It’s what had to be done, experts said Tuesday morning during a talk about cybersecurity threats, hosted by the Greater Philadelphia Alliance for Capital and Technology (PACT). But this move to at-home work does pose some unique threats to companies, Nicole O’Hara, an associate at Saul Ewing Arnstein & Lehr, and Kevin Hyde, president and cofounder of Layer 8 Security, told attendees during the virtual talk.
“Anytime there’s something new, hackers are going to jump in,” O’Hara said. “How hackers view us all right now is that we’re probably working from home under stress, using new or strained technologies.”
The internet at work is different than the internet at home, the pair outlined. Most of the filters and firewalls in place in work buildings and in schools aren’t in place at home. And all internet work — schoolwork, communication, invoices, businesses deals — that’s usually done on protected servers is now being done at home on our Wi-Fi.
Hyde pointed out that things like money wiring, medical information, financial information and intellectual property could all be up for grabs for a hacker on easier-to-infiltrate at-home Wi-Fi.
In addition to work that’s being done on a computer, O’Hara said she’s also not a fan of at-home devices like Amazon’s Alexa that might now be listening in on conversations that would usually be happening in a closed-door office meeting.
There are, of course, actions you and your company can take, both said.
To start, Hyde said, your company’s IT department can consider putting in place multi-factor authentication if it hasn’t already, and implement a password manager to create stronger passwords across your platforms. And if you’re working on a home computer right now, it’s worth creating a separate profile for work when you log in, he said.
“You want to be a hard target, and to do that, you have to have more defenses in place,” Hyde said.
In addition, your company’s IT department should be over-communicating with the rest of the teams during this time. If you’d usually send a monthly email about best practices or updates to company IT rules, make it weekly or even daily.
And in this case, the best defense is a great offense, O’Hara told attendees. That means making an incident response plan before any security breach happens, and talking it through with IT, legal counsel and across a company’s staff.
“I’d much rather do the preventative stuff up front than deal with the fallout,” she said.
P.S. If you’re worried about COVID-19 email scams, here’s how to get free phishing training at home.-30-