Cybersecurity in the Remote Work World PresentationJanuary 15, 2021
(Originally presented to ProVisors San Jose III group in July, 2020)
The following is a slide deck from a presentation that we gave in 2020 that was meant to help a very NON-TECHNICAL audience understand some of the basics of staying as secure as possible even while working out of the office.
If you’d like to use this deck for yourself, feel free to contact Danny via the email address shown below and he’ll give you a copy of the original PowerPoint deck.
Target audience: Staff and Individual Contributors who are now “WFH” en masse due to the COVID-19 gathering restrictions.
- This presentation will NOT cover cybersecurity from an IT administrator’s perspective!
- Data - Any electronic information worth storing, securing and (usually) keeping private.
- Compliance – Regulations (usually government mandated) that require companies and organizations to secure data, e.g., PCI-DSS, GDPR, HIPAA, etc.
- PII – Personally Identifiable Information is data that allows the owner/viewer of that data to determine the identity of the person that data pertains to. Our goal is to keep all data secure but especially PII!
Some reminders about cybersecurity:
- There are no perfect and/or all-encompassing cybersecurity solutions!
- Cybersecurity is a never-ending game of “cat and mouse.”
- The goal of a solid cybersecurity strategy is simply to raise the barriers around your data (wherever it may be) such that most hackers would simply choose a less secure target to attack.
“Where’s My Data?” (A “hybrid” or “mixed” computing
- Email - Probably either Microsoft Office 365 or Gmail (via G Suite)
- Office computers/servers
- Public cloud solutions – Amazon AWS, Microsoft Azure, Google G Suite, etc.
- Mobile devices – Laptops, tablets, phones, etc.
- Partners/vendors – The people who help you server your customers often must have your data (or your customer’s data).
- You CANNOT control all the data systems/locations
noted above and that’s OKAY!
Cybersecurity Solutions at Home
“What CAN I control?”
Firewall – This should be a dedicated device that sits between your ISP’s router/modem and your home networking devices (switches and Wireless Access Points) that is designed to stop/drop malicious traffic from the Internet entering your home network.
Modern firewalls can in REAL-TIME:
- Scan for malware
- Detect hackers attempting to gain access to
- Filter web content (to avoid malicious web sites
and/or “phishing” attempts)
- Bottom line: Invest a commercial-grade firewall!
Secure WiFi – This is actually a VERY complicated topic but, in a nutshell, you want your home’s Wireless Access Points (WAP) to support a wireless security/encryption protocol called “WPA2 + AES” (“Wi-Fi Protected Access 2” and “Advanced Encryption Standard”) to ensure that you are limiting the risk of someone trying to maliciously gain access to your home WiFi network.
- Pro Tip: There are a head-spinning number of SOHO WAP vendors; however, for price, security and ease of management, consider two vendors in particular: Ubiquiti and Cisco Meraki.
- Bottom line: Invest in WAPs that offer “WPA2 + AES” encryption!
Antivirus – NO COVID-19 JOKES PLEASE!!! Computer viruses have evolved quite a bit over time but (now usually referred to more broadly as “malware”), basically, they are bits of code that do things on your computer that you do NOT want them to do, e.g., encrypt all your data, log your keystrokes, etc.
- There are a LOT of antivirus/antimalware solutions on the market today (including those that are cloudbased and even use “AI” to do their job) but you don’t need anything fancy here.
- Bottom line: Invest in a well-established antivirus provider solution, e.g., Webroot, Bitdefender, Norton, Avast, etc., but just remember that NONE of them are perfect!
DNS Filtering – Like “Secure WiFi” this is a bit of a complicated topic but, in a nutshell, a DNS filtering solution is designed to protect end users from accessing places on the Internet that are known to be malicious and/or contain “undesirable” content.
- DNS filtering software pays for itself when it keeps you from accidentally clicking on a link in an email that turns out to be a malicious web
- Bottom line: While there are relatively few DNS filter vendors on the market, consider investing in a solution from one of these vendors: OpenDNS, TitanHQ, DNSFilter and Webroot.
