2020 has come with its set of challenges. In what is a vast understatement to summarize this year, organizations have had to contend with several new obstacles to business as usual. COVID-19 brought about a vast shift from office work to an emergency-fueled workforce from home, strain on organizations in the healthcare and supply chain industries, and arguably, an easier target for threat actors when considering cybersecurity.
In an industry that changes daily, during a time where adaptability is necessary, we value collaboration and communication at every turn. In an effort to provide a clearer picture, and ideally, better insight into what may come next, we’ve turned to prominent CEOs and Founders of several organizations. As they manage the operations of their organizations, what can we learn from how their priorities have changed (and how they plan to change)? As Tetra hopes to make stronger connections between IT and C-Suite teams, we’re here to ask: “What’s a CEO’s primary focus for cybersecurity in 2021?”
The one thing that keeps me up at night is securing access to sensitive information. With the sudden shift to remote employment, every company – including ours – has had to subscribe to many new cloud/SaaS services to be productive. That means employees are often working from laptops and systems that may not benefit from the traditional security controls. With all of our business truly on the Internet, one single error on an employee’s part, whether it be visiting the wrong website, or connecting to the wrong WiFi, or forgetting to apply a critical security patch, or clicking the wrong email link, could trigger a chain of events that leads to loss of our IP and customers’ trust. All it takes is one careless mistake.
The best safeguard against this scenario, in my view, is making sure we minimize the blast radius of any such compromise. And there’s definitely one thing that we all can do more of – making sure that a single engineer or analyst doesn’t have the keys to all our vaults. Instead, everyone should have just enough privileges to do their work without dampening productivity. We are big proponents of “policy-based access control” and enforcing the concept of “least privilege.” If more organizations embrace these principles, I’m positive we’ll have fewer sitting ducks for hackers over the next few years.
Tetra’s Director of Business Development, David Kruse adds, “There’s nothing inherent in a network that clarifies privilege. You need to draw lines in the sand around the systems & data that you want each employee to have access to based on their role.”
The COVID-19 pandemic has forced companies to shift from an office work setup to a remote work setup, and with a new setup comes new challenges. With employees having to use their own devices and networks, businesses need to deal with new challenges and new threats to data security. So, it is necessary to strengthen data privacy and cybersecurity.
Within the company, for the remaining months of 2020 and the upcoming year of 2021, part of our focus will be to assure that our company data remains safe and secure. Some of our plans to assure that our company data remains safe and secure are:
- Having clear policies on how to handle data.
- Using an application to monitor data usage.
- Implementing a Two-Factor Authentication or 2FA and using a VPN.
Tetra’s Chief Information Security Officer and Vice President of Cyber Risk Management Christopher Gerg adds, “In the era of working from home, a VPN is a useful tool to keep an organization’s network private. But, given the accessibility of credentials for sale on the dark web and the ease of software that can apply countless passwords in a matter of seconds, MFA is an effective second barrier that can keep an account safe.”
The Bottom Line Group
The increase in cyberattacks has concerned me and my organization a lot. We’ve had multiple incidences where hackers attempted to infiltrate our systems and accounts during this pandemic period. We’ve noticed an increase in phishing scams related to real estate. Most scammers are taking advantage of this period when people are vulnerable and depressed. For instance, they send emails to homebuyers representing as “supposed” real estate agents or worse, legal representatives instructing the unsuspecting reader to immediately wire funds to reserve the property or close the deal.
By ensuring a cybersecurity program in our organization, which includes guidelines on hardware and software security & personnel management and conduct, we’ve been able to mitigate the impact of cyberattacks that would have cost us thousands of dollars in terms of identity theft and lost private data. Normally, our human resource, IT department and executive board review these policies to prevent any attempts at infiltrating our system. Employees are important in disseminating policy awareness to ensure that compliance organization-wide is observed.
Updating What’s Necessary
Time for Homes
Time for Homes is a national nonprofit dedicated to eliminating chronic homelessness through a health-based approach. As we are experiencing growth beyond our original goals, we’re focused on ensuring that we are able to maintain the tools we need for our fully remote environment in a secure, accessible way. Using enterprise-level licensing in Microsoft 365 and enterprise-level Cloudflare plans, we are able to mitigate the risks of growth on cybersecurity. Next year, we will be reevaluating our hardware and authentication methods.
Tetra’s Senior Vice President of Digital Forensics & Incident Response, Nathan Little adds, “A remote workforce should update their individual home routers. I would bet that 99% of people ‘set it and forget it’ and haven’t patched their router in years. Unpatched hardware can have numerous vulnerabilities ripe to for exploitation.”
The Media House
Though I have hired someone to deal with our IT-related concerns, it is still part of my job to make sure that everything is in order. I am managing an online business, so cyber threats and risks are our biggest enemies. Ever since our operations [began], we continuously improve and protect our internet security system using encryptions and update them regularly.
For 2021, we are looking into the vulnerability of 5G technology, allowing cyber hackers and attackers more opportunity to exploit businesses and even our consumers. Since it will offer faster network speed and larger bandwidth, some of our existing cybersecurity software and measures might not be able to keep up with it, potentially endangering our data. Aside from updating our security patches, we will be using VPN and improve our robust password security options.
