Partnership allows mutual clients to have total visibility of their digital assets and enhanced cybersecurity for the very first time
Smarttech247, the multi award-winning MDR cybersecurity organisation and Armis, the leading unified asset visibility and security platform provider announced today that they have formed a strategic partnership to offer their global customers the opportunity to increase asset visibility, security and threat detection across their entire ecosystems. With IT and IoT increasingly converging on OT environments, it’s not enough anymore to simply identify OT devices – this approach will not give these organisations the full picture needed to combat modern cybersecurity threats.
The strategic partnership with Armis enables Smarttech247 to seamlessly enhance their current offering to deliver 100% visibility across all assets and device types. Customers can subsequently identify risks and gaps with a simple integration that will allow them to not only focus on their managed devices but also their new unidentified environment of unmanaged OT/ICS and IoT devices.
“This partnership will give our customers greater visibility and a bird’s eye view over the whole organisation. Armis will build on our cybersecurity asset management, risk management, and automated enforcement to all assets within our clients’ environments,” explained Raluca Saceanu, COO at Smarttech247.
The partnership will provide increased value to clients looking for consolidation of monitoring and security analysis for IoT/ICS/OT environments. Smarttech247 will add the Armis security platform to its cybersecurity offerings to bring customers real-time detection tactics and techniques and allow them to benefit from Armis’ unique ability to see all assets across a client’s ecosystem.
“Smarttech247 enabled the seamless integration of the Armis platform into our security platforms. This integration significantly increased our asset visibility and security analysis across our OT/ICS environment. It also allows us to monitor not only our managed devices but also our new, unidentified environment of unmanaged OT/ICS, loT devices,” said Luis Cunha, Head of Security Engineering and Operations at Aptiv.
“Strategically this partnership will benefit our shared customers and prospects, allowing a wider user community access to our collective award-winning abilities. One of the biggest risks firms are facing today is from unseen, unmanaged and legacy connected devices that many organisations have little and incomplete visibility of, let alone the know-how to manage them. Having complete, real-time visibility of all devices coupled with Smarttech247 will benefit our customers by giving them all the information they need to make better risk-related decisions,” said Jamie Andrews, EMEA Partner Director at Armis.
In the recent Mitre Engenuity Att&ck Evaluations Armis provided 100% visibility of all IT, IoT & OT/ICS assets with real-time detection of all initial access and lateral movement. In addition, Armis also achieved 100% coverage of all known ICS threat tactics.
Regardless of whether you love, hate, or have mixed feelings about technology; you cannot doubt its impact on your daily life. The current digital world continues to expand as more people, businesses, and companies adopt remote working. However, as digital activity surges, the criminal desire to take advantage of modern technologies also increases, evidenced by advancedcyber security threats and a rise in digital crime.
In recent years, several major companies have fallen victim to various cybercrimes, ranging from phishing attacks to data breaches. Below are the five major common cyber threats to watch out for.
Phishing Attacks
Phishing attacks are the most common and damaging cyber security threat facing small businesses. These attacks account for an estimated90% of data breaches facing organizations and cost businesses up to $12 billion in losses. A phishing attack occurs when cyber criminals pretend to be trusted contacts and entice users to click malicious links or download malicious files that give them access to your computer or sensitive information.
Current phishing attacks are more sophisticated, as attackers devise new convincing ways of pretending to be your real business contacts. Phishing attacks are very damaging since they are difficult to combat. Unlike other threats that leverage technological weaknesses, these attacks target humans in a business through social engineering.
However, businesses can take some measures to mitigate these attacks. Using a reliable email security gateway, installing post-delivery protection, and training your employees onidentifying phishing emails can reduce the risks of falling prey to phishing emails.
2. Malware Attacks
Malware threats are the second serious cyber security threat facing both small and large businesses. Malware attacks include various cyber threats, such as viruses and Trojans, used by hackers to gain access to business networks, destroy or steal sensitive data. Malware attacks often stem from malicious downloads, connecting to insecure devices or networks, and spam emails.
Malware attacks have significant damaging effects on small businesses since they can cripple computers and other devices that require expensive repairs and replacements. Hackers also access sensitive customer data, putting your company at risk for legal issues. Fortunately, businesses can mitigate malware threats by installing strong and reliable technological defenses, such as Endpoint Protection, which protects devices from malicious downloads.
