New England Biz Law Update
Is your business information secure?
Now that many employees are out of the office and working from home, cybersecurity takes on a new dimension with a workforce environment never before imagined.
“On the one hand it’s great we have all the technology and capability to do this, [because] no one planned for this,” said Daniel P. Lopresti, professor of computer science and engineering at Lehigh University in Bethlehem, Pennsylvania.
While IT professionals know the domain of the businesses they need to protect – the physical and cyber boundary around it, they and can take measures to make sure security is in place.
Remote access to data and information adds another layer of complexity to protecting sensitive information accessed outside of the workplace physical and cyber campus footprint.
“We’re in a wild, wild west world right now,” Lopresti said.
Since quickly deploying a remote workforce employers need to plan and adjust for how the work-from-home landscape creates new challenges for IT professionals.
“This exposes tremendous potential for risk in the cyber realm,” Lopresti said.
According to the CPA Practice Advisor website, “remote desktop protocol,” or RDP, hacks are up a whopping 330% since the coronavirus shutdowns in March. Lopresti recommends minimizing that potential for data and information hacks by buying a new computer or having the employer buy or provide a work-dedicated device.
Keep the company work on a separate laptop or computer from personal or children’s school activities, and be aware of the vulnerabilities exposed on video conference and virtual sharing platforms and applications such as Zoom Bombing. Zoom Bombing refers to unwanted and disruptive participation in Zoom calls by those not invited to the call.
The Zoom hack that leaked data from an estimated half million users, illustrated the weaknesses in the platform’s security, he said.
Beyond use, passwords are a critical piece in protecting information, and not just on laptops, tablets or cell phones. Lopresti said change the default password, and make new passwords on home network and WiFi connections regularly to prevent security threats while working remotely.
“At home the user is responsible for the home network such as changing passwords regularly…because those can be compromised, too,” he said.
And powering devices down at the end of the work day is among the simplest solutions to foil hackers. “Shut the computer down every night…that reduces the risk. A machine that is shut down can’t do any damage,” Lopresti said.
Know the risks
Education is among the most important tools in the cybersecurity kit, according to Sondra Lorino, president and owner of Parallel Edge Inc., based in Philadelphia. She said educating clients about cybersecurity is paramount to protecting, their data regardless of whether the job takes place in the office, or in a remote home office set up.
“Especially right now employees are more vulnerable,” she said.
Whether a remote worker is sharing a computer with another family or household member or have “children running around,” remote employees need to be savvy about scams or emails while using their home equipment on company time. [An] employee is the main way hackers get into a system,” she said.
Which comes back to educating employees about their cybersecurity hygiene. Lorino said about 99% of security breaches happen – not because a hacker figured out the way in, but because an employee inadvertently shared access by providing information.
“They [employees] are the first line of defense,” she said.
Older equipment, along with outdated or older software versions for virus protection, ups the ante for security breaches. By replacing older equipment, updating software and making sure security patches are consistently loaded businesses can minimize the cyber risks to their data and information while employees are working remotely.
Add in multi-factor software authentication – where layers of protection are in place and the security gets tighter around sensitive digital material.
“Multi-factor authentication on Office 365 and other apps that allow it, [means] if you do get hacked and someone gets your password for Office 365 or Google apps, they need the next level [advance],” Lorino said.
This kind of protection makes it harder for hackers to navigate and strike gold by successfully entering a system.
Secure virtual private networks, or VPNs, are mainly used to access remote computers and have multi-factor or dual factor authentication, Lorino said. She stressed authenticating users with appropriate software or apps is a key to better cybersecurity from remote offices, or when accessing information or data on a server from remote locations.
While phishing and ransomware attacks are higher since coronavirus shutdowns, there are lots of ways to minimize the risk for remote workers and their employers.
Lorino expects more businesses will make use of cloud services and software programs such as Office 365, a subscription service offered by Microsoft where documents will be stored, and employees can share, access and collaborate on projects.
“Right now it’s pretty expensive to put a server or workstation [in the cloud], but I think those prices will start coming down, and we’ll start to see more of that,” Lorino said.
Work in the cloud
Another option is to log into a workstation that is in the cloud, while using monitors as a window into the workstation there. “It’s more secure for a remote workforce because you have more control over that environment,” she said.
Concerns about current antivirus software and regular backup maintenance – that may be unknown on a home or remote system setup – can be eliminated in the cloud, where the employer has control over those elements.
“I think more and more people will operate that way,” she said. “Its new technology and not a lot of people are using it yet.”
Because companies are seeing the value of hybrid and remote work options for their employees, Lopresti expects the work from home movement will continue well into a post COVID-19 world.
“These safe and secure practices in home work environments have to become part of our everyday life, because [work] has changed forever,” Lopresti said.
