By Rick Ball, VPC Cyber/Continuity of Operations Branch Director
COVID certainly changed the way organizations – Public and Private, small and large, conducted business. Work from Home (WDH) became the norm, and for many today it still is. Unfortunately, Cyber warfare and threats are everywhere – you cannot escape them and you cannot ignore them any longer. Everyone is now at risk, personally and professionally. Hackers and Cyber criminals are conducting “phishing” via personal and business email, social media, as well as via text messaging. No area is safe!
So what can you do to help protect yourself, your business, and organization? Two easy, and fairly inexpensive options are to utilize a Virtual Private Network (VPN) and Multi-Factor Authentication (MFA).
VPN: A VPN, gives you online privacy and anonymity by creating a private network from a public internet connection. VPNs mask your internet protocol (IP) address so your online actions are virtually untraceable. VPNs encrypt your data while online, scrambling it so that strangers can’t read it. The encryption that a VPN provides keep your online activities private, everything from sending emails and shopping online to paying bills or chatting with your doctor. A VPN encrypts the data you send and receive on whatever device you’re using, including your phone, laptop, or tablet. It sends your data through a secure tunnel to the VPN service provider’s servers.
Browsing web, online shopping, emailing, and all the other activities you do daily on your devices could be exposed to hackers if you are conducting these on an unsecure Wi-Fi network. Now, think of your work-related activities and the sensitive information, passwords, credentials, and emails that are exchanged all day, every day. Without a secure network, that information is vulnerable to malicious attacks. For this reason, it is imperative organizations and their employees utilize a VPN while working from home and more importantly, while exchanging sensitive information.
MFA: Muti-factor authentication (MFA), or two-factor authentication (2FA) is an enhanced security measure that requires two or more pieces of information to gain access to an account. It is more than likely you have already used MFA – when you log into a website or bank account, which then sends a numeric code to your phone, in which you have to enter to log-in. A MFA should be used whenever possible – for any confidential or sensitive data such as bank accounts, email accounts, health records, and especially corporate-related applications and accounts. MFA helps protect you by adding an additional layer of security, making it harder for bad guys to log in as if they were you. Your information is safer because thieves would need to steal both your password and your phone. You would definitely notice if your phone went missing, so you’d report it before a thief could use it to log in. Plus, your phone should be locked, requiring a PIN or fingerprint to unlock, rendering it even less useful if someone wants to use your MFA credentials.
An additional option would be to install an “Authenticator” app. An “Authenticator” app is usually installed on your smart device. It generates one-time passcodes consisting of 6-8 digits every 30 seconds. The code expires after 30 seconds, so if someone manages to get a hold of it, it won’t work after that time has passed. You don’t need to provide a phone number to the app, and the app itself is unique to your phone. Setting up an authenticator app with a site usually consists of scanning a QR code with the app to save a secret key. After that, whenever you log in to that site, it sends a code to your app generated from the secret key initially created plus the current time.
I will close by stating that Zero-Trust is coming so be aware and start getting prepared. What is Zero Trust? Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
Zero Trust has gained popularity because the global threat landscape has evolved, challenging long held assumptions about the inherent trustworthiness of activities inside a network. Well-organized cybercriminals can recruit insiders, increasing the opportunity for insider threats, and continue to find new ways past the outer shell of traditional security architectures. Sophisticated hacking tools and commercialized ransomware-as-a-service platforms have also become more widely available, making it easier for new kinds of financially-motivated criminals and cyber terrorists to operate. All of these threats have the potential to exfiltrate valuable data, disrupt business and commerce, and impact human life.
Given this new threat landscape, The United States Federal Government is under Executive Order to advance toward a zero trust architecture, and many enterprises are weighing the costs and benefits of adopting this approach.