Taking advantage of the correct threat intelligence tools allows businesses to stay ahead of emerging threats, providing real-time insights into potential risks. These tools help identify vulnerabilities, enabling businesses to act quickly and prevent attacks before they cause major disruptions
3. Ransomware
Ransomware is another common cyber threat affecting thousands of businesses every year. Unfortunately, they have grown to become one of the most lucrative executable attacks. Ransomware attacks have some similarities with malware attacks. With these threats, cybercriminals encrypt company data and demand a ransom or give conditions that should be met for the data to be unlocked.
Like other cyber security threats, small businesses are specifically targeted due to their average cyber security framework. Hackers also target small businesses because most of them haven’t backed up their data. So to say,71% of Ransomware attacks in 2018 were directed to small businesses with ransom demands averaging at $116,000.
That said, businesses should adopt strong cyber security measures, such as Endpoint Protection, to mitigate these attacks. You should also back up company data in the cloud to avoid data loss.
4. Insider Threats
Insider threats are a serious yet mostly overlooked cyber security threat by most companies. A Verizon analysis found that insider threats accounted for 25% of cyber threats in 2017. As the name suggests, these are risks caused by the actions of your employees, bitter former employees, or your business associates. Since these persons can access company information, greed or malice can steer them into causing disastrous actions.
These threats are a significant problem that can put your employees and customers at risk. It can also expose your company to hefty financial damage. While this cannot be prevented, you can reduce insider threats by developing a strong company culture within your business. You should also increase cyber security awareness since some insider threats are caused by employee ignorance or carelessness.
5. Cloud Jacking
Cloud computing is a fast-rising trend that most companies have adopted for collaboration, communication, and storage. Unfortunately, while the cloud is deemed safe, this is not always the case. Cloud jacking occurs when cybercriminals infiltrate your cloud computing system. Once they access your business cloud, hackers can reconfigure your cloud code, eavesdrop on company communications, and conduct other damaging actions.
Most cybercriminals use information gained from cloud jacking to run other cyber threats, specifically phishing schemes. With the information gained from eavesdropping, they can create fake memos or instructions that appear to have been approved by the management, tricking employees into clicking or downloading malicious files. To stay safe, businesses should look into staying CMMC compliant, as the goal of your CMMC SSP is to provide a readable overview of your security requirements and the controls you have in place to meet those requirements to anyone looking into your cybersecurity posture.
Conclusion
While these five cyber threats aren’t everything that businesses face, they are arguably the most threatening. As cybercriminals increasingly become smarter and strategic, businesses should advance their cyber security measures. You should ensure that your organization has updated cyber security measures to protect your network and sensitive company data from vulnerabilities.
HP Inc. today released its HP Wolf Security Rebellions & Rejectionsreport, a comprehensive global study highlighting the tension between IT teams and employees working from home (WFH) that security leaders must resolve in order to secure the future of work.
The findings show that IT teams have been forced into compromising security for business continuity at a time of rising threats. Making matters worse, their attempts to increase or update security measures for remote workers have often been rejected. This is particularly true for the future workforce of 18-24-year-olds – digital natives who feel increasingly frustrated with security getting in the way of deadlines, leading many to circumvent controls.
The new HP Wolf Security report combines data from a global YouGov online survey of 8,443 office workers who shifted to WFH during the pandemic and a global survey of 1,100 IT Decision Makers, conducted by Toluna. Key findings include:
76% of IT teams admit security took a backseat to business continuity during the pandemic, while 91% felt pressure to compromise security for business continuity.
Almost half (48%) of younger office workers (18-24 years old) surveyed viewed security tools as a hindrance, leading to nearly a third (31%) trying to bypass corporate security policies to get their work done
48% of office workers surveyed agreed that seemingly essential security measures result in a lot of wasted time – this rises to 64% among those ages 18-24.
Over half (54%) of 18–24-year-olds were more worried about meeting deadlines than exposing their organization to a data breach; 39% were unsure what their security policies say, or are unaware if their company even has them – suggesting a growing level of apathy among younger workers
As a result, 83% of IT teams believe the increase in home workers has created a “ticking time bomb” for a corporate network breach.
“The fact that workers are actively circumventing security should be a worry for any CISO – this is how breaches can be born,” comments Ian Pratt, Global Head of Security for Personal Systems, HP Inc. “If security is too cumbersome and weighs people down, then people will find a way around it. Instead, security should fit as much as possible into existing working patterns and flows, with technology that is unobtrusive, secure-by-design and user-intuitive. Ultimately, we need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up.”
