There is something great to be learned about cybersecurity from this pandemic. Preparing for a crisis before it happens is far less expensive than recovering after it happens. The U.S. saved several billions of dollars cutting corners on pandemic preparation, and it’s now estimated that coronavirus will cost the world more than $300 Trillion when the economy is factored in – not to mention the death toll.
Smart preparation beats recovery every time. The same is true for cybersecurity where optimism grows out of preparation. Proper cyber hygiene, just like washing your hands for a full 20 seconds, is both mildly inconvenient and wildly effective. And we need it more than ever, because cybercriminals are taking advantage of the chaos. Going remote increases the exposure of company data exponentially, especially because we had so little time to prepare.
This outline focuses primarily on solopreneurs and small businesses as I have held out some of the more technically detailed information on how larger enterprises can further protect their remote workforce. In this time when so much is outside of our control there’s actually a great deal within our control when it comes to cyber security.
7 Cybersecurity Threats in Your Remote Workplace
I’ve put together the 7 threats that I feel, from having observed thousands of organizations with remote workers, are the FIRST you should address. This is not an exhaustive list, but a great place to start.
Threat #1 – Zoom Videoconferencing – Rapid adoption has meant little security
- I received a call from a client who told me two things had happened 1) They discovered that a competitor was lurking on a video BOD meeting and 2) When they discovered it, the user screen-shared porn, called “Zoom bombing”. Had this been a call between business and client, it would have been devastating.
- It is imperative that you consider the privacy and security implications of Zoom before you use it for sensitive or critical meetings: https://zoom.us/docs/doc/Zoom-Security-White-Paper.pdf
- This article from the NY Attorney General about Zoom privacy practices has good information https://www.nytimes.com/2020/03/30/technology/new-york-attorney-general-zoom-privacy.html
- To learn to use Zoom, please visit Mike Domitrz’s recorded webinar on the topic: https://www.youtube.com/watch?v=aVKbnQJrrjg&feature=youtu.be
Threat #2 – You and Your Kids – People, not technology, introduce the greatest risk into your systems
- Coronavirus scams started the day the epidemic was announced, let’s focus on…
- Phishing emails are a hackers best friend. Consent to download crimeware or upload logins
- These scams follow the headlines, especially a crisis (can be by text, phone or SM adv)
- Recognize the coronavirus scams
- Click Hygiene – pause for 20 seconds before you click – Too good to be true, too bad to be real, too dramatic to be worth your time, then ignore it
- The Hover Technique – expectations vs. reality
- 3rd-Party Spam Filters (corporate tip – block it at the Gateway)
- Train your kids, as anyone on your network can download malware and spread it elsewhere
Threat #3 – Cyber Blackmail – Cheapest tool hacker has is to lockup data & demand a ransom
- Ransomware – byproduct of phishing
- Worms its way to other devices – Home offices, kids click habits are biggest culprit
- 3-2-1 Backup Plan – iDrive https://www.pcmag.com/reviews/idrive
Threat #4 – Game of Knowns – 95% of vulnerabilities are known
- Outdated & Unpatched Operating Systems and software (Windows 7 Question – Bruce)
- No centralized firewall to protect whole network (not just yours) DSL Router
- Unprotected WiFi – Change Default PW, WPA2+, SSID Masking, MAC-specific addresng
- Unencrypted computers, laptops and mobile devices (BitLocker & File Vault) LIABILITY
- Wide open Remote Access Protocol
- Unprotected, wide-open WiFi
- SOLUTION: have an IT professional configure all of the above for you – working @ home, spend the money to prevent it up front. You can learn all of this, but devil in details.
Threat #5 – Cloud Hacking – We’ve pivoted to cloud computing and ignored the storm of cybercrime
- Setup 2-Step Logins (2 Factor Authentication)
- Enable a VPN
- Use a Password Manager Like Keeper, Dashlane or LastPass (https://www.pcmag.com/picks/the-best-password-managers)
- Dropbox is NOT a secure enough platform for PII or sensitive data
- Bad Communication – We email, transfer & store sensitive docs in plain sight
- Don’t email documents with sensitive info unless they are encrypted. PDF/Winzip/TrueCrypt (Use the portal with your financial provider)
- Messaging: Signal; Apple Messages (Not What’sApp, Facebook Messenger or Droid)
Threat #6 – Stupid Smartphones – The supercomputers in our pockets are a security afterthought
- Walk through EVERY Privacy and Security Setting on your smartphone. Period. If you don’t understand the setting, Google it.
Threat #7 – The “Squirrel” After this Class – Action distraction is the primary cause of breach
- Even when people have a checklist of what to do, the often don’t take action until after the breach, after the pandemic.
This is a broad outline of a starter course in protecting your virtual office. To customize a virtual webinar like this one to your organization, contact John directly on the number below.
About Cybersecurity Keynote Speaker John Sileo
John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank and an award-winning author, keynote speaker, and expert on technology, cybersecurity and tech/life balance. John specializes in making security engaging so that it sticks. Contact him directly on 303.777.3221.