CYBERSECURITY EXPERTS’ TOP 5 TIPS FOR REOPENING SECURELY
Returning to work is a topic on everyone’s minds right now, but how do we do so safely and securely? Today we spoke with three cybersecurity experts, Kevin Jackson, Vernovis, CISO, and Columbus Collaboratory’s Troy Vennon, Director of Security Innovation and Jeff Schmidt, Vice President, Chief Cyber Security Innovator, who gave practical advice on how to prevent long-term damage from this short-term situation. If you missed it, click here to view the full 30-minute Q&A session.
CLEAN UP WFH DEVICES
Reports have shown that home networks are anywhere from 3x-5x “dirtier” than corporate networks. This means you’re 3x-5x more likely to have malware on your home networks that you’re not necessarily aware of. You need to have procedures and processes in place to ensure WFH devices are updated and scanned for viruses before they can access corporate data or assets.
REVIEW QUICKLY IMPLEMENTED INFRASTRUCTURE
Did you have to scramble to purchase VPN’s to enable collaboration? Do you have API endpoints you had to stand up to ensure your team could work from home? The attack surface remains even after you stop using them. Now is a good time to start thinking about how to secure the infrastructure you had to implement in a rush.
BE HONEST ABOUT YOUR SECURITY POSTURE
If you already had a well-structured cybersecurity program in place and had planned for some business continuity plans in place it puts you in a good position to be flexible and retool and redirect safely as you shift the work environment again. The key will be having expertise on board and planning in advance instead of just moving forward, then having to react to incidents.
If you went into this with a poor security posture then you are at an amplified level of risk right now and for the next several weeks. Kevin Jackson shares, “The right answer: get help. Look at things like risk, tech, human factors, operations. Begin to plan now before returning to ‘normal operations.'”
DON’T FORGET ABOUT POLICY ISSUES
WFH and home-schooling have necessitated people installing things on their computers that weren’t previously considered. Out of necessity, children are using their parents’ corporate computers for remote schooling. That is not going away. A lot of school systems are talking about summer school, so for the foreseeable future computer systems are going to be shared and need to be factored into your security planning.
CONSIDER CURRENT THREATS
Within the past couple of weeks, we have seen an increase in these two threats:
Whale-hunting: Threat actors have increased targets on executive leaders, especially those executives who have become higher profile due to the pandemic.
Zoom Credential Dumps: We are all well aware of the hack that Zoom experienced at the beginning of the pandemic. As a consequence, we are seeing those credentials being dumped on the dark web. This means that threat actors can use those usernames and passwords and try to stuff them into other accounts to gain access. If your team members have used Zoom, be sure to remind them to change passwords on other accounts where they might have used the same username and password.
Again, click here to view the full 30-minute Q&A session. and don’t hesitate to reach out with questions. We want to help put Ohio back to work safely and securely.