How The Best MSPs Harden Remote Office Networks, According to Pax8

‘Once a year take that next step and engage in actual penetration testing. Let someone else come in there and see if they can breach your system,’ says Craig Donovan, vice president of partner service at Pax8.

Born-in-the-cloud distributor Pax8 has some advice for partners to harden the security of their network as their workers remote in to the office from home, or a neighborhood coffee shop.

Pax8 Channel Chief Ryan Walsh, and Craig Donovan, vice president of partner service, told partners one of the easiest ways to make sure their office networks are secure is to thoroughly vet all the applications employees are allowed to install on their work devices.

“Every additional non-business related application, just increases the exposure of your entire company and all of its data,” Donovan said.

The two helped kick off the opening day of the NexGen+ 2020 conference, produced by CRN’s parent company The Channel Company.

“When the pandemic hit, what happened was it became all about speed. Speed to respond. So many people just turned on a VPN, but didn’t check what was on those devices. They were almost asking for trouble,” Walsh said.

Companies that need to go remote are best off buying a new device, and securing it with corporate best practices. In the event an employee needs to use a personal device, Donovan said the best MSPs use a Windows Virtual Desktop and “firewall up” all of that user data.

Verifying that a network is as strong as it is believed to be, is another critical step that good MSPs take, Donovan said.

“We strongly recommend that partners, IT shops inside companies, engage in regular security assessments and have either an outside contractor, or find software that evaluates your ecosystem and makes sure you know what is on it,” he said. “Are all your patches up to date? Then once a year take that next step and engage in actual penetration testing. Let someone else come in there and see if they can breach your system.”

Public Wi-Fi networks are another common vector that bad actors can use to breach a company’s network, Donovan said. Avoid public Wi-Fi is the best advice, however if a person must, try to use encrypted emails, then use a VPN to send it. But the best advice he’s heard from MSPs is to use a cell phone as a hotspot and tether the laptop to that connection in order to send emails.

Planning for the worst is also an unfortunate reality of today as well, Donovan said. With bad actors seemingly able to strike networks at will, knowing what to do during the opening seconds and minutes of an attack are critical.

“Time is of the essence,” he said. “Studies have shown that by the time you find out about an attack, the bad actors have been in your system days, weeks, maybe months. Every second you are not communicating exposes your company even further. Make sure you know how to communicate with everyone in a method that is not just email. What are you going to do if email is breached and down? How do you get word out to your people? Define a plan. Know who you are going to call and how you are going to get that message out.”

No matter what network security looks like, human error will always be the X factor that companies must plan against. Donovan said that paradigm can be flipped by training employees how to spot a threat and empowering them to report it to IT.

“If you are just counting on security awareness training, you are expecting all 100 people to do the right thing and not click on the link,” Donovan said. “However in a culture of security reporting, you just need one person to do right thing, recognize the phishing email, notify IT so that they can quarantine it.”