Americans have pivoted quickly to working from home during the Covid-19 crisis, but the shift has been so abrupt that little time has been allocated to thinking about how best to protect sensitive organization collaboration, exchange, and data.
Whether you are self-employed, a small business, or working within a massive corporation, there are considerations you may want to review right now.
Cybersecurity was already a flashpoint for businesses given the increasing intersection of on-staff employees, contractors, gig workers and more at companies large and small. Given the work-from-home mandate of many states, now that flashpoint is accelerated and many are missing critical elements to stay safe across all devices.
Given this atmosphere, law firm Venable LLC recently arranged a teleconference with tech conglomerate Cisco, software company Citrix, and the National Institute of Standards and Technology (NIST). NIST is a non-regulatory agency of the U.S. Department of Commerce whose mission is to promote innovation and industrial competitiveness.
The goal of the teleconference was to give insights on protecting company information for IT staff, employees and small business owners and how to identify threats as well as plan and implement to maximize digital security.
Naturally, pre-planning is ideal, but given the unprecedented global crisis, everyone has to ramp up quickly. Even IT managers who have had policies in place may do well to update those policies, said Karen Scarfone, senior computer scientist at NIST.
“Now is the time to re-evaluate those prior policies based on current threats that are far different given the large numbers of people on your networks for how you did not plan for all at the same time nor for this extended amount of time,” Scarfone said.
Scarfone suggested that re-evaluation be done under what NIST calls a zero-trust model so that everything from encryption and storage to communications and two-to-three step authentication are considered. She suggested two important steps:
Other considerations include how to then scale such solutions and how such solutions may perform for employees who may be in low bandwidth areas.
Naturally, data protection is key in order to drive an organization’s mission, but communication should be equally scrutinized. Even on normal workdays, the level of security around virtual meetings and conference calls should be considered. NIST says that far too many organizations use the same conference call and pin numbers over and over again, making them susceptible to threats. Calls should be evaluated in the following manner:
In general, simply trust your instincts and to use common sense, said Jeff Greene, director of the National Cybersecurity Center of Excellence at NIST. For people working from home during this time, he suggests making sure that your home Wi-Fi is secure and that the router is updated and patched regularly by your provider. VPN is a great addition to include right now on all your devices if you do not have it. Ensure that you have passwords on your phones and tablets. Take care that if you have alerts, they are not readily available on the screen of your phone.
Listen to GHOGH with Jamarlin Martin | Episode 69: Jamarlin Martin Jamarlin goes solo to unpack the question: Was Barack Obama the first political anti-Christ to rise in Black America?
“Also, I like to just suggest everyone use the cyber equivalent of, ‘If you see something, say something,'” Greene said. “Watch for any unusual activity on your devices. This could be something like increased pop-ups, windows that don’t close and more.”
Citrix or Cisco have a multitude of offerings for security that range from the entire network to application-specific. They provide security analytics but also performance analytics from the end-user perspective so that an IT manager, for instance, could monitor if the experience is a smooth one for employees or not. Some can even be tied to biometrics or wearables.
Attackers are still very much present, and we all, whether small businesses or individuals who are self-employed, need to be vigilant. “Even if you are unsure of what to do, try to at least start somewhere,” Green said. “Doing something even small like starting with getting a good VPN or electing to tether to your phone instead of using outside Wi-Fi is a great start. Don’t let inertia or fear stop you. Be proactive.”