Over the last few weeks, COVID-19 has created a “new normal” for employees around the world. In fact, about 1/3 of the world’s population is currently working remotely, which means new and increased safety risks. And in order to help workers navigate remote work cyber security, Onepath joined up with Baker Donelson, Red Clover Advisors, and the Secret Service to present a webinar. The purpose of this webinar was to drive discussion around teleworking cyber security, including best practices and threats to watch out for.
Onepath’s Telecommuting Webinar
Jodi Daniels, CEO and Founder of Red Clover Advisors, started the webinar by summarizing our recent remote work survey. The survey results were staggering: only 20% of companies are using MFA, and 60% aren’t involved in an employee phishing awareness program. Additionally, 60% of respondents aren’t using any protections and procedures to secure their employee computers, phones, and PDAs.
The conversation then turned to Marc Debrody, Head of the United States Secret Service Electronic Crimes Task Force. Marc discussed the role of the Secret Service in fighting cyberattacks, and he identified several emerging threats presented by COVID-19. As he put it, “The good news is that we’re seeing the same ponies using different tricks… Phishing is still being cast, it’s just using different bait, and that bait is COVID-19.”
Marc then shared a spoofed email that claimed to be from the CDC, and he provided tips for identify signs of phishing. He also suggested that all companies contact Secret Services within 24 hours of being attacked—anything beyond that window, and chances of money recovery are slim.
Next, Justin Daniels, Cybersecurity Speaker of Baker Donelson, explored the multitude of security issues with storing private information on personal devices. “Let’s say you’re trying to work at home with other family members,” he said. “Maybe one of your kids gets on your laptop and sends an email with sensitive information. You didn’t see it because you were away… Employees (also) need to be careful they don’t save PII or company info to their own machine, and they need to be able to back up their data. One of the best ways to counter ransomware is to have an effective backup plan.”
The panelists went on to explore issues related to network access, VPN usage, and password policies. They then discussed the importance of employee education and testing.
“The crimes we’re seeing are not complicated,” said Marc. “The most common attack vector is the phishing email, (and) the weakest link in those pillars is people… Educating our workforce is even more important now, when criminals capitalize on the environment.”
“For those who have training on their to-do-list this year,” said Jodi, “I think it’s a great idea to move that up… To continue team culture, you need to overcommunicate – have virtual lunch hours or coffee breaks. The same needs to be true for communicating these scenarios.”
The webinar then turned to Multi-factor authentication, or MFA, which panelists agreed is essential for stopping cyberattacks. MFA provides a defensive layer approach, thereby allowing for securer connections.
“A lot of companies say I don’t have enough budget for this,” said Patrick Kinsella, CTO of Onepath. “But 90% of attacks are essentially nullified (by MFA). And MFA of 2020 is much different from MFA of many years ago when it was a physical token… If there’s one thing I want people to take away for the good of our communities, think, ‘How hard would it be for me to implement this (technology) in my organization?’”
Final Discussion Points
The panelists closed out discussion by reiterating the purpose of our webinar and what businesses can derive from it. They also stressed the importance of learning from this pandemic, as similar events will likely occur in the future, thus requiring more remote work.
“A lot of companies had to put people on a teleworking basis so quickly, they didn’t have time to think about these things,” said Justin. “A lot of what we talked about today is filling the gaps when it comes to access management, data protection, etc. These are the large buckets we need to be thinking about, because people could be teleworking for an indefinite amount of time.”
As Marc put it, “While the world tries to combat the nasty virus of COVID, there’s still a cybervirus threat. The environment is just ripe for criminals to target us as we’re less secure in our work.”
“It’s not as scary to protect yourself against breaches as you may think,” added Patrick. “But it can be scary if you have to do it alone. The need for expertise is very much the same, and I’d advise you to look for a partner that is concerned with your company… it truly does start with you.”