To celebrate Cybersecurity Awareness Month (CSAM), we commissioned a survey in partnership with Angus Reid to analyze the sentiment of IT security and risk compliance professionals with respect to the impacts of the COVID-19 pandemic on business and the future of work, during and beyond the pandemic.
The Government of Canada sponsors CSAM every October to help teach Canadians about the importance of cybersecurity. The theme, “This year, life happens online,” offers tips and advice on topics including how to protect yourself and your electronic devices from cybersecurity threats.
Throughout the month, we’ll share our survey results and our insights on cybersecurity tools for the hybrid workplace model. We’ll also talk about protecting yourself and your business against cybercriminals and how to minimize cybervulnerability while working from home.
Protecting yourself at home
In addition to the information CSAM provides, Mitch Kelsey, cybersecurity advisor at CDW Canada, shares solutions you can implement to help minimize your cybersecurity risks:
- Online package shipment notice lures – An online package notification can come from several different sources – email, SMS, social media or website popup – but the trick works the same way. When you’re doing business online, ensure you proceed cautiously. If you receive a notification requesting money or personal information, check with the vendor to confirm why they need these things.
- Risks during virtual meetings – Cyberattackers can glean valuable information from virtual meeting footage – from passwords on a sticky note, to sensitive intellectual property on dashboards, to identifying the technology a victim relies on – to form their plan of attack, and even enable to them to bypass security tools by eliminating the element of surprise. Although it can be heartwarming to see pets or children during video calls, working from home might also reveal your personal information, which could be used to target you or your loved ones. Filters on many collaboration platforms are fun and can provide a sense of privacy and creativity. However, it is still good to think about what’s in the shot behind the filter, though, if it is accidentally disabled.
- Over-sharing on social media – From chain emails and online polls, to viral social media posts or articles, there is an abundance of online content that may be enticing you to share your personal information, without realizing the risks you may be leaving yourself vulnerable to. So when it comes to setting up the answers to your security questions, make up something completely fake. It usually doesn’t even have to address the question, for example, “What was your childhood pet’s name?” could be answered with a randomly-generated passphrase like, “gestate privacy coleslaw procurer.” Be sure to save your answers somewhere safe like an online password vault and ensure you have a strong passphrase protecting that too.
- Protecting your memories – Many of our memories today are being captured and shared digitally. As a result, we need to be as thoughtful about digital preservation as we were about old family albums. Whether the result of disk failure or something malicious, destruction of those files can be devastating. So it’s important to think about what kinds of data you hold onto, how long you plan to keep them and how they’ll be used and stored, to ensure that your protection strategy meets your needs.
Cybersecurity considerations for team collaboration
Whether you plan to go back to the office full time, part time, or remain remote, working and networking safely online is crucial. Unfortunately, collaborating remotely can pose several potential security challenges. Whether that is amongst teammates, between business partners, or during the hiring process, we often need to share information or file access to collaborate effectively.
In a corporate office context, this can be accomplished with shared drives, secure file transfer protocols, or even via USB stick, but when one member of the group is outside the corporate security perimeter, cybersecurity becomes more challenging.
Being able to answer these questions thoughtfully helps ensure you can treat the sensitive information you may need to do your job safely. Whether that’s ensuring sensitive documents or other material are encrypted at rest and in transit, or ensuring you only use trustworthy connections when accessing internal corporate resources remotely, having a game plan and a clear set of ‘do’s and don’ts’ can help navigate these collaboration requirements safely.
Cybersecurity Tips for Small Businesses
Small and medium sized businesses have had to shift many times throughout the year from business as usual, to open with restrictions or to having to close their doors during lockdown. Here are Mitch’s tips on how to keep your employees and business cybersafe:
- Implement pop quizzes – Your employees are your first line of defence against a cyberattack. Do your employees know what to do when they see something suspicious? Do they know the risks to be careful of when working remotely such as using trusted, encrypted Wi-Fi? If they have the permission, are they prompted to apply important patches? When end users have the confidence to know they can ask for help, they can help you be more vigilant.
- Password management best practices – Best practices around password usage and management have evolved over the last few years, as evidence suggests that forcing end users to rotate passwords more frequently incentivizes the use of weak or guessable passwords without meaningfully improving an organization’s security posture. Unless your organization has a compliance requirement to rotate more often, the updated guidance is to encourage your end users to use long, complex passphrases such as, “correct horse battery stapler” (as explained in this comic primer) and force rotation only when associated accounts are suspected of having been compromised. Pair this with a good identity protection strategy including step up multifactor authentication where possible, this can help significantly reduce the likelihood of an attacker’s success.
- Penetration testing – Many organizations had to make significant changes to their networks and infrastructure to accommodate remote working conditions during the pandemic. It is a best practice to validate major changes to an environment with penetration testing to ensure they were made securely, and any new or expanded access to the network be evaluated for potential risks.
To learn more about how you can protect yourself, your family and your business from cyberthreats, or to discuss any of the tips from our blog, contact a cybersecurity experts today.