The report highlights that many security teams have made efforts to curb user behaviour to keep data safe. 91% have updated security policies to account for the rise in working from home, while 78% have restricted access to websites and applications. However, these controls often create friction for users, who resent the controls and push back on IT, leaving security teams feeling dejected and rejected:
37% of office workers surveyed said security policies and technologies are often too restrictive.
80% of IT teams experienced push back from users who do not like controls being put on them at home; 67% of IT teams said they experience complaints about this weekly.
83% of IT teams said trying to set and enforce corporate policies around cybersecurity is impossible now the lines between personal and professional lives are so blurred.
80% of IT teams said IT security was becoming a “thankless task” because nobody listens to them.
69% of IT teams said they are made to feel like the “bad guys” for imposing restrictions.
“CISOs are dealing with increasing volume, velocity and severity of attacks,” comments Joanna Burkey, Chief Information Security Officer (CISO), HP Inc. “Their teams are having to work around the clock to keep the business safe, while facilitating mass digital transformation with reduced visibility. Cybersecurity teams should no longer be burdened with the weight of securing the business solely on their shoulders, cybersecurity is an end-to-end discipline in which everyone needs to engage.”
Burkey continues: “To create a more collaborative security culture, we must engage and educate employees on the growing cybersecurity risks, while IT teams need to better understand how security impacts workflows and productivity. From here, security needs to be re-evaluated based on the needs of both the business and the hybrid worker.”
HP is helping organizations to secure the hybrid workplace by delivering transparent and unobtrusive endpoint security. With HP Wolf Security organizations benefit from robust, built-in protection from the silicon to the cloud, and BIOS to browser. It enables Cybersecurity teams to deliver user-friendly tools and help to ease restrictions, while also providing defence-in-depth and enhanced protection, privacy, and threat intelligence, gathering data at the endpoint to help protect the business at large
State Street Corporation, one of the world’s leading providers of financial services to institutional investors, is to establish a new specialist 400-strong team in Ireland to provide technology infrastructure and cyber security services to support group operations globally. State Street celebrates 25 years in Ireland and 20 years in Kilkenny this year and currently employs approximately 2,000 staff in Ireland across Dublin, Drogheda, Naas and Kilkenny.
Ireland has been selected in large part due to the availability of relevant and skilled technology talent – existing and emerging – from universities and third level institutions, as well as the need to have a location outside the US for time zone support purposes.
The new unit will be located at IDA Ireland Business and Technology Park in Kilkenny where State Street already employs approximately 600 staff and where the firm is in the process of developing a new state-of-the-art office. Reflective of new ways of working post COVID and of staff preferences for flexibility and remote working, the new office will accommodate above average occupancy levels enabling it to draw on a broad staff pool along the east coast and midlands.
The new unit will employ up to 400 high value, experienced and graduate level roles, across: programming, Cybersecurity Operations Analysts, Cybersecurity Instrumentation Engineers, Data Scientists, Cybersecurity Architects (Network, Identify Access Management and BlockChain), Cybersecurity Forensics/Investigations, Pen Testers and Governance as well as Risk and Compliance experts. The new roles will be filled on a phased basis over the next 2 years.
Commenting, Tadhg Young, State Street’s head of Ireland, said:
“We are very pleased that Ireland and Kilkenny will benefit from this very substantial investment and the addition of high value, sustainable jobs. Today’s jobs announcement, alongside plans for our new state-of-the-art office development in Kilkenny, marks a further strengthening of our presence and commitment to the region for years to come.
“Ireland’s tech ecosystem and financial services credentials alongside Kilkenny’s central location and access to talent from third level institutions in Dublin, Carlow, Waterford and beyond were all compelling factors in our location decision. I wish to thank the IDA for their continuing support of State Street, and I strongly encourage anyone seeking a new career opportunity in a great location and with great prospects for professional development to check out our new roles.”
