ata security is a growing concern for businesses across all industries, especially when it comes to protecting digital assets at remote or rural sites. Adding to the challenge is the persistent shortage of skilled security specialists and semiconductor chips—exacerbated by the COVID-19 pandemic. However, companies can adopt strategic measures, such as using a third-party provider, to augment their technical resources and safeguard their information.

Today companies are placing a greater, and much warranted, emphasis on data security. As cyber criminals constantly find new ways to attack, identifying emerging threats is paramount. Phishing attacks, where hackers try to trick people into revealing private information, remain the single biggest threat to businesses, according to Christian Cheatham, senior solutions architect at Alaska Communications. “Phishing emails can come from trusted vendors’ or coworkers’ email addresses that have been compromised,” Cheatham says. “The tell-tale signs of phishing have become harder to spot, requiring even more vigilance from employees. Employee awareness training remains the best, first defense against business email compromise.”

A cyber insurance policy is another precaution, but some providers are pulling back on ransomware payment benefits. According to Director of GCI Security Architecture and Planning Mitch Kitter, cybersecurity professionals widely believe that most ransomware incidents occur because organizations are not taking basic safeguards such as security patching, spam filtering, and other measures; therefore, insurance companies do not want to pay benefits to companies that fail to deploy fundamental cybersecurity solutions. Furthermore, adds Justin Darin, senior manager of cybersecurity and information assurance with Virginia-based Leonardo DRS, insurance is of no use to customers whose data is compromised, as it mainly protects companies from liability.

Today, many entities are finding themselves in the dire position of not having enough skilled staff to satisfy their cyber and data security needs. A shortage of internal cybersecurity expertise can lead companies to attempt to balance operations and system availability while ensuring that technical resources have the time to ensure the security of the system, according to Darin. And depending on the knowledge and experience of the technicians, this could lead to some vulnerabilities being overlooked due to a lack of time.

Cheatham has similar thoughts. The scarcity of IT expertise has created a situation where working with a trusted partner can be especially beneficial for companies. It’s not always feasible for businesses to hire and maintain their own staff of technical experts, he says, and working with a managed IT provider gives them access to a breadth of expertise they can count on. For example, he says: “Alaska Communications is here to provide Alaska businesses with robust end-to-end support. Our managed IT customers receive proactive monitoring and alerting, which is critical to thwarting and mitigating cyberattacks. We use a layered approach to security, including firewall management, spam filtering, and end-point-detection and response to ensure our customers’ businesses are protected.”

Companies lacking the technical expertise in house to properly secure their remote and rural sites can partner with a third-party provider like Leonardo DRS, Alaska Communications, or GCI. For example, Leonardo DRS has a team of highly trained, experienced, and certified engineers that ensures all networks and IT systems that it operates or manages meet or exceed industry standards while maintaining the highest level of security, according to Darin. The company offers security solutions that can be tailored to customers of all types and sizes. “We secure end-to-end hybrid cloud solutions while implementing a variety of services,” he says. “These can include the ability to assist or manage system accreditation under the National Institute of Standards Risk Management Framework.”

For eighteen years, Leonardo DRS has consistently delivered cost-efficient, reliable, and scalable information and communication technology solutions throughout Alaska’s challenging environments, Darin says. The company, which primarily provides schools and health clinics with broadband services and optimized network applications like video teleconferencing, also offers enterprise solutions: managed services, technology support, cybersecurity, and network operations. “Leonardo DRS is dedicated to providing all its customers, no matter the size, with the best-fit and most comprehensive cybersecurity services that include the high security of our core network and satellite services to transport customers’ data anywhere in the world,” Darin says. “We maintain our system to the highest levels of security, which has allowed us the ability to be assessed and authorized by the US government and Department of Defense.”

Meanwhile, GCI provides a full suite of consulting services that include penetration testing, vulnerability analysis, vendor risk management, and virtual chief information security officer services, according to Michael Hamilton, founder and CISO at CI Security, a vendor that works closely with the Anchorage-based telecom. “GCI also provides managed detection and response, which minimizes the impact of security incidents through rapid identification and remediation, for organizations that do not have access to qualified cybersecurity practitioners,” Hamilton says. “GCI also offers managed firewall solutions, where GCI provides firewalls as a service, freeing up staff for more valuable activities.”

In remote or isolated locations such as Juneau, where businesses or government entities may offer WiFi to the public, segregating network traffic is an important safeguard.

nensuria | iStock

According to Alaska Communications’ Christian Cheatham, employee awareness training is the best, first defense against business email compromise.

nensuria | iStock

Another trend being driven by the pandemic is that many companies have moved into more of a remote or hybrid staffing plan. Businesses are moving their on-premises hardware and technicians to a cloud environment. “This allows for lowering the cost of hardware and maintenance and shifts a portion of the security responsibilities for the system to a third-party vendor with a dedicated team,” Darin says. However, GCI’s Kitter says companies going to the cloud need to understand their cloud service provider’s security responsibility matrix. This is usually a chart that depicts the security functions provided by the cloud service provider and those that the customer organization needs to manage itself. “Typically, cloud service providers take care of physical security,” he says, “but customers will still need to patch their cloud-based operating systems and implement virtual firewalls and other protective measures.”