Password Management – These tools are designed for the easy storage of passwords into a single application and that can typically be access on multiple platforms including computers (Mac and PC) and mobile devices (iOS and Android).
- Writing down computer passwords is a “no no” but, obviously, people still do it. A good password manager, though, will help you avoid that as many of them are “biometrically aware.”
- Bottom line: Good password management solutions are relatively low cost and can almost all be used in a team/multi-user setting with roles, permissions, etc. Do yourself a favor and invest in a password manager if you haven’t already!
Multi-Factor Authentication (MFA) – We don’t like pulling out our phone to enter in a “security token” every time we log into a web site any more than you do but the simple fact is that MFA works! Combining something you know (your password) with something you have (your smart phone, tokengenerator, etc.) is still your best defense against web account compromise!
- NOTE: MFA isn’t really something you can “buy” but it is often something that you must turn ON to make that web site you’re accessing more secure.
- Bottom line: Turn MFA on for all web sites/apps that allow you to do so!
Cybersecurity Solutions “on the Road”/Other
“What CAN I control?”
Physical Security – Laptops and phones get lost or stolen. Here are a few “dos” and “don’ts” to limit that risk:
- DON’T leave your laptop/device in your car trunk!
- DO leave your laptop/device in your hotel room’s safe (if you cannot take it with you)!
- DON’T leave your laptop on the table at Starbucks while you to to the restroom!
- Bottom line: Use good judgement and do your best to keep your mobile devices/laptop with you at all times!
Disk Encryption – Despite all your best efforts, your laptop/mobile device may be stolen from you…it happens. Before this happens, though, make sure that you have enabled disk encryption on that device so that if someone steals it, then they will have a VERY hard time seeing the data on that device.
- Windows computers use “BitLocker”; Macs use “FileVault” and various mobile devices (iOS and Android) have their own device encryption methods.
- Bottom line: Turn disk/device encryption on for ALL your computing devices NOW, NOW, NOW!!!
Operating System (OS) and Application Updates – OS and application vendors patch/update their software to plug security holes ALL THE TIME. Don’t be the guy/gal who has disabled those updates because “they always break your computer!”
- Yes, occasionally, OS and/or application updates “break” things on your computer/device. But that’s why you have a good BACKUP solution running on your device, RIGHT?!? (See the next slide on this topic.)
- Bottom line: Leave your automated OS/application updates turned ON unless you have a REALLY good reason to do otherwise!
Backup – While not exactly a “cybersecurity solution” backup is, nevertheless, critical for recovering data when bad things do happen.
Modern backup solutions feature:
- Huge amounts of backup storage/retention for very low cost.
- Cloud-based administration and restore options for when the original device is no longer available (for whatever reason).
- ALMOST manage themselves!
- Bottom line: Backup is the foundation on which you MUST build your “cybersecurity castle!”
VPN Services – If you really are a corporate “road warrior” (think salespeople who travel often), then you should consider using a VPN service when you are connected to “public WiFi” hotspots such as airports and coffee shops so that others on these WiFi networks cannot “see” your network traffic.
- VPNs can be confusing…what’s a corporate VPN? How is it different from a VPN service? Etc. Just know that if you use public Wifi, then you should consider services from providers like ExpressVPN, PIA, NortVPN, etc.
- Bottom line: While this might be an “optional” cybersecurity solution, it’s worth considering implementing given its relatively low price!
Examples of cybersecurity solutions that we did NOT cover:
- Mobile Device Management (MDM)
- Single Sign On (SSO) – Often bundled with MFA and password management solutions
- Virtual Desktop Infrastructure (VDI)
- Software Defined Networking (SDN)
- Managed Detection and Response (MDR), etc.
Simple but NOT easy!
- Most of the solutions above have been around for MANY years and are not particularly complicated to implement and use. The “hard” part is the discipline to put these solutions in place and keep yourself as secure as you can while working from home!
“I’m Sold! Where Do I Sign Up?”
While we LOVE your enthusiasm, we need to know a little bit more about you first before we can start Getting Stuff Done for you! Click the button below so that we can contact you and share in your enthusiasm!