Do you remember the early weeks of the COVID-19 pandemic, when everyone wondered how many weeks, or maybe months, work and social activities would be disrupted? Anyone expecting a relatively short return to the status quo has been not only proven wrong but proven wrong over and over again during the various lulls and spikes in the pandemic.
Clients’ return to the office has only happened in fits and starts, if at all. With conditions on the ground constantly changing and varying safety requirements in place among different companies, cities, states, and the federal government, planning has been challenging to say the least.
Additionally, many companies have implemented fully remote or hybrid policies. As a result, remote work infrastructure that was hastily thrown together at the start of the pandemic has needed to be re-considered and upgraded to accommodate these long-term shifts. Subsequently, MSPs must provide flexible and robust security solutions to ensure that cloud-based applications and data remain safe.
Early on in the pandemic, some surveys showed that around half the U.S. workforce was home-based—a considerable shift. However, employees and many employers recognized clear benefits to remote and hybrid scenarios as time went on. These became even more apparent as workforce shortages emerged. Employers that can do so can significantly expand their pool of potential hires using remote work technology to eliminate geographic boundaries. According to McKinsey, “More than 20 percent of the workforce could work remotely three to five days a week as effectively as they could if working from an office.”
For MSPs, that means their clients must view cybersecurity via a highly decentralized perspective. For example, if employees can log in from any machine in any location, then security cannot rely on traditional firewall or VPN-based protection. And even those planning to return to the office in full should take a lesson from the events of 2020-2022 and make sure they’re prepared for a fast transition to remote work during an emergency.
There are a few things that MSPs should discuss with their clients, regardless of what stage of this transition they may be.
- Re-evaluate emergency procedures or technology put in place at the start of the pandemic. Unless the client already had a strong remote work strategy established, these ad hoc solutions could create additional security gaps or vulnerabilities. They may have also invested in temporary software fixes that they can discard.
- Encourage the use of security best practices and technology. Remote access cannot rely on traditional VPN and password approaches in the current fraught cybersecurity environment. They create too many opportunities for cyberattacks, and the inherent latency in a VPN can impede productivity. Leveraging Zero Trust architectures and multi-factor authentication shifts the focus from the network/device to the actual end user.
- Use the cloud for backup and restoration. Before the pandemic, the transition to the cloud for many services and resources was underway, and MSPs should take advantage of current conditions to help shift their clients to cloud-based backup and recovery. This is essential for remote/hybrid work scenarios and beneficial given the growing ransomware threat.
- Emphasize security awareness training. Working from home may have encouraged some bad security habits among employees, so it will be necessary for clients to ensure that their staff can successfully recognize phishing emails and other types of attacks. They may also need to be trained (or re-trained) on remote access security policies and protocols. That is particularly true of employees who may work part of the week at home and part in the office.
- Augment technical support with empathy. The shift from the office to remote and back again (or from the office to remote to a hybrid environment) will be challenging and stressful on many levels. According to Bloomberg, a cottage industry of return-to-office “experts” has sprung up to aid companies, many with questionable resumes. For example, client IT and HR staff have spent the past two years trying to become experts in remote conferencing technology, privacy law, ventilation, and public health policy. MSPs can help alleviate some tech-related logistics and reduce stress on these employees.
Because MSPs were there to help with the unexpected transition to remote work, they are in a position of trust to help clients adjust to whatever their new normal happens to be. Engaging clients early in the process and offering robust security with a full suite of support will make this process easier and emphasize the MSP’s value.