Welcoming the news, Leo Varadkar, Tánaiste and Minister for Enterprise, Trade and Employment said: “This is a fantastic boost for Kilkenny. State Street, which already employs 600 in its Loughboy office and approximately 2,000 across the country has chosen to locate a new cybersecurity and technology unit in the county, creating up to 400 new jobs over the next 2 years. Ireland’s highly skilled and experienced workforce continues to attract the very best investment across the country. This announcement is further evidence of the phenomenal work the IDA is doing to attract and retain FDI in Ireland – the new unit will be based in the IDA’s Kilkenny Business Park. I wish all involved every success.”
Minister of State with special responsibility for Financial Services, Credit Unions and Insurance Seán Fleming said: “I am delighted to welcome this transformational investment from State Street and would like to thank all of the executives involved in Kilkenny, the wider Irish operations and their colleagues in the US. The investment is an endorsement and a commitment to Ireland and the State Street team in Kilkenny. It demonstrates the vital role that regional operations can play in creating value for global firms. Both I and the team behind the Ireland for Finance Strategy wish State Street every success as they build out the team in the region.”
Martin Shanahan, CEO, IDA Ireland said:“This significant announcement by State Street demonstrates not only the company’s continued commitment to Ireland but also the attractiveness of the South East Region’s value proposition. The new cybersecurity and tech roles announced for State Street’s new facility in Kilkenny will help shape the future of our economy and will support the company’s global operations. I wish State Street every success with this expansion.”
In Ireland, State Street is the largest provider of fund administration and custody services with $1.7tn in assets serviced across all asset classes. The Irish group also manages $317bn within its investment management division SSGA.
Today’s announcement coincides with the first anniversary of State Street’s support for the Rethink Ireland €1.5 million Ability to Work Fund which, in conjunction with the Department of Social Protection & the Department of Rural and Community Development, is helping develop the talents and skills of those living with a disability.
EY Ireland is launching findings from theirGlobal Information Security Survey 2021 which includes Ireland
More than half of Irish cyber security teams (52%) fear they are exposed to a major breach which could be avoided if their businesses invested more in their cyber defences, according to the EY Ireland Global Information Security Survey 2021.
Cyberattacks are increasing in frequency and impact with 90% of Irish businesses saying they have seen a rise in disruptive attacks in the last 12 months compared to 72% globally.
Irish respondents feel more exposed than their global peers due to a shortfall in funding. Globally, 36% of respondents say they are more exposed to a major breach than they would be if their businesses had committed sufficient resources to their cybersecurity defences. In Ireland, the figure was 52%, with 44% stating that their budgets were too low to handle the new challenges which have emerged over the last 12 months.
Carol Murphy, EY Ireland Consulting Partner and Head of Technology Risk, commented:
“Cyber attacks are becoming more frequent, more damaging, longer lasting and harder to anticipate. Irish businesses overall express confidence in their ability to manage evolving threats. The majority (60%) say they are confident in understanding and anticipating new strategies used by bad actors, which is encouraging.
Where improvement can be made is by creating heightened awareness of these threats at board and executive level. There is a tendency for cyber security to get lost on the priority list and this can leave the entire business exposed. With the regulatory burden rapidly increasing, however, boards are beginning to wake up to the threat posed and to the level of resourcing required, and not before time”.
Barriers to Communication
Only 30% of Irish respondents feel that their executive management fully understands the value and needs of the cyber security teams compared to 42% globally.
The survey suggests relationships between the cyber teams and senior leadership within their organisations are underdeveloped. More than two-thirds (68%) of respondents say that their teams are sometimes consulted too late or even not at all when their organisations make strategic decisions.
Carol Murphy concluded:
“The GISS survey highlights a number of gaps between Irish businesses and their international counterparts. These are partly due to budgetary constraints but also stem from a lack of internal communication and a perceived disconnect between cyber security and executive teams.
Given the global public health emergency, it is understandable that allowances have been made in some cases to facilitate rapid implementation of working from home policies. As remote and hybrid working become part of normal working life, however, businesses need to address the resulting security gaps as a matter of urgency.”
These days, it is becoming more and more difficult to stay secure in what we know as cyberspace, the World Wide Web, or simply the internet. The internet, historically, was certainly not meant to be the all-encompassing digital world it is for billions of people today. It is an incredible thing to remember that the ‘net’ started its life as a scientific research project in the 90s, that would relatively quickly become one of the greatest and most revolutionary inventions of humanity.
