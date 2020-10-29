This is important, as threats evolve constantly, and those that rely on social engineering, like spear phishing, evolve in response to victim behaviour and the environment in which they’re deployed. Little wonder the UK’s National Cyber Security Centre, part of GCHQ, warns that “continued global susceptibility to phishing will probably make this approach a persistent and attractive technique for cyber criminals. Moreover, if the outbreak intensifies, it is highly likely that the volume of such attacks will rise.”

While training staff not to fall for socially engineered threats, like phishing, is a given, it’s important that firms also make sure their hardware isn’t vulnerable when unattended. It’s easy to become blasé when working from home, where the assumption is that physical threats are less viable. However, in that kind of workspace, where children may be present, an unlocked laptop can be a temptation for those who want to hop online to check their email, chat with friends or look up the answer to an assignment. Tools like Dell Optimizer can help, by automatically locking the computer when unattended, or sitting in front of an unknown user. It will then be physically impossible to unknowingly introduce threats by clicking dialogs or following links that connect to online threats.

Supporting your support staff

Malicious actors are constantly looking for new entry points and underexploited weaknesses, and are increasingly moving beyond traditional surfaces, like the operating system and applications, to target fundamental components, right down to the BIOS and UEFI.

What this proves is that security should never be an afterthought. Whether IT is managed by a single person, a team or an outsourced department, such roles have become more demanding, with the assets they administer dispersed to users’ homes where they interface with pooled resources across unknown and possibly untrusted connections.

Delivering in the face of such changes is made more difficult when IT support staff find themselves similarly isolated, which is why forums, like Dell Technologies’ Unified Workspace Community – giving IT pros a place to share knowledge, expertise and intelligence on emergent threats – are proving a vital line of support. Such online environments are increasingly important at a time when dispersed team members have lost the ability to bounce ideas off one another and learn from their peers.

The knowledge gleaned from such forums, along with empirical experience, should form the basis of a comprehensive policy for Information Risk Management (IRM). Comprising guidelines for the responsible use of company-owned equipment and networks, application choice and deployment, an IRM framework sets out the parameters within which the small business will use technology and evolve its hardware and software real estate.

IRM must also concern itself with the guardianship of an organisation’s most valuable asset: its data. Replacing customer records, research and financial statements can be time consuming and may be impossible without adequate off-site backups. It can impact a company’s overall value, too. Yahoo was written down to the tune of $350m in 2017 after it suffered two data breaches in the run up to Verizon’s purchase of the internet pioneer. Few small businesses would expect to suffer such a catastrophic write-down, but lost data could leave them vulnerable to prosecution if it meant they were unable to file tax returns, or they were found guilty of not taking adequate care of customer data. The latter can be spread far and wide when dispersed to work-at-home laptops.

Teamwork is key

Challenges aside, the increase in working from home has had many positives. Freed of the commute, staff arrive at their desks feeling fresher and better motivated, and increased reliance on – and acceptance of – online resources and cloud-based security means both staff and those who support them are taking advantage of a far wider, deeper pool of expertise.

At the same time, having a trusted provider like Dell Technologies onboard, while not abrogating small businesses’ responsibility for their own cyber security, gives them the support they need to face the future with renewed confidence. There’s no denying the next few months will be tough – bumpy, even – but by thinking through their requirements today, and putting appropriate systems in place, they’ll be better equipped to withstand whatever economic, political, and, yes, viral uncertainties lie ahead.

