On Thursday May 21, 2020, Rebecca Fitzhugh, SobelCo, Michelle Schaap, CSG and Matt Hahn, Greystone Technology tackled the tough conversation on Cyber Security along with moderator Brad Muniz, SobelCo. While this is always a hot topic, the pandemic has created an environment where small and mid-sized companies are more vulnerable than ever.

Obstacles when working from home

In this one hour webinar, these experts addressed the specifics of keeping data safe and secure in a ‘shelter-in-place’ (i.e., work from home) situation. Those who are working from home may have a false sense of security but they are not truly secure unless they have committed to ensuring security and cyber hygiene at home.  

There are many challenges to address! Parents working from home may be sharing devices with children visiting popular gaming sites or sharing unsecured WiFi with residential, personal apps designed to control thermostats, security cameras, and appliances (the “IOT”, or “internet of things”), both of which could expose them to malware or hacking attempts. 

The additional challenge of working remotely only exacerbates the situation. Perpetrators of scams especially take advantage of those who are unaware and they are even more effective when people are isolated from each other.

What’s happening back at the office?

To make matters worse, in some instances while the entire staff is working from home, the cleaning crew or other maintenance services are continuing in the office. This too is a risk, along with the potential lack of security that may be occurring with vendors. An interesting statistic demonstrates that 60% of attacks happen as a result of a breach through a vendor. How do you manage that challenge? You can begin the process by asking to see the vendors’ policies and protocol, or to complete a questionnaire that outlines the precautions they have taken to secure your data. As their customer you should be aware of any risks.

The culprits are not always outsiders. Security is often breached internally as well. Furloughed or laid off employees may continue to have access to files and data. Be careful of their anger, resentment or stress – which can result in behavior that is dangerous for all.

The panelists cautioned that it is often the case that businesses and individual do not even know they are compromised or that their personally identifiable information (PII) has been stolen!  In these situations, the recovery is slower than when companies are alert, educated and aware of the dangers.

The bottom line is human error

Despite all the ways of preserving and safeguarding data, the weakest link is always the humans who make poor choices!  Unfortunately cyber criminals expect humans to fail and as such they are taking full advantage of the current stressful situation. Some have already begun creating phishing (and vishing) scams asking the victims for money to help cover insurance and hospital costs associated with a close friend or associate being on a ventilator for example, sent in a phony email pleading for help.   Under these circumstances, few stop to think – most react emotionally to the request!

While policies and procedures can help companies avoid the damage done by cyber criminals, changing behavior and mindset by offering education for the people (who are the real targets) is one of the best and most effective ways of minimizing vulnerability. Security awareness training is one of the keys to limiting susceptibility to the scams. 

Small and mid-size businesses are concerned that they may not have the deep pockets necessary to protect the company. The panelists reaffirmed that security is multi-layered and an effective approach can include several types of low cost solutions such as installing a firewall, leveraging multi-factor identification (including dual signatures), or even applying anti-virus software. Each layer alone may fall short, but taken together, they can interrupt or deter a cyberattack.

All the presenters agreed that the most critical goal is to make employees aware of the dangers, educate and train everyone, hold people accountable and remember that doing something is much better than doing nothing!