Following its release to the public in the mid-90s, the internet saw a huge rise in activity, somewhere between 2004-2010, which coincided with major tech revolutions such as the release of the first iPhone. This period also saw the invention of Facebook, in 2004. In essence, social media and smartphone development really pushed the internet to unprecedented levels. Later in the 2010s, we witnessed even more internet revolution as everything picked up even more speed and breadth (especially the invention of apps), and major upticks in the amount of global internet usage were observed.
Of course, with such an enormous network that is alive, interconnects the entire globe, and keeps growing exponentially every day, there are now security issues to deal with that are a serious concern for anyone’s online activity. Cybercrime has risen and is not stopping anytime soon, which means that the need for cybersecurity has never been greater.
iDEAR Replay/Shutterstock.com
As malware reared its ugly head (malware is a general term for all malicious software such as viruses, spyware etc.), most notably at the beginning of the 2000s, the demand for cybersecurity grew in every sector, and grows to this day.
What Is A VPN
A Virtual Private Network, or commonly known as a VPN, is an essential tool that helps you stay safe online. It comes in three forms today; for desktop, enterprise solutions for businesses and as an app for smartphones. For this purpose, let’s talk about publicly available VPNs for ‘home’ users (we’ll leave business solutions out in this case). So what does a VPN do? When you connect to the internet, a VPN gives you the option of connecting to an external server that serves as a ‘tunnel’. These servers can be local, or international. Most VPN software offers at least a dozen choices of these tunnels to connect to, more or less.
When you connect to the VPN, this tunnel is encrypted (secured against intrusions), allowing all of your activity on the network to ideally be anonymous. So, this tunnel/server functions in the midway path between you and the rest of the internet.
We will later cover more on the distinctions between an average and a good VPN, why VPNs vary a lot, and are definitely not equal. There are several VPN choices to choose from, both free and paid, and your choice may vary depending on what they offer. First, let’s delve into why being cyber-aware is important, below.
Being cyber-aware
Let’s emphasize why there is a need to keep the internet secure, and more importantly for you, why you need to protect yourself online. An entire industry of cybersecurity is thriving today in the midst of seemingly endless threats, and it is no longer strange to have software such as an anti-virus, anti-malware and a good Virtual Private Network, or VPN, installed on your system, all active at the same time.
Having specialized protection against malware is one thing, but in terms of your general safety, anonymity and freedom online, nothing approaches the importance of using a VPN today. As with any software, especially in this day and age, it is critical that you know what it is exactly that you have downloaded. To be truly cybersecure, while using a VPN, you must know what is happening to your data, as well as read up on the privacy policies of the software you have downloaded.
For instance, let’s talk about a few issues in order to highlight the importance of being cyber-aware; many people have made the mistake of logging into their computer or mobile phones, and downloading whatever VPN software they find, believing that they are now protected.
There are many free VPNs out there, but their reputation and legitimacy can be questionable. Then, what happens with your data when you connect to a questionable VPN? Why should you invest your time (and sometimes your money) in a good VPN service? Let’s talk about this.
What Makes a Good VPN
What does it mean when we say a ‘good’ VPN? There are a couple of points any VPN worth its salt should include. This would include the following critical must-haves;
Your VPN should have a strict no-log privacy policy
The VPN must guarantee a well-encrypted service
The service must be able to unblock geo-blocks
Look for encryption such as; L2TP/IPSec, IKEv2, OpenVPN, WireGuard
Make sure that you have 128-bit encryption at the least
Go for a paid service, avoid free VPNs, for peace of mind
A good VPN should be able to give you a high-speed, anonymous, secure and free internet service. It should completely cloak your internet usage, and allow you to view search results in the country you have connected to. In most cases, you will rarely find a free VPN that guarantees all of these criteria, however there are of course exceptions if you do a little research.
A guaranteed way to check how secure you are if you have downloaded a VPN, is to do an extensive online security check. With these checks, you will be able to know if your Internet Service Provider, as well as the rest of the internet ‘sees’ you. A good VPN will show your location as the one you selected in your VPN program, and should not show any of your local info at all. You should also not have any DNS leak warnings when you do the check. Once you have completed this step, it is also advisable to download a secure browser that includes ‘do-not-track’ and ‘anti-fingerprinting’ options. A good browser combined with a good VPN are a fantastic combination for a free, safe and anonymous internet experience.
John O’Donoghue, Solution Consultant for the Data Centre Computer Group, Dell Technologies Ireland.
