Getting Proactive About Cyber Security with Remote Employees
On this episode of The Bottom Line, Tim Schuster, Senior Manager in EisnerAmper’s Private Client Services Group, is joined by Rahul Mahna, Partner and leader of the the firm’s Outsourced IT Services team. The two discuss the impact of remote work on IT security, the risks business leaders need to be aware of, as well as best practices and preventive measures to minimize risk.
Tim Schuster:Hello and welcome to The Bottom Line. This podcast examines the everyday business and finance issues faced by closely held and private businesses. We hope to provide you with news you can use in what we like to think of as a jargon-free zone. I'm your host Tim Schuster, and with us is Rahul Mahna, a managing director and leads EisnerAmper's Outsourced IT Services group. Today, we'll discuss with Rahul the top technology issues businesses should consider for remote workers. Rahul, how are you, buddy?
Rahul Mahna:I'm doing well, Tim. Thanks so much for having me on.
We're glad to have you on, Rahul. What strains on technology does hiring or having remote workers have on a business's system?
RM:Tim, that's a really good question, and I'd have to say it's one that we've been getting a lot from our client base over the last couple years.
TS:I kind of figured.
RM:Yeah, yeah. So I'd like to think in pictures, and so I'd like to draw a mental picture for everyone. So previously, before COVID, before the pandemic, we had a castle. And if you think of a castle, the castle had nice solid walls, and we had a moat around the castle, and there was a drawbridge that allowed people in and out. If I think of that, I think of most of our clients in what their offices used to look like. We, as outsourced IT providers, would go in, we'd put new walls in the castle, we'd put new windows in the castle, we'd maintain that moat and keep all the security and keep all the bad guys out of the castle.
And then what happened? COVID hit and now everybody left the castle. Now the challenge for us as outsourced IT providers is how do we go and protect all of these people that are outside the castle and make sure that they are all operating safely, securely, they're communicating with the main office, if there even is one anymore? That's another caveat. A lot of people just blew up their castles and there's no castle left anymore. So we have a whole host of new issues that we have to deal with. So no easy answer, but there's a lot of smaller things that you have to do and keep layering and layering different solutions to protect all those hybrid users.
TS:Well, Rahul, I really appreciate the visual cues that our listeners have here, right? I'm never not going to not see a castle now and not think about what an IT service can be providing, which really comes up to that moat you talked about, right? Like the security measures that you guys have. So what are some security concerns that some of our clients should be considering?
RM:Wow, that is a big question and one that's hard to tackle with a simple answer, but I will start with probably the most obvious. So when you look at the data that comes back from security and breaches, still, I would say, 80 to 90%, and I don't have the exact number, but it's around that high, is coming from users. And it's, the users are still essentially clicking on bad things. And so when we were in the castle, there was a lot more software, there was a lot more protection, there was a lot more ways that we could protect them through different security measures. And now that they're outside of the office, the one thing that I encourage most with our clients is keep educating those users. Spend a lot of time and do phishing tests, do trainings for them, do webinars for them. The more you educate them as they are extensions of your office being outside that castle, the more smarter you make them personally, the better your cyber hygiene will be, your operational fitness will be and hopefully protect the organization as a whole.
TS:I think that's phenomenal and actually leads me into next question that I have for you. I would like to be proactive with folks, right? Thinking ahead, what are additional preventative measures that we can be doing or you can be doing that we can help our clients with in this regard?
RM:There's a lot of basic things that I think we can all be smart about every day. I think one thing, and I recently wrote about this in a blog post, was as you're traveling, again, be thoughtful about what Wi-Fi you're connecting to. You're going out and you're a hybrid worker. Does that mean you're hybriding in Starbucks? Right? And so people do that.
RM:They spend six hours in Starbucks. But you're connecting to Starbucks' Wi-Fi, and if you break that down, is Starbucks updating their router and their firewall? Do Starbucks have any security measures on that internet access? Is the person sitting next to you actually observing your computer and breaching into your computer because he's also or she's connected to the Wi-Fi at Starbucks? So I think in general, be thoughtful about where you're connecting. Keep in mind passwords are still very important. I'm a very big fan of a password management tool, and there's a lot of them out there like LastPass, for example. I'm a huge fan, and I cite that as probably my number one favorite app that I use personally and how it's changed myself. And so I think just be a little bit more aware of your connections, your passwords, things that you open, things that you click on, and report it back to the organization, because I think IT departments are all struggling. They're all trying to figure this out. And the more you educate them, the more you help the whole organization.
TS:I think that's phenomenal, Rahul. And do you have any parting words for our listeners today as we wrap up this episode?
RM:Parting words would be stay safe in the way you operate with your IT systems. Don't just think that everything will work and it should work. Whether you're at home, remember, if your kids are connecting to a gaming site, that gaming site could be bringing in malicious content. And if you're connecting on the same network, be thoughtful about that. As I said, be thoughtful when you travel. When you get to the office, make sure you're doing your updates, your patching. Those make a big, big difference in the way the computers work and the way your organization can be secured.
TS:I think that's great. And us as users, they may seem annoying at times, but they are a necessary thing in order to make sure you have the most updated information on your computer. And it's important to know that we are in this together. Thank you, Rahul, for this valuable information, and thank you for listening to The Bottom line as part of the EisnerAmper podcast. Visit eisneramper.com for more information on this and a host of other topics. And join us for our next EisnerAmper podcast when we get down to business.
Transcribed by Rev.com
Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.