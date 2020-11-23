Several months on from when WHO first declared COVID-19 a global health pandemic, remote working is now a normalized model for employees.

Throughout the ongoing crisis, technology service providers (TSPs) have played a critical role in enabling the connectivity and infrastructure that organizations needed to maintain their day-to-day operations. That includes securing the remote workforce and protecting the extended enterprise perimeter.

While larger enterprises may have in-house IT teams that are responsible for adapting cyber risk management strategies to cope with the impact of undertaking a massive shift to remote services, many SMBs are ill-prepared to combat the rising online threat landscape.

For TSPs, providing this important cohort of clients with best practice guidance and know-how will prove a mission-critical value-add service that many won’t realize they can’t do without.

SMBs are a Prime Target for Cyber-Criminals

According to a recent report by the insurance firm Hiscox, around 65,000 cyber-attacks are attempted on UK SMBs on a daily basis, with about 4,500 of these carried out successfully. The recent shift to home working triggered by the pandemic has led to a further tsunami of phishing, malware and ransomware attacks as cybercriminals look to target vulnerable SMBs.

Without specialist in-house teams dedicated to the task, staying on top of cybersecurity matters is typically more of a challenge for SMBs. So it falls to their TSPs to proactively initiate conversations about security and disaster recovery.

In fact, 91% of SMBs would consider using or moving to a new IT service provider if it offered the “right” cybersecurity solution, according to the latest Vanson Bourne SMB State of Cybersecurity report.

As well as checking the awareness and preparedness of business leaders, and whether they’ve covered all the important bases, these discussions will be helpful when it comes to establishing a clear understanding of where everyone’s responsibilities begin and end.

Step 1: Conduct an Initial Review of What’s Changed

Initiating an open and transparent conversation relating to cybersecurity should begin with an informal discussion about the current state of play. New ways of working introduce new risk vectors and increase their reliance on online services and BYOD means that SMBs may now need to assess everything from their network and backup capacities, to how they secure devices and services.

Those utilizing cloud services for the first time may need some additional hand holding around setting SLAs that are appropriate for their new needs and the importance of multi-factor authentication.

With 52% of UK SMBs planning to continue with remote working models for the long term, business leaders may need to be encouraged to formalize remote working policies and outline key employee responsibilities with regard to data processing and data security.

With regard to GDPR, some SMBs may need clear guidance on how to uphold their responsibilities in the wake of remote working procedures.

Step 2: Prioritize and Act on Risk

Having jointly reviewed what’s changed in recent months, ensuring that SMBs are primed and prepared for potential threat scenarios will next depend on agreeing what risk mitigation actions should now be prioritized.

As part of this process, TSPs may need to provide recommendations on the key questions that SMBs should ask of other providers to ensure there are no unexpected gaps or surprises with respect to their security position. Where relevant, this could include an exploration of any external supply chain and customer environments they connect or integrate with. At a minimum, this should include ensuring: