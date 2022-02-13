As businesses lift out of the two-year COVID-19 pandemic and look to establish a new way of working, I.T. consultants are alongside them to help address their changing cybersecurity needs.

After the early stages of the pandemic emptied out offices across the country and sent employees home to work, businesses now find themselves in a transitional period, looking to formulate an effective balance between in-person and remote work.

And while some companies are summoning their workforces back into the office, Steven Lauber, owner of Grand Rapids-based I.T. service provider Trailhead Networks, said an overwhelming majority of his clients look to keep mobile work as a significant piece of what they do.

“We deal with a number of small businesses, and almost all of them look like their environment is going to involve remote work as a permanent piece,” said Lauber.

“I deal with customers that have never, up until two years ago, considered the need for that, where now it’s a piece of it,” he added. “And, I do think that’s going to be there for the foreseeable future.”

By expanding remote work, companies have changed their protective perimeters, relying on professionals like Lauber to shroud both in-office and remote machines and devices with comprehensive protection.

Lately, Lauber said his company has spent significant time analyzing these new needs of their now-mobile clients to implement the necessary solutions and provide ample protection.

“That’s been a big focus for us over the last six or nine months, bringing some of these additional cybersecurity tools to customers that now are coming out of COVID, or the nature of their businesses are just evolving.”

Time to regroup

The emergence of COVID and ensuing exodus from offices was a major shift for companies, leaving both executives and I.T. professionals scrambling to cobble together a functional work-from-home infrastructure.

With the dust beginning to settle, businesses now have an opportunity to step back and reexamine their approach to remote work and the cybersecurity that protects it.

Andy Kaiser, owner of Grand Rapids-based Kaiser IT Group LLC, said companies had to be careful not to turn a blind eye to cybersecurity practices amid the chaos of COVID.

“For us, it wasn’t really circumventing security as it was reducing functionality,” Kaiser said of the quick transition. “Meaning: You want to work from home? We can do that for you quickly, but we’re going to limit what you can do significantly.

“That caused frustration, and now, after a couple of months, we developed the solution and now we are able to provide more of an extension of their office network at home.”

New cybersecurity practices must then go into place to protect networks that are now loaded up with laptops and mobile devices.

Kaiser and his team, for instance, mandate that their clients only use company-issued machines and devices instead of a bring-your-own device format.

Also, a remote workforce makes it easier for hackers to target individual employees with email phishing attacks and similar scams, which is why Kaiser and his team prioritize employee training.

“(Employees) are an important part of the security piece that often get overlooked because you’re dealing with people and not a program,” he said. “It’s very important and we do see that it’s not as prioritized as it should be.

“We have some clients that make a point of saying, ‘Get over here and train my users,’ and some that really ignore the issue.”

Change drivers

With many companies already embracing mobile and remote work before the pandemic, Randy Brinks, CEO of Grand Rapids-based RedRock Information Security LLC, said the influx of remote work isn’t necessarily driving change in cybersecurity demands. Instead, it’s ancillary needs.

Brinks said that a combination of high-profile breaches and an increasing number of cybersecurity threats have led to an uptick in companies seeking cybersecurity insurance.

As they do, many are finding that their cybersecurity infrastructure fails to satisfy the requirements to gain coverage.

Brinks said his team has worked with a growing number of clients to help them enhance their infrastructure to gain eligibility.

“It’s not that cybersecurity is becoming more strict, it’s just that more people are buying cyber liability insurance, so when they go to buy it, they realize that the insurance company wants significantly more controls than what they have in place in order to provide them with that insurance.”

Evolving compliance needs in a variety of industries is another factor that is rendering some cybersecurity strategies obsolete. Brinks and his firm work primarily with companies belonging to the finance industry, which are beholden to National Credit Union Administration and Federal Deposit Insurance Corporation regulations.

“Those examiners are getting more and more strict on what they’re asking customers to do,” Brinks said. “Five years ago, a customer could have been compliant and today they’re doing the same thing they did but they might not be compliant.”