Security Awareness Training
I have worked in the IT industry for the past 15 years. During that time, I have worked with everyone from local businesses to fortune 500 companies. I also run a multimedia company that includes a site called Byblos Coffee, which is a rapidly growing platform I started last year.
Hackers, data loss, and privacy are continuously challenging a business’s cybersecurity. As new technologies emerge, we must catch up with these changes and update their system to protect against cyber threats.
As the CEO, my primary focus for 2021 will be on educating my employees. They should be aware of the cyber issues that may arise. Most of the time, they are the cause of these cyberattacks due to carelessness and lack of information. They fall easily on emails that have malicious intent, download attachments, and click on unknown websites. They unknowingly put their computer systems to risks that can spread on their network. It’s vital to give them annual training to ensure that they are always up to date with the issues and solutions with cybersecurity. Increasing their awareness can help to reduce the threats that your company may face.
Cybersecurity must be every business’s top priority. When ignored, you’ll have to face the consequences it may bring to your company. If you’re aware of the risks, it’s much easier for you to protect yourself from these cybercriminals.
As a recent [attack on a social media platform] suggested, it doesn’t matter how secure your system is when your staff is not trained to remain vigilant to socially engineered attacks. In 2021 we will invest in Simulated Phishing software to continuously and automatically verify our employees and train them if necessary.
Tetra is a firm proponent of awareness programs and employee security training initiatives — they are critically important for protecting the sensitive data that organizations possess, and employees benefit by learning how to recognize malicious activity.
Asap Credit Solutions
The current and past year has shown a dynamic shift in many businesses. Many have come to rely on remote solutions to be able to continue their businesses, and along with it, the challenges of a digital workplace. As a CEO, I can attest to the vital role of cybersecurity, and the importance of providing your employees with a secure working environment to enable them to perform at an optimal level.
For the coming year, our cybersecurity focus will be on remote access training. With the ongoing pandemic looking to continue well into the following year, the volume of cyber-threats will also increase. This will not only focus on the digital prevention measures, but also on training employees to recognize and counteract social engineering cyber-attacks.
COVID-19 changed the landscape of how companies and employees conduct their day to day business. This has created an increased challenge on keeping a larger remote work force safe from cybercrime. Cybercrime is on the rise and shows no signs of slowing down going into 2021 — and that problem combined with a workforce that is spending more time working from home, outside the protection of the corporate network, means that we can expect that bad actors will increase their efforts to take advantage of isolated users.
A primary focus in 2021 for NXTsoft is end-user cybersecurity awareness. We will increase our efforts to educate users on proper cyber-hygiene and adherence to corporate policies to help them stay safe and as a result, our company, stay safe. Another area of concern for 2021 is the increase use of IoT devices. The increase adoption of IoT devices, both at home and work, is creating a new cybersecurity attack surface. These devices, for the most part, are lacking proper security controls. Businesses will be challenged with this new landscape and to determine how to protect their networks.
Staying Connected, Even While Apart
We’re all living in a highly remote world at the moment, and my business is no different. Brosix Instant Messenger is an IM service focused on providing businesses with secure private IM networks. Our sudden shift to remote work at the beginning of the COVID-19 crisis will likely continue well into the future. We’re even considering keeping our employees at home after the crisis passes. This raises a lot of questions about the security of our team communication. That’s why I believe that creating a secure communication environment for remote teams will be one of the most pressing cybersecurity issues of the year to come. The COVID-19 workplace disruption presents too many opportunities for bad actors to take advantage.
Tetra’s Digital Forensics & Incident Response Operations Director Ben Hartwick says “Attempt to attend as many conference calls as you can with video turned on. Video meetings allow people to see each other’s reactions and to understand each other better. It also helps me to feel more like part of the team.”
Since we are all now adjusting to the new normal which is working remotely, we have got to think of ways to protect ourselves from cybercrimes which may happen without us realizing. As for my dating company, my main area of concern is data breaches and hacks that may occur when my employees are working remotely. This is very troubling since we cannot really monitor our employees 24/7 on what they are surfing or the web pages they are opening. And so, as a way to stop these data breaches and hacks, we’ve hired additional IT people to help in stopping these cybersecurity issues. We plan to create a seminar for all employees on every cybersecurity core concept to be able to equip them with the information that they may need to stop the threat of hackers and scammers while working from home.
Uncle Bud’s Hemp
It doesn’t make the news as often as it should, but ransomware cost companies $7.5 billion dollars in 2019, and a ransomware attack in early 2020 literally shut down a city government so completely that they opted to actually pay the $7 million dollar ransom to regain control of their operations.
Ransomware is a major concern both in the United States and on the global landscape. Everyone, from corporate giants, to small businesses to individuals are vulnerable to ransomware and we should remain vigilant as it relates to good cybersecurity practices.
Tetra’s Christopher Gerg notes, “As our team helps organizations of all sizes and industries respond and recover from these attacks, we frequently encounter a recurring theme: there are simple, and oftentimes inexpensive preventative measures that can be taken before disaster strikes.” To learn how to secure your unique cybersecurity environment from this crippling attack, try our Ransomware Stress Test.