Like many others, my company's entire team has been working from home for the last three months. It's difficult for many reasons, but I recently encountered one big, scary challenge I hadn't thought about: cybersecurity. That's the scary part--it's not top of mind until something goes wrong.
Within the last couple of months, my team realized we were receiving more and more phishing attempts. They looked like emails with subject lines that read "Action required for your SBA Loan," or "You're one click away from reserving your Covid-19 antibody test" or "The WHO says we may all be carriers," followed by a link to click or an attachment to open to learn more. Luckily, my team caught these attempts without opening anything that compromised our data, but the experience left me with an uneasy feeling that we were somehow more vulnerable than usual.
To understand our cybersecurity better, I got in touch with Eric O'Neill, former FBI Special Agent and the National Cybersecurity Strategist for VMWare Carbon Black. He laid out the reasons for the uptick in cyberattacks around the world and helped me protect my company's data.
Cyberhackers and terrorists notoriously hit harder during times of conflict. Starting with the spread of misinformation related to Covid-19 and followed by the political unrest that's gripping the world, rapid information is in high demand. When you pair that with the fear-mongering that is driving common sense right out the window, you get a perfect storm. On top of all that, people are even more vulnerable than usual because they are working from home on personal and unprotected devices.
For a company that has private information for big names in every industry, that's a terrifying thought. So, O'Neill helped me ensure my team and our data were safe by having us implement these procedures.
Safeguard personal devices.
First things first, get your employees off their personal devices. Request they take their office computers home or, if you have the means, ship them. Or purchase portable computers for your staff with preloaded cybersecurity and VPN software.
If you're like us, you're readjusting your budget due to unforeseen COVID-related changes, so I wasn't sure this was the best use of our money. However, O'Neill walked me through a few cyberhacking scenarios that lead to ransom, extortion, and blackmail, and I quickly saw the light.
If you're unable to provide company devices to your employees, there are measures you can take to ensure their personal devices are secure, such as purchasing cybersecurity software for your team's personal devices and walking them through the installation.
Securing your devices against malware is not the area to skimp. Budget for your data's protection and it will save you money in the long run.
Secure your emails.
Your company should have an email level of cybersecurity that filters out phishing attempts. This firewall protection filters your incoming emails by IP addresses and rejects any harmful looking emails coming from Russia, China, North Korea, and Iran, since these countries are constantly sending broad spectrum attacks to massive email lists.
Turn your team into spy hunters.
Your firewall protection only covers you so much. If the cyberhacker chooses to bounce the email from Moscow through an IP address in Arizona, then your protection will most likely not catch it. So it's important to train your team on deciphering phishing attempts. O'Neill calls this spy hunter training.
Start by having your team turn on two-step authentication for all emails. When examining an email, O'Neill says there are certain tells a spy hunter should look for:
- Double click the sender's email to see the actual email instead of the name they want you to see. You can often identify a hacker by an email address that is spelled wrong or slightly off.
- Check grammar and spelling. Often, hackers are in a rush or English is their second language, so you can find errors that don't make sense coming from the sender they claim to be.
- Never click a link or open an attachment from a suspicious sender. If the email is supposedly coming from a bank, institution, health care provider, or some other partner, log on to their site directly after closing the email browser or call their helpline. Never give any personal information over email.
We already have enough problems out there without dealing with hackers and cyberthieves. So stay safe, be more secure, and, in the end, your business will stay as healthy as you are.
(Mansueto Ventures)
(Tribune Media)
