With top tech companies like Google and Facebook telling their employees that returning to the office probably won’t happen until 2021, more organizations – and their employees – are considering a long-term work-from-home schedule. This has lots of benefits for employers and workers, but it also means more people are at risk of becoming a target for hackers who are finding creative ways to access your corporate network.
On May 28, I participated in a GCI webinar where I sat down with Mike Hamilton of CI Security to discuss the current threat landscape while working in a remote environment. Security management is top of mind for many of GCI’s customers, and my conversation with Mike provided an outlet to talk about the current security risks we should be aware of and the steps to mitigate those risks. The following is an overview of some of the questions and answers that were discussed.
Are You Adapting Effectively?
LD: How can remote workers using their personal devices stay secure when accessing their corporate networks?
MH: Companies must implement multi-factor authentication to prevent phishing scams in order for remote workers to use their personal computers. In addition, personal use must be on a personal device. Avoiding use of personal social media accounts and Google accounts on company-owned devices will limit the number of entry points for a bad actor.
LD: Why can’t we keep the hackers out?
MH: There are thousands of bad actors out there with entire ecosystems built around stealing information and money. In short, companies are out-resourced. Many do not even have any employees dedicated to focusing on security, and instead, rely on technology. But that technology often requires specific expertise to run it correctly to protect your network.
LD: How have cyberattacks changed since the pandemic began?
MH: Cybercriminals use organized crime and leverage current events as bait for a cyberattack. The COVID pandemic is a great example of bait because it is timely and widely covered in the news.
LD: Are there any external vulnerabilities associated with accessing MPLS networks?
MH: If MPLS is tying together several facilities, it is just a ring for vulnerabilities to move around. There are no inherent vulnerabilities in MPLS, but it is important to keep MPLS secure because it connects everything. A point of entry in MPLS has the potential to propagate throughout an entire network.
LD: Are there any recent trends pointing to why organizations are getting breached?
MH: The same reason organizations have been breached before. There are many ways cybercriminals can attack including phishing scams, weak and stolen credentials, lacking a credential management policy, or not enforcing multi-factor authentication.
LD: What is one of the best practices in password management and system access?
MH: One idea is to implement a password policy that requires a passphrase instead of a password. This could be a sentence, opening line of a favorite book, or favorite lyric from a song. The key is to include several entropies in your passphrase. And a password policy like that should not expire if using an accompanying multi-factor authentication.
While advancements in technology have improved many facets of our everyday lives, especially as we continue to work remotely, it has created challenges for maintaining security. Thank you to Mike for providing the GCI community with the tips and tools we need to maintain a secure WFH environment.