It’s been almost a year since the pandemic turned our worlds upside-down in what was seemingly an instant. Many workers who had never worked remotely began doing so on a regular basis. And while that was immensely helpful in curtailing the spread of the physical virus, e-viruses have flourished, as anyone with even a grain of cybersecurity knowledge accurately predicted.
So, while we tried to warn folks, we knew we’d have our work cut out for us. Here is our best advice for those wanting to protect your at-home workers, as this trend does not appear to be going anywhere, anytime soon … even after the pandemic ends.
Stay a step ahead of the cyber criminals by attending our FREE, one-hour CLE webinar “Chapter 4: Cyber Security Best Practices for your Law Firm in 2021” on March 23. The presenters are digital forensics specialist Nathan Little, of Tetra Defense, who will demonstrate simple, commonsense ways to stay safe, and attorney James Davidson – a nationally-recognized expert on cyber liability who defends lawyers and firms in malpractice cases. Register here.
1. Start with a Risk Assessment for Every Remote Device
How can you know the best way to protect yourself if you don’t know what you’re up against? You can’t. You might get lucky, but it makes more sense to prepare by fortifying your weaknesses and staying a step ahead by creating a Disaster Plan in case the worst does in fact happen.
If you have an IT Department, they’ll likely be able to handle it. If you don’t, you can always outsource your cybersecurity. In fact, many cyber security firms will include Risk Assessments with other packages, and they aren’t expensive, especially for the amount of information provided.
2. Endpoint Security is Key
Even if you make it a policy not to, the likelihood of your WFH employees pulling double-duty on devices is pretty high. How many remote employees have been able to completely ignore the call of Facebook or a Discussion Board whilst trapped in the depths of the Zoom call that won’t end, or working on their personal device while lounging in their bed? Perhaps you weren’t able to afford to supply them with their own work laptop, forcing them to have to use their personal device for work. It’s an unfortunate reality of today’s workers’ lives that business and pleasure will most likely mix. Instead of blowing up when it does occur, plan for it with endpoint security.
3. Cyber Security Awareness Training
If it weren’t for employees, there would be no breaches. Make sure they know how to spot suspicious-looking emails BEFORE they open them, and that they understand password security tips and tricks, and the probability of a successful attack on your business will be significantly reduced.
4. Take Advantage of Your Privileges
Not every employee needs access to every single file, so it makes sense to limit access to your company’s sensitive information by setting up privileges on your network. If your employee can access something, so can a hacker. It’s also important to put roadblocks to access at every single level with additional steps for authentication. It might seem like a bit of a headache, but it is well worth the minor inconvenience for the increased level of security.
5. Stop Snoozing Your Updates
Yes, you are in the middle of something … but complete that update! Updates and patches are created to keep users safe from known vulnerabilities. Putting it off for too long can put you at risk. In fact, Fraunhofer Institute for Communication reported that a whopping NINETY PERCENT of home router breaches were due to manufacturers failing to complete device updates. So easily avoidable! And yet, hackers are notorious for using home routers as a gateway into devices that store more sensitive information, like passwords and usernames. Let me repeat this: Manufacturers being lazy is a direct cause of cyber home invasions. Meaning that neither you, nor your employees, should rely on them to complete the updates in a timely fashion, so it’s important to train your employees to do it themselves.
Read this post on Petronella Technology’s blog.
About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For more information about a cyber-crime risk assessment call: 1-877-468-2721
