Cybersecurity with Karen Clark
Technology should be a component of your business that results in better outcomes. During this period of time where the vast majority of businesses are executing remote workforce- the focus needs to be on leveraging technology to improve your business outcomes, not on frustrations caused by your IT partner’s lack of knowledge, bad service or failure to inform you on ways to protect yourself.
At The IT Company our primary focus is to aid our customers in producing better outcomes for their business. One way we are doing so throughout this pandemic is by providing as much information as possible to eliminate I.T. frustrations and potential dangers.
CEO Paul Sponcia joined Karen Clark, Director of Somerset Technology Advisory Services, for a four part series of conversation. Karen has a strong background in large healthcare operations as a CIO for over 20 years. Paul and Karen provided their expertise on cybersecurity while working from home.
During the transition of company’s working from home, businesses have expanded the attack surface drastically. Employees are use to being safe and protected behind their company firewall, but the attack surface is now expanded to every single employee’s home.
Not only has the attack surface expanded, but hackers are absolutely trying to take advantage of the situation and exploit this vulnerability. Last month alone, there were over 2,000 COVID-19 specific domains registered. We have all seen notices about these deliberate COVID -19 related attacks and we need to take precaution.
Karen emphasized the importance of employees realizing that while they have always been targets, they are much more exposed while working remotely than they were while they were being protected behind the company’s firewall. She provided a checklist to see how employees are connecting and once they do- what they have access to and if they are exposing your network.
- How are people connecting to your company network? Are you requiring a VPN? Stop there- if not, that is a number one method of protection.
- Are you implementing two-factor authentication?
- Once an employee is connected to your network, what can they access?Do they have full access as if they were in the office? Or are they limited to a virtual desktop with controlled access?
- Are employees using a company owned device or are they using a personal device?This is extremely important. If an employee’s personal computer is not protected, controlled and properly setup- then connecting it to the corporate network via a VPN is very dangerous. That device would have no security controls in place, and could be putting your network at risk.
- Is your patching up to date?
- Do you have split tunneling enabled?Split tunneling is essentially the ability to go to the public internet off of the device, as well as my private network. If you have enabled split tunneling on your VPN, that exposes your private VPN to the public unprotected network. If this is enabled, you are essentially tripling your risk of vulnerability.
In addition to running through this checklist, Paul and Karen discussed what The IT Company is encouraging customers to do- implementing EDR/MDR, and AI machine learning and behavioral based method of protection. This is a step further than an basic antivirus software. EDR/MDR is a software on your machine that is addressing it’s behavior. Looking for red flags such as “this isn’t operating jow it used to” or “this is doing something I don’t think it should be doing.” Adding this extra layer of protection is a necessary step.
As business continue to work through the changes brought by COVID-19, stay informed. Let your technology and IT provider bring you better business outcomes. Interested in learning more ways The IT Company can free you from IT frustrations and bring you better business outcomes? Contact us below!
[gravityform id="1" title="false" description="true"]