Cybersecurity is more important than ever, as hacks and attacks surge following the mass migration to remote working. Irish businesses are coming to terms with their ‘new normal’ and as many within the workforce adapts to remote working over the longer-term, organisations will become ever more vulnerable to attack.
At a time when many small and medium-sized enterprises (SMEs) in Ireland are planning for an uncertain future while seeking to protect their employees, one area that businesses will need to focus on is security. Moreover, cybersecurity strategies need to be adapted at speed to the new ways of working to protect businesses. For smaller and medium businesses struggling with cash flow issues, a cyber-attack could be disastrous.
Covid-19 Cyber Realities
Since the start of the Covid-19 outbreak, the volume of cyber-crime and cyber-attacks became significantly more prevalent in Ireland, while the rate of phishing attacks skyrocketed by over 600% in Europe compared to previous figures. Attackers have been exploiting the fear and uncertainty generated by the pandemic by luring users to click on a variety of links or handover personal details – or unknowingly download malware.
The increased level of risk is being acknowledged across industries – with healthcare businesses being particularly affected. The World Health Organisation reported a five-fold increase in cyber-attacks, targeting its employees as well as the general public, with scammers impersonating the organisation. It took to the media to urge extra vigilance as a result.
Meanwhile here in Ireland, An Garda Síochána has warned that the number of cyber-attacks is likely to increase further, as cybercriminals are using Covid-19 themed phishing scams and emails in an attempt to exploit vulnerabilities and fear.
SMEs are right to be concerned. Not only are they disproportionately being targeted, but they are particularly at risk from phishing attacks due to a comparative lack of cyber training and awareness. Larger businesses tend to have several in-house cybersecurity experts, enabling swift and effective responses. Speed is key when it comes to containing a breach.
Apart from a lack of awareness putting smaller businesses in Ireland at risk, the larger businesses that may rely on their goods and services also risk being exposed – creating both reputational as well as financial consequences. Cybersecurity is a collaborative effort, requiring all stakeholders to be aligned, alert and prepared to take the appropriate action in the event of an attack.
Protecting medium businesses
With high risks and high stakes, Irish SMEs will need to review and update security strategies – engaging with expert consultancy where possible for support. In order to protect businesses, data must be protected from the endpoint to the data centre, assessing each step of the chain and reviewing when the business landscape evolves. Being able to pivot in order to protect is key. Their first line of defence is their employees.
John O’Donoghue
Ensuring the workforce has a good understanding of cybersecurity essentials is a key part of any strategy – along with an instant response plan. This can be achieved through regular training, workshops and testing to help businesses spot security threats. With the surge in phishing attacks, it is important that they understand the risk, the levels of deception and the consequences. Practice really does help erase complacency and keep staff on their toes.
While some SMEs may ponder why they would be targeted over a larger business, overall they seem to accept that the threat is not only real but impending, according to a recent study. However, far from being complacent, with the volume of risk being exponentially high, there is a tendency for IT decision-makers to panic – and they need to know who to turn to for clarity.
Trusted advisors with deep digital expertise should be able to share a clear security roadmap, that is surprisingly simple. Security experts at Dell Technologies Ireland help to tailor cyber strategies to businesses, providing a threat intelligence network using AI technologies, while ensuring the ecosystem of partners is covered. SMEs are not alone – but they do need to act.
As the Irish economy continues to digitise operations, supply chains, business transactions, and employee and customer services, cyberattacks are expected to continue to pose as one of the major threats. Shoring up security for medium businesses provides a critical lifeline in otherwise uncertain times.
In the wake of the developing COVID-19 pandemic, organizations around the world have adopted social distancing practices to slow the spread of the disease, including instructing many employees to work from home. But no one could have foreseen the need for businesses, government agencies, and other organizations around the world to quickly transition the majority of their workforces to remote work.
The fast transition, the sheer number of people now working from home, and the already-devastating economic effects of the pandemic are among the factors that make this time an especially perilous one for enterprise security. IT security teams are struggling to keep up with increased threat levels from COVID-19-related malware and other cyber threats. Newly remote workers are leaving their companies’ networks vulnerable to hackers, and COVID-19-related cyber scams are on the rise as hackers seek to cash in on the crisis. Here’s what you need to know to keep your company safe.
