Add another layer to your #Business literacy. We at Serebral360° would love to know if the Forbes – Entrepreneurs article was helpful, leave a comment, like and share. Let’s dive in and discuss the information and put it to use to grow your business. #BusinessStrategy #ContentMarketing #WebDevelopment #BrandStrategy
Info@serebral360.com 762.333.1807 www.serebral360.com
Grap a copy of our NEW Business Stratgety Books #FFSS VOL1 and #FFSS VOL2
When it comes to protecting businesses from cyber threats, there is a continuous cat-and-mouse game going on between malicious attackers and those tasked with protecting businesses. One of the biggest problems with protecting businesses against cyber threats is the fact that there isn’t a level playing field. A business can have all the latest and greatest layers of protection, such as unified threat management (UTM) appliances, endpoint protection and even strict security policies, but the biggest threat to businesses remains unaddressed — employees. Malicious attackers know about this weak link and will go to great lengths to exploit employees in order to gain access to a business’s resources.
Consider the analogy of a house that has surveillance cameras, a security alarm, a guard dog, reinforced steel on the doors and armed guards. You are safe inside that house thanks to the many layers of protection. But once you leave that house and go into the world, say the grocery store, those layers of protection around the house are no longer protecting you. You are potentially vulnerable and exposed to various real-world attacks. The same can be said of employees when they’re in the office versus when they’re outside of the office.
Once an employee leaves the office, they are exposed, and malicious attackers know this. Employees may not fully appreciate how their actions outside the office can put their company at risk. For example, when an employee takes their work laptop home and connects to an insecure home network, everything they do or store on that work laptop could be at risk. Or, maybe the employee doesn’t have their work device but needs to quickly access a work document, so they log into their work email or cloud-file share from their iPad or home computer. This puts that email account or file-share account at risk because it has been accessed from a potentially insecure or infected personal device.
As the CEO of a cybersecurity solution that focuses on safety in both the professional and personal spheres, I am well-versed on the vulnerabilities that businesses and employees face every day. Here are some common ways that employees are vulnerable to cyberattacks while outside the office that can impact the company they work for:
• Using company devices on insecure networks (e.g., insecure home network, airport Wi-Fi, etc.)
• Installing unvetted apps on company devices (e.g., apps from third-party stores, grayware, etc.)
• Not properly securing social media accounts
• Accessing company resources on personal devices that aren’t secured by company security monitoring or security controls
• Infecting devices with malware or ransomware, bringing them back into the office and connecting to the corporate network
• Negligence or not following proper protocol with handling of company/client data (e.g., putting company data on unsecured devices like thumb drives, leaving laptops in insecure locations, or putting confidential company info on insecure websites)
It doesn’t matter if you work for a small plumbing company or a large cybersecurity firm. Your employees are the weak link in your business. In 2017, a senior security analyst at a FireEye-owned company was targeted by malicious attackers. As part of the attack, his personal LinkedIn account was compromised and client information was gathered through his company access. Also in 2017, around 10,000 Department of Defense employees were targeted with specially crafted phishing links on Twitter.
So, what can business owners do to protect their employees in and out of the office? There are three main attack vectors that an attacker targets employees with: Networks, Accounts and Devices. These tips can help protect your business, employees and their families from cybercrime.
Protect home Wi-Fi networks and use a VPN when accessing public Wi-Fi.
Insecure public Wi-Fi (e.g., Starbucks or hotel Wi-Fi) is very risky, as it is frequently used by hackers to access personal and corporate data. Using a virtual private network (VPN) while outside the office offers an additional layer of protection for keeping data safe in transit. It’s also important to provide guidance on how employees’ home networks can be properly secured. Teach them to use appropriate encryption (e.g. WPA2), the latest firmware and unique credentials for their router.
Secure personal online accounts with strong passwords and multifactor authentication.
Remind employees that their personal accounts (e.g., social media, email, etc.) are fair game for malicious attackers and if those accounts are compromised, they can be used as an entry point to gain access to corporate networks and/or data. Password managers can help with strong password hygiene. Encourage employees to use multi-factor authentication (MFA) to further protect accounts.
Be vigilant about suspicious links and attachments and keep software up to date.
Emphasize the dangers of clicking on phishing links and opening attachments on both company and personal devices. Remind employees that keeping devices up to date with the latest software can remedy security holes and backdoor malicious attackers. For more advanced device protection, set up mobile device management (MDM) to keep devices secure from rogue apps.
As a business owner, you are only as secure as your weakest link. It’s great if your company has excellent security controls and you personally have strong cybersecurity habits, but what about your employees and the people they share their home or accounts with? Your employee, their spouses, their kids and their personal assistants are all key nodes into your business world. Security is a team effort and all of us, as employees and individuals, need to do our part to protect our companies and the people with whom we are connected.
April 9, 2019 at 08:46AM
Forbes – Entrepreneurs