Employers are recognizing the benefits of working from home, but cybercrime is on the rise. Companies are exploring the possibility of reducing a lot of the brick and mortar facilities yet when looking at the economics of going remote, the implications of the home office increase the potential for vulnerabilities. With these steps, you can avoid or reduce potential exploitation.
#1 Recognize that you’re a target no matter who you are.
Malware is very indiscriminate at this time. There still are some targeted attacks and cybercrime out there, but the vast majority is when an attacker can get to data, exploit it and use it. They may not want your data, they may just want resources, or they might want to use you to get to someone else. Recognize that you’re going to be a target in some fashion, no matter how big, how small, public sector, or private sector.
#2 User Training and Awareness
You need to recognize that everybody is a potential vulnerability for cybercrime. Everyone in your company needs user training and awareness including the basics of Phishing:
- Do not click on links in emails from people outside the company that you don’t know
- Do not open files that are received from someone outside the company that you don’t know
- If you receive a link or attachment from someone you do know and it looks off (weird link or attachment name), confirm through another method (text or chat), that the named person did indeed send you that information before opening it
- Do not forward or click a link or weird attachment.
- Always double-check email addresses to ensure they come from a domain name you know
- Verify with someone again through another method if someone is requesting information or something doesn’t seem quite right
- When in doubt- Do Not Click or Open
#3 Updating System Protocols & Current Software
Be certain that all of your antivirus, malware, spyware, and firewalls are updated regularly and that you are current with them. Using current software is essential because that’s constantly evolving, as are the threats. If you are beyond 5 or 7 days from a software update, you’re missing out; you’re missing a patch. Make sure your IoT devices – Smart refrigerators, door monitors, the camera systems – on-premise are passing security tests and updated. Because it’s not front of mind, IoT devices can be your gaping hole into your infrastructure.
“Here’s a real-world example. There was a casino in Vegas that had a fish tank, and the fish tank had an IoT device on it that just sat there and it monitored the temperature and water level. That fish tank was compromised, and once it was compromised, they got onto the Wi-Fi and compromised the organization. So I think user training is great.” – Chris Anderson, CISO for RDI Intuitive Technical
#4 Multi-factor Authentication & Encryption
A multi-factor authentication is a great tool for the remote world that a lot of people are living in now. Enabling encryption, particularly on wireless routers and on tools that you’re using, are small steps, but a lot of people don’t necessarily think about that when they’re setting up their home access and trying to have that convenience factor.
#5 Annual Cybercrime Risk Assessment
One of the best things you can do now if you haven’t done it is to take a look at everything. Even if you may not be a target, you may be one of those companies that get targeted because of a mass spread event. Go through an annual risk assessment or work with an IT provider like RDI Intuitive Technical to do an annual risk assessment on your cyber threats. Answer questions like what does my environment look like, and where do I sit on the cybersecurity scorecard? Just knowing where your risks are can help you decide if you want to do something about it.
Optimism Bias Towards Cybercrime
Optimism bias is where you think it will happen to everybody, except you. We hear it all the time, “I’m too small for that. It’s not going to happen to me. They go after the big guys. My data doesn’t mean anything to them.” That’s the worst thought process to have. You must realize that you are a target; it can and probably will happen to you.
#Security
To learn more about RDI Intuitive Technical, contact us!