Security Practices State Capitols
Should Put in Place Today
– Stel Valavanis
“As COVID-19 continues to change the way we work, and where we work, businesses are reconsidering decisions made in a crisis mitigation mindset, and planning for the future we now live (and work) in.”
As COVID-19 continues to change the way we work, and where we work, businesses are reconsidering decisions made in a crisis mitigation mindset, and planning for the future we now live (and work) in. At the outset of the pandemic, teams were sent home and often directed to do what they needed to do to stay operational as fully (and quickly) as possible. Leaders had to move quick and make decisions that would impact their organization’s ability to continue to thrive, or even just to survive, and cybersecurity was often not a high priority, if it was considered at all. As it looks increasingly likely that remote working will not be going away, and actually looks to become the “new normal”, organizations are taking a breath, a step back, and looking at some of those decisions with a different eye.
Our company, like many others, did have some apparatus in place for remote working before COVID-19. Many members of the onShore team worked from home for at least a portion of their time. The preparation and planning that allowed our staff to be able to work from home securely paid off in a big way when we, as many companies did, made the transition to remote work quickly, and without much warning.
As many offices do, onShore uses an online collaboration tool to work together, and this has proven invaluable during the pandemic. Our choice to use RocketChat was influenced in no small part by our security concerns, and we have found that working and living in the software has not only allowed us to maintain our high security standards, it’s actually increased our base level of security, through no additional effort or expense on our part.
One of the reasons we choose open source software like RocketChat is that we could host and run the software on premise, meaning on our own servers. As a cybersecurity company, we know that one of the biggest vectors for damaging cybercrime are third party vendors. The cloud, as they say, is just someone else’s computer. When one gives up hosting, akin to physical possession, they also give up control and awareness of the security of the data they store in the cloud. When this data makes up a large part of the private communication of an organization, giving up possession should not be taken lightly.
One reason organizations may be deterred from an on-premise solution is a perceived cost or operational difficulty inherent to doing so. However, RocketChat and other open source solutions often come with all the support of their higher priced alternatives, and the community support is unrivaled. Professional, first party support and management can typically be retained, as a service, much like they can be for non-open source software, or disregarded (if unneeded).
Living in an online collaboration tool reduces the inevitable (though often unintentional) skirting of cybersecurity and compliance policy. As employees are one of the other biggest vectors for cybercrime, encouraging and enforcing adherence to policy is more important now than ever, but can surprisingly be easier to do under WFH conditions. Without physical proximity, for example, it actually becomes more cumbersome for employees to communicate with each other out-of-band, and thus less likely to occur.
As 2020 draws to a close, businesses and organizations will continue to live with choices they made in the haste of the early pandemic. Those choices allowed them to survive 2020, but may not be right for the changed environment that will exist through 2021. If your organization is using online collaboration tools, it’s time to consider how they serve you and how you might be better served now that you have the space to examine the best options available.
To hear more about how onShore Security uses RocketChat to ensure the security of our online communication, please see our webinar, “The Overlooked Risks of Online Collaboration”.
“Any business large enough to offer retirement benefits can be considered a target with financial information worth stealing, especially as attackers know that employers and plan sponsors are usually not required to have sophisticated cybersecurity measures in place, and are new vectors of vulnerability.”
It’s no surprise to those in the financial services industry that they are required and expected to have a certain layer of cybersecurity. The information they work with on a daily basis can easily be used for cybercrime, should it fall into the wrong hands, and so financial institutions protect their data against hackers and cybercrime. What may be a surprise, however, is the threshold for what could rightfully be considered a financial institution. Any business large enough to offer retirement benefits can be considered a target with financial information worth stealing, especially as attackers know that employers and plan sponsors are usually not required to have sophisticated cybersecurity measures in place, and are new vectors of vulnerability. Organizations that have not planned for high-level cybersecurity attacks, not seeing themselves as potential victims, are frequent targets of experienced hacking groups. Organizations that are involved with 401(k), either as employer or plan sponsor, should consider that the data they retain may require the kind of security measures that self-identified financial institutions consider part of their daily operations. [Read more…]