Strategy Session Recap: Cybersecurity AKA Keeping Our Info Safe in Remote Environments

On May 20, 2020  BlueWave Resource Partners hosted a panel of industry leaders, including our very own, Ryan Royal (CTO, interviewstream) to discuss how to keep your digital information safe in the current remote environment. In case you missed it, we put together some key highlights from the discussion for all those currently navigating the world of cybersecurity.

#Whatyatalkinabout

The world of technology, specifically cybersecurity, is not necessarily a topic everyone is familiar with. Most of us have a handle on the ins and outs of online platforms, as well as the programs and technology that we use on a daily basis, however, beyond that, the world of tech security can be a bit foreign (and sometimes a bit frightening). 

Let’s ground first in what we mean by cybersecurity (I myself had to do a little research). To put it simply, it is how we protect any sensitive data on our computers and networks from theft or damage. 

So, why is it important for us #hrtech folks out there? Because all companies with an online presence, no matter how big or how small, are at risk of a cyberattack which can be a financial, physical, and legal disaster – not to mention a potential public relations snafu.

CLICK HERE! NO, Don’t do it!

When the panel sat down to chat, they shared a few common phishing scams that they’re consistently seeing. These email attacks allow attackers to gain access to your passwords, account numbers, or social security information, allowing them further access to anything they want. These phishing scams include things like:

1. New Invoice, Click Here.
2. Buy Now!
3. Resume links
4. Disaster Relief Donation Scams
5. Browser Update – Download the Latest Update
6. CEO emails (we at interviewstream can attest – Ron our CEO was “emailing” new employees asking them to pick up his dry cleaning or get him a coffee in his first few weeks on the job. Nice try scammers – better luck next time!)

Many employees know not to fall for it, however, there’s always a chance that a team member could miss the obvious phishing attempt – all it takes is one click.

Protect Yourself Before You Wreck Yourself 

Cyber crimes increase drastically when the economy has issues, which we all know is the world’s current state. The threats are often financially motivated (as in they want access to your company’s funds). Not surprisingly, the number of attackers will usually increase at a time when businesses are in the process of cutting back on funding to critical programs like cybersecurity. Last, in the midst of this pandemic, many organizations have had to pivot to remote work, creating a decentralized workforce that increases the risk of infosec challenges and poses an even greater threat.

According to the panel, small businesses are often the most vulnerable. Some helpful tips on how all companies can protect themselves from cyber crimes included:

1. Do your research. There is a wealth of information at your fingertips. For example, go check out this guide from the Small Business Association – it’s packed with best practices to help your business navigate the world of cybersecurity.
2. Build a team. Protecting your most valuable assets doesn’t have to cost a fortune – find room in your budget to hire a cybersecurity professional, having them create a line of defense that will ensure safety and secure your bottom line.
   
3. Hire the RIGHT people. Your neighbor’s grandson who is in IT won’t cut it. A great cybersecurity professional should be a thorn in your side. They should challenge your current systems, telling you to do things a certain way and advising against alternatives. Hold them accountable – they will definitely hold you accountable if you’re the one that “clicks” next.
4. Create policies AND enforce them.  With so many employees working from home for the foreseeable future, you need to set clear information security policies internally and externally, like ours. At a minimum, start with the basics such as (1) only working on your company computer, not your personal computer, for business reasons and (2) limiting access on company machines to specific software and internet sites. Putting specific and clear restrictions in place will help to prevent unintentional mistakes.
5. Educate everyone. And make cyber attacks tangible for people. Everyone has heard the phrase “cybersecurity attack” and seen the great lock up image, but few understand all of the technical jargon around cybersecurity. Make your training visual, something that your team can relate to, and explain why it matters from day one to every employee.
6. Don’t click. Simple. Do not install anything you didn’t go looking for and do not click on links from strangers!

The most important take-away is that everyone is vulnerable to cyber attacks, even more so right now. It doesn’t matter who you are, someone will find your data valuable. Leverage your resources and be cautious – we here at interviewstream will be double checking our security to ensure we have strong defense tactics! 👊

Thank you to Ryan Royal, CTO interviewstream, Michael Anaya, Head of Cyber Risk Expanse, Bart Gasiorowski, VP Fortress Information Security, Danny Jenkins, CEO ThreatLocker and Bill Swearingen, Security Strategist IronNet CyberSecurity for sharing your knowledge on keeping our data safe in the current remote work environment. And finally, thank you to BlueWave Resource Partners for hosting another great LinkedIn Live chat that we were thrilled to join!

About The Author

Esteban Gomez is a marketing consultant with interviewstream. He loves learning and has a passion for traveling, having visited many countries including China, Colombia, Italy, and Peru.