ENDICOTT, N.Y. — The legions of employees working from home during the COVID-19 pandemic brought cybersecurity front and center as a business concern, and it’s an issue business owners need to address no matter where their employees are working from these days. In the early days of the pandemic as employers shifted to a heavily […]
ENDICOTT, N.Y. — The legions of employees working from home during the COVID-19 pandemic brought cybersecurity front and center as a business concern, and it’s an issue business owners need to address no matter where their employees are working from these days.
In the early days of the pandemic as employers shifted to a heavily home-based workforce, the focus was really on getting everyone up and running and keeping the business going smoothy, says David D’Agostino, director of 1nteger Security in Endicott. That shift, unfortunately, opened companies up to new avenues for cybersecurity attacks, he notes.
Two major cybersecurity threats include cloud computing and employees using personal devices to access corporate systems, D’Agostino points out. Both have been crucial to keeping employees productive and connected while they work from home. Other top cybersecurity threats include credential theft, ransomware attacks, and phishing/vishing/smishing.
“They’ll fool you into thinking you’re logging into your payroll account,” D’Agostino says as an example of how a phishing scam works. Phishing is one of the top threats, accounting for more than 80 percent of reported security incidents.
Once they gain access to your system, cyber criminals can exploit that information in a variety of ways, but most often will encrypt everything and charge businesses a ransom to gain back access to their own information. The average ransomware payment increased 82 percent over the past year to $570,000, D’Agostino notes.
“A lot of organizations carry what’s called cyber-liability insurance now,” he says. That has led to larger and larger ransom asks, especially when cyber criminals access Cloud platforms used during the pandemic — such as Zoom or Microsoft Teams — which are great for connecting people, D’Agostino says, but those services created new points of attack as well. Cloud platforms are not secure out of the gate, he says, and businesses may have neglected to add layers of protection.
While it might seem that businesses are being attacked on all fronts from phishing emails to website hacks, there are an array of actions firms can take to keep their systems and their information safe.
D’Agostino says the first step is to identify and fortify the weakest link. This could be employees accessing the system from home offices, he notes, and an easy way to add an extra layer of protection is to require users to use a two-factor authentication system. This typically involves sending a code or a push notification to another device, such as a cell phone, which needs to be with the user, before access is granted. It’s a simple way to prevent outsiders from accessing the system, he notes.
Other steps include using advanced antivirus protection, deploying backup policies, use the cloud to ensure remote file access, and test recovery strategies often. Cyber criminals are generally looking for an easy mark, D’Agostino says. Much like a burglar might move on when they see a sign denoting an alarm system, see security lights, or hear a barking dog, cyber criminals will move on if there are hurdles to easy access, he says.
There are many other tools businesses can utilize, but they can take a crawl, walk, run approach to things, D’Agostino says. They can start with a few small things such as providing end-user training and upgrading virus protection. Then companies should perform an in-depth risk analysis. “It’s important for business owners to understand their risk,” he says. The analysis allows businesses to develop a risk tolerance, knowing what assets must be protected the most.
Whether through an in-house network security expert or by outsourcing it to another company, this process should be a continual one, D’Agostino adds, because the threat landscape is constantly changing.
Headquartered in Endicott, 1nteger is a division of Integrated Computer Solutions (ICS), which employs more than 130 people at offices in Endicott, Syracuse, Ithaca, and Auburn, Mass. ICS is a provider of outsourced IT services, cybersecurity, communications, and remote-workforce solutions. 1nteger employs a team of about 30 people.