The most exciting part of my job occurs when I have the opportunity to visit with a new client organization and help its leaders assess their security infrastructure and remediate any vulnerabilities. I enjoy being able to examine the current state of their cybersecurity programs and help them redesign elements to better address the modern threat environment.

Recently, I had the opportunity to engage in this type of work with one of CDW’s customers — the government of a midsized county. As we worked through the assessment, we identified two core issues that required immediate attention. First, the county’s network firewall platform was quite outdated, running technology that was over a decade old. The devices still functioned, but they were designed to protect against the threats of 10 years ago, not today’s advanced persistent threats. Our first core recommendation was that the county replace this aging firewall infrastructure with a modern next-generation firewall (NGFW) designed to stymie today’s attackers.

We also realized that the core of the county’s network lacked essential security controls. If someone gained physical access to the building and connected any device to the network, the attacker would have open access to all types of resources. There was no internal access control restricting the devices that could connect to the network and limiting the authorization of those devices based on the identity of the user. The county urgently needed a network access control (NAC) solution to address these risks and protect its network.

Before joining CDW, I served as the director of curriculum and innovation for a large school district in Texas. In that role, I witnessed the creativity and dedication of teachers firsthand. I often traveled with those educators to conferences where we learned together about exciting new technologies that could transform the classroom experience. When we arrived back at work on Monday, we were often disappointed to learn that the networking or security teams wouldn’t allow us to use our new favorite tool in the classroom due to privacy issues.

Back then, I had a hard time understanding the rationale behind those decisions. I felt like the “Department of No” was simply getting in the way of the real work of the district. Today, that experience helps me understand both sides of the equation as I work with CDW clients to develop their security programs.

I know that teachers are only trying to do what is best for their students, but they often don’t understand that they might be putting children in jeopardy if they’re not using safe, vetted applications in the classroom. That’s why I helped develop the K-12 Blueprint for Security toolkit, to better educate administrators, teachers, students and parents about privacy and security risks.

As organizations across the country have moved to remote work models, many have reported an increase in cyberattacks. Cybercriminals, it seems, are taking advantage of the public health crisis to exploit security vulnerabilities in home-based computer systems. What can organizations do to minimize the chances that their shift to remote work results in an expensive breach? We recommend a multipronged approach that combines the use of security tools and end-user education.

The global pandemic and social distancing measures have redefined the office for many people. Industries that never would have considered allowing their office employees to work from home were forced to rethink decades of business as usual.

This change has also brought new technology needs. Since these businesses had built technology infrastructures that relied on traditional network and application architecture, a shift had to occur. Suddenly, IT departments were dealing with overloaded VPNs or having to deploy a VPN that they never had to maintain before. Compound that with the fact that users are now accessing company resources from networks or assets that corporate IT has no control over, that most home routers are still vulnerable to exploitation and that, in many cases, the network gates were flung open in the name of productivity ― it’s enough to give any CISO an ulcer.

So how can companies mitigate these risks? Now that everyone is settling into a routine and we’re adjusting to this “new normal,” it’s an ideal time to reach out to your users and talk about security.

Few email users fork over their bank account numbers to Nigerian princes or click links to claim lottery prizes anymore. In fact, as digital natives enter the workforce, the collective sophistication of email users grows. Yet email scams are still big business. That’s because while users are increasingly savvy, so are the bad actors. Today’s…

I heard a question the other day that caught me off guard. “Why do you guys even sell IPS (Intrusion Prevention Systems), is there even value in that anymore? Shouldn’t you just recommend patching vulnerable systems?”