SURPRISE BONUS EPISODE! Lunchbox Leaders: The Business Impact of Cybersecurity in the Age of COVID Recap

SURPRISE BONUS EPISODE! Lunchbox Leaders: The Business Impact of Cybersecurity in the Age of COVID Recap

Cybersecurity in the Age of COVID

 

During the surprise bonus episode of our webinar series, The Lunchbox Leaders, we heard from Brian Dykstra, the President and CEO of Atlantic Data Forensics, a cybersecurity company specializing in investigations, computer forensics, incident response, network, and wireless security testing, and information security. 

As an expert in the reactive side of network security, Brian shared what happens AFTER the discovery of ransomware or a security breach. 

“Turns out, bad things do happen,” Brian shared. “In fact, the most bad things are going to happen in your company from 8:00 pm on a Friday evening to 8:00 am on a Monday morning—that’s the hacker’s favorite time to strike because they know people aren’t paying attention since it’s the weekend. Long weekends are also prime attack time.”  

Brian emphasized the importance of treating network security as a process, not as a product. For instance, many companies make the mistake of adopting cloud-based services and assuming that the host platform will maintain their network security for them. However, while these platforms provide the tools for network security it is up to the business to monitor and utilize them to ensure network security. Network security is a matter of vigilance and consistent monitoring rather than an “end product” your business can purchase.

Based upon the Incident Response support to hundreds of organizations in a wide variety of industries, small and large, Brian shared three easy ways to ensure network security:

 

Three Ways to Ensure Network Security

  • Good perimeter control. Make sure your firewall is actually doing its job. Do not simply log what is rejected by the firewall, have someone periodically review the dashboard. In addition, remember that cloud-based computing platforms should have firewalls in place as well.
  • 2-factor authentication (2FA) & multi-factor authentication (MFA). At a minimum, apply 2FA to Administrator accounts and ensure that your logs actually show you who logged in and from where.
  • Antivirus/Anti-malware. Antivirus and anti-malware should be installed on everything to fully protect your organization. This includes laptops & desktops, servers, email, firewalls, and the Cloud. Remember not to skip Macs—these devices are vulnerable to viruses too. 

We were so glad to host Brian in our final installment of the Lunchbox Leaders series. Our vision has been to help educate our community on how organizations and individuals can protect themselves in today’s cybersecurity threat landscape. We hope you found this episode, and our series of webinars, insightful!

Remember the team at PGH Networks can help you develop a strategic and layered approach to your network’s security and protect you from cyber-attacks. Want to learn more: contact us today

In case you missed our surprise episode (or would like to rewatch it), you can find the full recording online

Lunchbox Leaders: Digital Risk Recap

Lunchbox Leaders: Digital Risk Recap

During the second installment of our new webinar series, The Lunchbox Leaders, we listened as Matt Solomon, the VP of Business Development & IT Complete at ID Agent, discussed digital risk and how to protect your assets from threats like phishing, ransomware, and hacking.

“Phishing is the easiest way hackers are able to get compromised credentials,” Matt stated. “There are quite a lot of threats out there, including ransomware and brute-force attacks, but the majority of these breaches—about 44%—begin with a phishing scam.” 

7 Steps to Avoid Falling Victim to Phishing Scams

Matt recommended 7 steps to avoid falling victim to a phishing scam:

  • Watch for overly generic content and greetings. Cybercriminals will send a large batch of emails. Look for examples like “Dear valued customer.”
  • Examine the entire “From” email address. The first part of the email address may be legitimate, but the last part might be off by a letter or may include a number in the usual domain.
  • Look for urgency or demanding actions. “You’ve won! Click here to redeem your prize,” or “We have your browser history. Pay now or we’re telling your boss.”
  • Carefully check all links. Mouse over the link and see if the destination matches where the email implies where you will be taken.
  • Notice misspellings, incorrect grammar, and odd phrasing. This might be a deliberate attempt to try and bypass spam filters.
  • Check for secure websites. Any webpage where you enter personal information should have a URL with https://. The “s” stands for secure.
  • Don’t click on attachments right away. Attachments containing viruses might have an intriguing message encouraging you to open them such as “Here is the schedule I promised.” 