Educate Employees About COVID-19 Cybersecurity
If your organization hasn’t already been giving employees regular cybersecurity training, then you need more help than this article can give. If you have been giving employees regular cybersecurity training, now is not the time to slack off. You should be aware that COVID-19-related cyber scams are proliferating at a mind-boggling pace. By mid-March, Computer Weekly was already calling COVID-19 the biggest cyber-threat in history, due to the massive volume of related malware and scam emails already circulating by that time. By mid-April, Google reported blocking 18 million COVID-19-related scam emails a day.
Cyber criminals love to play on the emotions of their victims to cash in, because users in the grip of a strong emotion, like fear of a deadly disease, often aren’t thinking straight. They’ll click on links or download attachments that they might otherwise have ignored. And many people around the world, having lost their jobs or been physically restricted to their homes or neighborhoods, are looking for a way to make a living, so the ranks of cyber criminals may be swelling, too.
That’s why it’s so important to educate employees about the cybersecurity risks associated with COVID-19. Regular security training will keep employees vigilant against suspicious emails that might land in their inboxes. Make sure to send out regular memos warning employees of common COVID-19 related malware and phishing scams as they emerge. Your employees may not be targeted by specific scams, but knowing what kinds of things to look out for can help them protect the enterprise network.
Of course, you’ll also need a security solution that can detect vulnerabilities and threats and work to neutralize them. Your employees will be reporting suspicious emails, perhaps in greater numbers than ever before, and your IT security team will be facing more threats than it probably ever has in the past. Make sure you have a comprehensive enterprise network security solution to help your team meet these new challenges.
Require a VPN and Regular Security Check-Ins
Your employees’ home networks won’t be as secure as your enterprise network, because it’s unlikely that employees have intrusion detection or protection on their home networks. That’s why you should require employees to connect to the company’s network through a virtual private network (VPN). A VPN can hide your employees’ activities on your network, and help protect your information from thieves.
You should also set network security standards for employees working from home. Put together a security protocol that includes securing devices physically, keeping work and personal emails separate, and locking down their home networks. Implement regular security check-ins with staff to make sure they’re using multi-factor authentication to log into enterprise systems and work email accounts, and to verify that they’re implementing the enterprise security protocols for their home networks.
Give Employees Company Devices to Work from Home
It might be tempting to allow employees to work from home on their personal devices — it would save your organization a lot of money on laptops. But you don’t know what employees are doing on their personal devices when they’re not on the clock, what antivirus and antimalware protection they’re using, or how tight their security is. It’s easier to protect your enterprise network when you issue company devices to employees who are working from home. It’s also easier to keep an eye on those employees to make sure they really are working when they’re supposed to be. When you issue company devices, you’ll be able to synchronize the same endpoint solution across each one, to remove some of the vulnerabilities that can come with a rapid distribution of teams.
The COVID-19 pandemic has brought a lot of uncertainty with it, especially when it comes to keeping your enterprise network secure. Don’t let the challenges of this pandemic leave you vulnerable to cyber criminals. Protect your network, so you and your employees can weather the storm.
Many, if not most, organisations have already crossed the “working from home”, or at least the “working while on the road” bridge.
If you’re on the IT team, you’re probably used to preparing laptops for staff to use remotely, and setting up mobile phones with access to company data.
But global concerns over the current coronavirus (Covid-19) outbreak, and the need to keep at-risk staff away from the office, means that lots of companies may soon and suddenly end up with lots more staff working from home…
…and it’s vital not to let the precautions intended to protect the physical health of your staff turn into a threat to their cybersecurity health at the same time.
Importantly, if you have a colleague who needs to work from home specifically to stay away from the office then you can no longer use the tried-and-tested approach of getting them to come in once to collect their new laptop and phone, and to receive the on-site training that you hope will make them a safer teleworker.
You may end up needing to set remote users up from scratch, entirely remotely, and that might be something you’ve not done a lot of in the past.
So here are our five tips for working from home safely.
Make sure it’s easy for your users to get started
Look for security products that offer what’s called an SSP, short for Self-Service Portal.
What you are looking for is a service to which a remote user can connect, perhaps with a brand-new laptop they ordered themselves, and set it up safely and easily without needing to hand it over to the IT department first.
Many SSPs also allow the user to choose between different levels of access, so they can safely connect up either a personal device (albeit with less access to fewer company systems than they’d get with a dedicated device), or a device that will be used only for company work.
The three key things you want to be able to set up easily and correctly are: encryption, protection and patching.
