You would think that people like Elon Musk and Bill Gates would have bulletproof cybersecurity. But in July, their Twitter accounts were hacked along with the accounts of Warren Buffett, Joe Biden, and Jeff Bezos. It was the kind of simple security breach that happens to businesses of all sizes every day. Simply put, someone at Twitter was tricked into giving up passwords which they were trained not to do… just like your staff is trained not to do.
Since the start of the pandemic, remote workers have caused a security breach in 20% of businesses, according to Malwarebytes, an antimalware security provider. The haste to move work from office to home has left gaps in cybersecurity. A recent report on MSNBC stated that cybersecurity attacks cost businesses of all sizes an average of $200,000.
NOT A COMPUTER GEEK
You went to law school to become a lawyer, not a computer geek. So here are five safeguards a company like ours that specializes in helping businesses with security and compliance would look at if you just relocated your office to your home.
1. Security Awareness Training: Stay up-to-date with the latest phishing email and social engineering scams. Test yourself and your employees each month.
2. Disk encryption: This scrambles the information on the hard drives so if the device was stolen it’s unreadable. It’s a very simple security control that vastly increases your security and reduces your risks.
3. Encrypted DNS servers improve online security by ensuring that all queries go through a specific DNS server, so your business is better protected against any external attacks.
4. Encryption At Rest: It’s important that data is encrypted as it is transmitted online, but what about when the data is at rest? Data that sits in storage needs to be protected as well.
5. VPN or virtual private networks mask your identity and protect you especially when using free public WiFi or WiFi that could be shared such as in an airport or a coffee shop. VPN encrypts your entire network traffic, so it gets transmitted through the network securely.
6. Keystroke Encryption protects the keystrokes that you’re typing on your computer so that the passwords and any sensitive information cannot be captured.
7. Firewall: You probably have a firewall but you want to make sure it is current. A lot of firewalls have a software subscription through the manufacturer that is very important because it’s similar to antivirus; it has to be updated on a regular basis to be effective.
MOST COMMON GAPS
Don’t assume that cybersecurity you may have bought off the shelf or had installed by a third-party IT professional will crosswalk from your office to your home. In our work with clients since the pandemic started, these are the most common gaps in cybersecurity we have found in home offices:
1. Unpatched Software/Operating Systems are computer code with known security weaknesses. This is a major vulnerability in your office system. Vendors like Microsoft write additions to the code known as “patches” to cover up the security “holes” when they find them. Running unpatched software is risky because cybercriminals are typically well aware of the vulnerabilities.
2. No VPN, which I described above. You should definitely use a good VPN service whenever you’re connecting via an unsecured network, such as public WiFi hotspots.
3. WiFi Network Vulnerabilities can lead to intercepting the internet traffic of a WiFi network and possibly inject and/or manipulate data, without owning or breaking its password security.
YOU DON’T HAVE TO BE A ROCKET SCIENTIST
A simple remote assessment by a company like ours could cost as little as $500 to identify gaps in your cybersecurity that opened when you moved from your office to your home. It may also uncover gaps you already had in your cybersecurity.
You don’t have to be a rocket scientist to be hacked, and there is no vaccine against cyberattacks. But there’s still a lot you can do to prevent your information system from catching a virus. It’s all about taking the necessary precautions.
Proper preparation prevents poor performance.