Phishing threats have grown in popularity with the onset of remote work due to COVID-19. In fact, according to the FBI, after a week of minimal activity, 80% of hacking-related activities changed over to COVID-related attacks.

As the remote workforce presents more of an opportunity for hackers to attack, small business owners should be more vigilant than ever to protect their organizations. 

“Remote work puts your organization so much more at risk because you’ve got employees logging in on personal computers with different internet providers — you might not believe that a hacker can jump from a WIFI refrigerator, but they can.” 

To protect your organization, Matt recommends adopting a zero trust policy, which operates on the premise of assuming that each of your employees has been compromised on some level. By putting the policies and security access management systems in place and monitoring compromises on the backend, you can ensure that your employees’ credentials and your organization are protected from digital risk. 

We enjoyed hosting Matt as he shared his insights about digital risk and discussed how organizations can utilize zero trust methods to protect their networks from breaches. To recap, remember these notes: A layered security approach stands strong, assume that everything has been breached and anyone could have done it, monitor everything on your network (don’t take any chances), and use two-factor authentication on just about everything you can. Don’t forget to attend the next episode in our series,  where the CEO of Blackpoint, Jon Murchison, will present “Social Engineering: How a Hacker Breaks Down a Target” – airing on Thursday, August 20th at noon.

As we delve deeper into the area of hacking and the dark web, remember that we perform Dark Web scans and offer Security Awareness Training at PGH Networks. If you are interested in setting this up for your company, please contact us today. 

In case you missed episode two (or would like to rewatch it), you can find the full recording online. Check out our other Lunchbox Leaders posts here. 

Lunchbox Leaders: Cybersecurity Unfiltered Recap

Lunchbox Leaders: Cybersecurity Unfiltered Recap

Cybersecurity Unfiltered

Last Thursday, we aired the first episode of our new webinar series, The Lunchbox Leaders: Cybersecurity Unfiltered. During the webinar, Sean Sweeney, the Senior Director & Chief Security Advisor in Microsoft’s Cybersecurity Solutions Group, led us through best practices for enabling secure remote work.

Sean’s role at Microsoft is enabling end-to-end security and compliance for external customers by ensuring secure digital transfers, but he also advises the market and consumers about Microsoft’s security compliance vision. With the rise of COVID-19, the IT sector has faced many challenges, including logistic scalability constraints and, most obviously, how to adapt to the sudden spike in demand for remote network access.

Ensure Effective Remote Cybersecurity

Sean highlighted three key focus areas for ensuring effective remote cybersecurity:

  • Empowering remote workers to access the apps they need without compromising security
  • Enabling bring your own device(s) BYODs and unifying management across devices and apps
  • Leveraging built-in security to protect data while keeping users productive

When it comes to empowering a remote workforce to access the apps they need without compromising network security, Sean indicated the importance of single sign-on (SSO) and multi-factor identification (MFA), both of which provide greater security in terms of where employees put their credentials and a higher level of scrutiny to screen who has access to certain information.

“Identity is the key perimeter to your network,” Sean said. “Approach network security with a zero trust lens.”

Similarly, when it comes to managing devices (especially BYO devices) and unifying management across devices, Sean emphasized the importance of proactively managing updates, patching, and policy. “Employees often follow the path of least resistance to get the job done,” Sean said. “It is important to provide a simple way for employees to access secure data or they will find another path to get their job done.”

Finally, Sean highlighted the importance of leveraging built-in seamless security features to protect your network. While you can use many different third-party systems, the safest and most effective way to protect against phishing and malware attacks is to utilize the intelligent data classification and dynamic protection actions available through your operating system.

We were glad to be able to have Sean share his insights about enabling secure remote workspaces and learn more about the products Microsoft offers to empower secure network access. Don’t miss the next episode of our series, “Digital Risk: Protecting Your Most Important Asset”, with Matt Solomon of ID Agent – airing on Thursday, July 23rd at noon.

In case you missed episode one (or would like to rewatch), find the full recording online. Check out our other Lunchbox Leader posts with PGH Networks.