Encryption means making sure that full-device encryption is turned on and activated, which protects any data on the device if it gets stolen; protection means that you start off with known security software, such as anti-virus, configured in the way you want; and patching means making sure that the user gets as many security updates as possible automatically, so they don’t get forgotten.
Remember that if you do suffer a data breach, such as a lost laptop, you may well need to disclose the fact to the data protection regulator.
If you want to be able to claim that you took the right precautions, and thus that the breach can be disregarded, you’ll need to produce evidence – the regulator won’t just take your word for it!
Make sure your users can do what they need
If users genuinely can’t do their job without access to server X or to system Y, then there’s no point in sending them off to work from home without access to X and Y.
Make sure you have got your chosen remote access solution working reliably first – force it on yourself! – before expecting your users to adopt it.
If there are any differences between what they might be used to and what they are going to get, explain the difference clearly – for example, if the emails they receive on their phone will be stripped of attachments, don’t leave them to find that out on their own.
They’ll not only be annoyed but will probably also try to make up their own tricks for bypassing the problem, such as asking colleagues to upload the files to private accounts instead.
If you’re the user, try to be understanding if there are things you used to be able do in the office that you have to manage without at home.
Make sure you can see what your users are doing
Don’t just leave your users to their own devices (literally or figuratively).
If you’ve set up automatic updating for them, make sure you also have a way to check that it’s working, and be prepared to spend time online helping them fix things if they go wrong.
If their security software produces warnings that you know they will have seen, make sure you review those warnings too, and let your users know what they mean and what you expect them to do about any issues that may arise.
Don’t patronise your users, because no one likes that; but don’t leave them to fend for themselves, either – show them a bit of cybersecurity love and you are very likely to find that they repay it.
Make sure they have somewhere to report security issues
If you haven’t already, set up an easily remembered email address, such as security911 @ yourcompany DOT example, where users can report security issues quickly and easily.
Remember that a lot of cyberattacks succeed because the crooks try over and over again until one user makes an innocent mistake – so if the first person to see a new threat has somewhere to report it where they know they won’t be judged or criticised (or, worse still, ignored), they’ll end up helping everyone else.
Teach your users – in fact, this goes for office-based staff as well as teleworkers – only to reach out to you for cybersecurity assistance by using the email address or phone number you gave them. (Consider snail-mailing them a card or a sticker with the details printed on it.)
If they never make contact using links or phone numbers supplied by email, they they are very much less likely to get scammed or phished.
Make sure you know about “shadow IT” solutions
Shadow IT is where non-IT staff find their own ways of solving technical problems, for convenience or speed.
If you have a bunch of colleagues who are used to working together in the office, but who end up flung apart and unable to meet up, it’s quite likely that they might come up with their own ways of collaborating online – using tools they’ve never tried before.
Sometimes, you might even be happy for them to do this, if it’s a cheap and happy way of boosting team dynamics.
For example, they might open an account with an online whiteboarding service – perhaps even one you trust perfectly well – on their own credit card and plan to claim it back later.
The first risk everyone thinks about in cases like this is, “What if they make a security blunder or leak data they shouldn’t?”
But there’s another problem that lots of companies forget about, namely: what if, instead of being a security disaster, it’s a conspicuous success?
A temporary solution put in place to deal with a public health issue might turn into a vibrant and important part of the company’s online presence.
So, make sure you know whose credit card it’s charged to, and make sure you can get access to the account if the person who originally created it forgets the password, or cancels their card.
So-called “shadow IT” isn’t just a risk if it goes wrong – it can turn into a complicated liability if it goes right!
Most of all…
Most of all, if you and your users suddenly need to get into teleworking, be prepared to meet each other halfway.
For example, if you’re the user, and your IT team suddenly insists that you start using a password manager and 2FA (those second-factor login codes you have to type in every time)…
…then just say “Sure,” even if you hate 2FA and have avoided it in your personal life because you find it inconvenient.
And if you’re the sysadmin, don’t ignore your users, even if they ask questions you think they should know the answer to by now, or if they ask for something you’ve already said “No” to…
…because it might very well be that they’re asking because you didn’t explain clearly the first time, or because the feature they need really is important to doing their job properly.
We’re living in tricky times, so try not to let matters of public health cause the sort of friction that gets in the way of doing cybersecurity properly!
