While there’s universal agreement it would be great if Covid-19 went away, there’s one thing the pandemic spurred that’s welcome to stay. Hybrid work with a remote component has become overwhelmingly popular among American businesses, with nearly three-quarters of them adopting the model permanently.
This new way of working, however, brings with it a set of challenges for employers. Some of the risks that can come with a remote setup include weak Wi-Fi security, the lack of a firewall, unsecure personal devices and security errors. And for businesses without a big IT staff or budget, structuring remote work amidst surging cybercrimes can seem like a daunting task.
Wolfgang Lewis, regional vice president, Comcast Business, Twin Cities, spoke with Minne Inno about how companies can take a proactive approach to cybersecurity in a perimeter-less environment. The conversation was edited and condensed for clarity.
The hybrid work model can bring substantial benefits for employers and employees alike, but it also presents myriad IT challenges. What are these challenges?
Wolfgang Lewis: Two years ago, nearly everybody worked in the same brick-and-mortar facility. From an IT perspective, when everyone is in the office, IT departments can monitor network traffic flow within a physically defined perimeter. With remote work, that perimeter went away. It became a challenge to monitor and control the applications employees were using and the content they were accessing.
Home broadband or even connecting to the internet using a hot spot can expose remote employees to several different threats you wouldn’t have inside a conventional office environment with a centralized cloud. Home networks can also be strained while kids were learning from home. This created a whole new world of complexity for IT teams. If you’re a smaller business, maybe you have only one or two people responsible for all of this.
What are some recent cybersecurity trends small- and mid-sized businesses should have on their radar?
Lewis: Ransomware, spyware and phishing attacks are all on the rise. There are whole communities on the dark web that are bad actors who share this data with each other and are actively looking for ways to monetize this activity. A new market has been created for people to expose business risk. You’re also seeing more distributed denial-of-service attacks that prevent legitimate users from accessing systems or information. If a retail business was hit with one of these attacks, for instance, it could prevent them from taking customer orders.
Why is it important for small- and mid-size businesses to have protocols in place to regularly assess their cybersecurity risks?
Lewis: Technology in and of itself is constantly evolving. Just think about your 4K TV and how different it is from the TV you may have owned just a few years ago. The same is true with cyber. Hundreds of thousands of new pieces of malware are created daily. With a distributed workforce and applications migrating to the cloud, there is increased exposure to security risks. Because these threats evolve so quickly, small- and mid-size businesses should establish protocols to reduce their exposure.
Research shows that 31% of businesses in the U.S. are forced to close after falling victim to a ransomware attack. Small- and mid-sized businesses may think they’re too small to be the target of a cyberattack. Why is this a misconception and what should they know about the need to take cybersecurity seriously?
Lewis: If you’re a local coffee shop or pizza place, gone are the days of somebody ringing up a sale on an old cash register and then going to a notebook to keep track of inventory. Everybody uses digital technology these days for transactions and inventory management. That’s great for the customer experience, but it also increases risk.
More digital devices increase the number of entry points into a business, no matter the size. And even if an attack doesn’t permanently close a business, it could result in the business having to lay off staff while it tries to recoup costs or the need to restructure the organization because of the attack. All businesses have data. And pretty much all businesses use technology to operate, which makes them a target.
What are some best practices for taking a proactive approach to cybersecurity?
Lewis: One ounce of prevention is worth a pound of cure. Some ideas include ongoing employee training to make sure end users are up to speed on potential threats. Something as simple as password protocols can help mitigate against an attack.
Once the training has occurred, it’s a good idea to go back and test employees on their cybersecurity knowledge to see if they’re able to apply it in a real-world environment. Pushing software updates regularly also is a good idea. These updates have security patches as new threats emerge. Proactive cybersecurity measures such as distributed denial-of-service mitigation services and Unified Threat Management solutions offer a proactive way to keep bad actors out, keep your business up and running and keep your organization’s name out of the cybersecurity news stories. The direct and indirect costs of having to respond reactively — during or after a cybersecurity incident — generally outweigh the costs of proactive cybersecurity measures.
What’s next for Comcast Business?
Lewis: We’ve been known in the market for our broadband connectivity solutions, but we’re excited to help customers continue to digitize their operations and implement cybersecurity solutions that will protect their valuable data and technology networks. Cybersecurity isn’t just an IT issue. It’s an overall business continuity issue. These small- and mid-size firms don’t have to go it alone as they look for ways to stay safe in an increasingly digital world.
Contact Wolfgang Lewis at 651-440-4874 or wolf_lewis@comcast.com if our Twin Cities team can assist with cybersecurity solutions to fit your business needs.
At Comcast Business, we help our customers safeguard their networks and data via high-performance and secure architectures by leveraging secure SD-WAN via our ActiveCore℠ platform, carrier-grade DDoS mitigation, Unified Threat Management and other solutions in our extensive managed services portfolio. Our advanced security solutions (Unified Security and Unified Secure Access) protect against most ransomware, malware, botnets, network intrusion attacks, and more for an enterprise-wide network. Unified Security is a software-deployed, on-premises solution powered by Versa networks. Unified Secure Access is a cloud-based solution for organizations to help protect connections to cloud resources.
Laura Newpoff is a freelance writer with The Business Journals Content Studio.