In rural Alaska, it’s not uncommon for businesses or government agencies to offer free WiFi to the public, Cheatham says. Therefore, segregating network traffic between corporate and guest is an important safeguard.

Protecting large data sets with backups has been an essential function for organizations for decades, Kitter says. But in remote sites, limited bandwidth may make it more time consuming to copy large data sets to cloud storage providers. “For organizations that backup their data to tape or optical media, it can be more difficult to store that media in a location far enough away to be isolated from local events such as storms and earthquakes,” he says.

This becomes a more daunting obstacle in locations where hardware is not readily available.

Any company that relies on modern technology has been touched by a global shortage of semiconductors, the microchips at the heart of all types of business equipment. The shortage may result in higher prices or delays in procuring security hardware, Kitter says. “Storage upgrades in the form of larger drives or additional drives are also affected by the semiconductor shortage, as hard drives and solid-state drives also have chipsets in them,” he says. “Organizations may be able to squeeze more value out of existing hardware by utilizing virtualization.”

For businesses that are looking to implement a new IT setup within a thirty-day window, the chip shortage can cause several different issues. The first is cost: Companies that need a specific piece of hardware during the shortage will pay a premium price to acquire it quicker. This could lead to a situation where they may not have enough funding to implement other parts of their security plan or obtain all the hardware or staff requirements to maintain the network’s security after implementation.

Another problem that can result from the chip shortage is that it may prevent companies from meeting their hardware needs all together. “This could lead to a change in your security approach,” Darin says, “and potentially lead to some vulnerabilities within your system being left open due to the inability to obtain the infrastructure to properly secure it.” He recommends a life-cycle plan for IT systems and sticking to it to avoid surprises.

Although semiconductor supply chain disruptions are frustrating for businesses and consumers, working with a provider that has relationships across the logistics spectrum can make a difference. “We help our business customers meet their deadlines through our extensive partner network and purchasing power,” Cheatham says.

The healthcare industry sees a high rate of targeted attempts to steal personal data, says Alaska Communications’ Christian Cheatham.

nensuria | iStock

With various companies moving to a hybrid or remote work model post-pandemic, one of the key security implementations they should be looking at is ensuring they have a secure virtual private network that will allow their staff to securely connect to company assets from outside the office. The move to a remote work structure may prompt businesses to ensure certain applications only reside within the architecture and are never exposed to the public internet and, hence, are vulnerable to attack. “Along the same lines, companies will need to remain up to date with anti-virus and malware protection, and any vendor patches or updates that have been released to their systems are vital to ensuring a lower attack vector to your system,” Darin says.

Cheatham says Alaska Communications advocates layers of security, which provide multiple defenses against cyberattacks. “For businesses located in rural areas, security solutions may depend on the type of connectivity they have,” he says. “In most cases, we’d recommend slightly different solutions for businesses with terrestrial broadband than those with satellite connectivity. For example, for a business using satellite connectivity, we’d recommend their firewall be hosted by their broadband provider at its satellite earth station.”

Cheatham, like Darin, also points out that the rise in remote work is a factor that businesses need to consider when planning their cybersecurity strategy. “As the workforce becomes more spread out, we’re assisting our customers in setting up their remote workers with proper security tools to protect themselves and the company,” he says. “For remote workers, it’s important to have tools like content filtering, firewalls, and VPN solutions.”

For businesses in remote or rural areas, like Kodiak, security solutions may depend on the type of connectivity available, according to Alaska Communications’ Christian Cheatham; regardless, he advocates for layers of security.

chaolik | iStock

Companies should also consider going beyond the basic requirements to secure their data at remote or rural sites. It would behoove those that are located in rural areas to have a thorough business continuity plan because they are more likely to use it. In the event of a disaster—either natural or cyber—their remote location could cause delays in getting business up and running. “For example, having extra batteries for workstations and generators to back up your operations can be the determining factor in keeping your business running,” Cheatham explains. “Businesses in rural areas may not be able to purchase these things on the spot and have them in real time. Backup plans are essential for good security. At Alaska Communications, our experts help rural businesses create, evaluate, and deploy a comprehensive business continuity plan so they’re ready in the case of a disaster.”

Between the increasing regulatory requirements—such as Cybersecurity Maturity Model Certification requirements for defense contractors—and those coming from insurance companies as a condition of coverage, rural organizations are having to address cybersecurity to continue to be competitive. Security products can seem overwhelming and unattainable, Cheatham says. But many businesses can benefit from working with a trusted partner that can create a solution to meet their needs and budget. Even in rural Alaska, cybersecurity services are as close as the nearest keyboard.