[00:51] COVID-19 seems to be all anyone in the managed services or IT space is talking about right now. And it’s not hard to see why. It’s all about how to enable remote workers en masse as cities and regions lock down.

[01:19] There’s no doubt there are a lot of ways to get hit and hurt by this pandemic…but there’s also hope and positive things happening.

[01:20] Your clients are depending on you. If you can ride through the challenge and lead them through this, you will come out on the other side with a strong footing for whatever comes next.

[01:42] I will be focusing on MSP and technology issues in the context of COVID-19 for the next few episodes at least.

[02:22] My guest today is Ken Thon, a sales engineer at Webroot. Prior to working in software, Ken worked in sales and project implementation at a couple of MSPs—so, like many of my guests on the show, he has the perspective from your side of the desk.

Listen here


How to Securely Enable Work From Home: Interview With Ken Thon

Ken Thon, Webroot
Ken Thon, Webroot

[03:11] MSPs are facing a lot of challenges right now as many of their clients are trying to switch to a work-from-home scenario.

[03:57] There are challenges, but there are also opportunities for MSPs. They can educate the clients and give them the tools to implement remote work securely.

[04:59] With the pandemic, there are a lot of scammers out there with phishing emails, phone calls, and even text messages. A lot of criminals are taking advantage of the situation.

[06:00] Layers for implementing security include a BYOD (bring your own device) policy. MSPs can establish which devices should be used. They must have safeguards such as strict password policies, malware protection, and the ability to erase business sensitive data.

[06:52] User permissions is another big area. Educate the users on what they should be aware of and then implement the policies.

[07:27] There are a lot of available templates for BYOD policies to be able to pull something together quickly. You can implement a system where only registered and approved devices have access to the network.

[08:32] There are many utilities and applications that enable you to register a specific device and then approve it internally.

[09:02] MSPs can offer a complete cyber resilience package. You can start with security awareness training, DNS protection and content filtering.

[09:36] Also implement endpoint protection with antivirus and anti-malware, and have a backup and recovery strategy. Back up servers but also back up Office 365.

[10:07] Ken highly recommends that MSPs implement this layered approach.

[10:39] Many vendors offer online cloud-based security awareness training.

[12:04] Make sure at-home workers have appropriate bandwidth in place. Also make sure they secure their Wi-Fi network. Turn off network broadcasting and make sure the router firmware is up to date.

[13:47] You can use a remote access tool to help your clients with these security measures.

[14:21] To secure a home network, also ensure good password hygiene and use 2-factor authentication to augment password security.

[14:58] It’s also a good idea to educate your customer about not using public Wi-Fi.

[15:43] The big thing that MSPs might be missing right now is spending too much time looking at high-level security implementation but not addressing the basics.

[17:01] Communication is very important. MSPs need to enable multiple streams of communication.

Listen here

Like what you hear? Listen and subscribe.