October is Cyber Security Awareness Month
In 2003, the United States, Canada, and the European Union decided to raise public awareness of cybersecurity threats. They designated October as Cybersecurity Awareness month and launched a month-long campaign for raising awareness. Each year they focus on a different area of cybersecurity.
In its 17th year, the National Cyber Security Alliance (NCSA) has set the focus for this October’s program on individual responsibility for cyber protection. Whether the individual is a person or a corporation, everyone needs to do their part to minimize cyberattacks. With the number of incidents on the rise, it has never been more vital to follow NCSA’s advice: Do Your Part #BeCyberSmart.
As more people continue to work from home, the line between home and office security has blurred. In many cases, employers resorted to the bring-your-own-device approach as the fastest method for getting employees back to work. Unfortunately, this approach has created a host of potentially unsecured endpoints.
Federal Bureau of Investigation has reported that cybercrime complaints in the first seven months of 2020 equaled all the complaints in 2019. With the increase in remote workers, two new phishing campaigns attack Skype and Zoom.
Hackers send what appear to be legitimate notifications from Skype. When employees click on the link, they are sent to a website that looks like a Skype login page. Once the credentials are entered, the bad actors have access to the work network. According to researchers, 50,000 emails have been seen, exploiting those using Zoom.
For cybercriminals, remote workers represent potential targets. If employees fail to secure their networks and employers do not keep employees informed of potential threats, hackers will take advantage of every vulnerability and weakness. That’s why it’s crucial for employees to secure their home network and for employers to implement stricter connectivity requirements.
Employers should consider moving to a zero-trust model for granting network access. That model does exactly what it says – Trust No One. With more employees accessing work resources remotely, employers have to ensure that employees are who they say they are. Multi-factor authentication is one way to ensure an employee’s identity.
Multi-factor authentication (MFA) is a security system that requires more than a username and password to verify a user’s identity. MFA defines three categories of authentication, which are:
- PIN, password, or data that the user creates.
- Property such as smart cards or smartphones that the user owns.
- Physical characteristics, such as the fingerprint or voice of the user.
For remote employees, they could enter a password that would trigger a code to be sent to their cell phone when verified. The code would be used as the second form of authentication. A hacker may steal a username and password, but would not have
A virtual private network or VPN creates a secure connection between a VPN server and a device. A VPN client is typically installed on the device. When the client launches, a secure connection is established. This connection acts as a tunnel, encrypting all data sent through the tunnel. The VPN runs in the background until the connection is closed.
While a VPN connection is active, hackers can’t see the device or the data sent through the tunnel. Using a VPN connection protects a company’s digital assets while in transit and reduces the chances of a hacker breaching the remote device.
Working from home comes with distractions. Whether it’s children, pets, or delivery personnel, it’s easy to click on a link or open an attachment without thinking. That one move could be the opening a hacker was looking for. Employers need to be vigilant about reminding employees of cyberthreats.
Companies should have a documented process for reporting a potential incident. Businesses can’t protect against an attempt if they don’t know it happened. Company-wide emails about recent scams or phishing attempts can alert employees to possible threats. According to a recent study, 90% of data breaches are the result of human error.
Working from home may mean strengthening an employee’s home network. Some guidance may be needed to help employees know how to tighten their network security. A list of recommendations such as the following can help:
Some companies may deploy anti-virus protection on all devices, even on personal devices being used for work. More likely, employees will be responsible for protecting company assets. Installing anti-virus protection, at a minimum, should be the first step for all employees.
Cybercriminals find vulnerabilities in operating systems and applications that are patched through software updates. Unfortunately, people don’t keep their software up to date, which exposes them to attack. Employees should update all programs to the latest versions to minimize possible breaches.
Employees need to configure their WiFi to support encryption such as WPA2 or WPA3. If they don’t, hackers will be able to see everything sent or received over the connection. WiFi passwords need to be as strong as possible to make it more difficult for hackers to access the network. Otherwise, they will have access to everything they need without touching a computer.
Employees need to change the login and password for their routers. Many users do not change the router settings from the manufacturer’s default. Most hackers know the security defaults for every router, making it easy to take control of the router. Once a hacker is in control of a router, they can see everything connected to the network and take control over connected devices.
Do Your Part
Strong cybersecurity requires everyone to do their part. Whether it’s implementing strong authentication procedures or securing home routers, both employers and employees have to actively participate. If you need help protecting your network, contact us. We can secure your network from end-to-end.