our webinar, “The Overlooked Risks of Online Collaboration”.
“Any business large enough to offer retirement benefits can be considered a target with financial information worth stealing, especially as attackers know that employers and plan sponsors are usually not required to have sophisticated cybersecurity measures in place, and are new vectors of vulnerability.”
Offering a 401(k) Could Leave Your Organization More Vulnerable to Cybercrime
It’s no surprise to those in the financial services industry that they are required and expected to have a certain layer of cybersecurity. The information they work with on a daily basis can easily be used for cybercrime, should it fall into the wrong hands, and so financial institutions protect their data against hackers and cybercrime. What may be a surprise, however, is the threshold for what could rightfully be considered a financial institution. Any business large enough to offer retirement benefits can be considered a target with financial information worth stealing, especially as attackers know that employers and plan sponsors are usually not required to have sophisticated cybersecurity measures in place, and are new vectors of vulnerability. Organizations that have not planned for high-level cybersecurity attacks, not seeing themselves as potential victims, are frequent targets of experienced hacking groups. Organizations that are involved with 401(k), either as employer or plan sponsor, should consider that the data they retain may require the kind of security measures that self-identified financial institutions consider part of their daily operations. [Read more…]
As October is Cybersecurity Awareness month, it seems more relevant than ever to highlight the role that cybersecurity can play in a company’s ability to retain the startup spirit, expand into new opportunities, and continue their digital transformation. This is why we say “Security gives us freedom”. Staying “cyber smart” goes beyond following a list of simple tips, however. As we say at onShore, security is a process, not a product. It is a challenge that must be answered every day. Our chances are better, our energies better spent, our initiatives are more likely to succeed when we work together. As COVID-19 sends our workers and businesses home and geography seemingly becomes erased, it is more important now than ever to remember that cybersecurity starts locally.
It is for this reason that we are excited to work with P33 Chicago, a group focused on digital transformation in Chicago. Its mission is reflected in its name: the “P” standing for people, purpose, plan, and progress. The “33” refers to the historic World’s Fair of 1933, a time when Chicago shined bright on the world stage, presenting the cutting edge, our White City a harbinger of an optimistic future. It references, too, this future, with 2033, the centennial of the World’s Fair, as an upcoming milestone and a date by which to have returned this startup spirit to Chicago. Though our “Second City” is actually the third largest in the US, it does not rank as a top-tier town for tech. Our city, once a destination hub for the tech-focused in the midwest, now retains only slightly more than half of the software engineers that study within the city itself at one of Chicago’s handful of top global universities.
With an established university pipeline, and strong venture capital scene, there is great potential to grow Chicago’s corporate tech investment and establish Chicago as a champion of digital transformation. We’re very excited to be working with P33 on an upcoming event for Fintech Spark, a new initiative to introduce financial companies to transformational ideas and practices in technology.
onShore Security will be presenting its cybersecurity solution to attendees. The use of digital data, a practice that has now permeated nearly every part of the business world, has enabled amazing opportunities, but this also carries a responsibility to protect the business and its customers from cyberattack and compliance violation. We’ll be speaking from our experience about detection, response, and how the process of security (powered by human intelligence and machine learning) scales and grows along with business needs and regulatory requirements.
“As long as there exists the false perception that ransomware can be waved away quickly by paying criminals’ demands, there will be organizations that see it as their best practice. In order to defeat it as a threat, the entire cybersecurity world, and the business world at large, must stand together and declare their complete unwillingness to negotiate with criminals.”
To Pay or Not To Pay Ransomware, That Is the Question…
By Stel Valavanis, CEO onShore Security
I’m beginning to think we should ban ransom payments to criminals or at least disallow insurance to cover them. I know that sounds extreme, but hear me out. It’s very worth exploring at this time, as the scope of the problem is exponentially growing in the wake of COVID-19. According to a new report by Emisoft, ransomware demand costs could reach new highs this year exceeding $1.4B in the U.S. in 2020. [Read more…]