CAPstone Webcast Series: Computing Security

Computing security has always been critical in keeping nefarious actors out of both business and personal systems. And due to the Coronavirus pandemic, emphasis on the topic has never been stronger.  Hackers have taken notice of the new remote work paradigm, and are constantly probing for weaknesses.

Computing security was the topic of discussion in EisnerAmper’s most recent Cyber Action Plan (CAP)Stone Series webcast, where Rahul Mahna, managing director in EisnerAmper’s Process, Risk, and Technology Solutions (PRTS), led a discussion with Nima Baiati, global director and general manager for Cybersecurity Solutions at Lenovo. This webinar, which took place on June 3, was the third in four segments designed to offer real world insight and tangible methods for developing one’s own cybersecurity action plan.

The webcast revealed that according to research firm Gartner, 74% of companies plan to shift to more remote work because of the pandemic, which will also pose a significant security challenge. This is even more daunting considering the vast majority of the workforce went remote almost overnight. Firms must supply their employees with the proper hardware to function comfortably and securely, rather than allow them to rely on personal devices or potentially compromised systems.

Hackers leveraging malicious spam emails is not a foreign concept in the IT world; however, the rate at which these emails are sent and received has skyrocketed since the outbreak. “It is much easier to steal an employee’s credentials than it is to break into a firm’s network from scratch,” Baiati said.

Consequently, endpoints are the new frontline of IT security due to the remote workforce. Because of this change in focus, it is important to educate employees on potential threats so that if fraudulent URLs or phishing emails do get past external security, employees have the wherewithal to recognize the signs and act appropriately. “We want to secure the person, not just the machine,” Mahna said.

Whether someone is an IT professional or has newly transitioned to remote work, there are steps they can take to harden and protect a network and personal information. On the individual level:

• People should keep any eye out for external emails, especially ones they don’t recognize, that may prompt them to change credentials or enter personally identifiable information.
• People should try not to overshare on the public domain as hackers will utilize this information to tailor malicious emails specifically targeted toward someone.

Meanwhile, on a systems level, it is important to strive to ensure the Wi-Fi has the ability to handle corporate traffic, is password protected, has proper certificates and updates (anti-virus or AI), and is not acting as a rogue endpoint (is utilizing endpoint protection to prevent known and unknown malware).

• It is also important to protect the physical computer as employees move to less secure locations for their work. Prevention methods include installing anti tampering switches into the back of the laptop and restricting USB access to the device.

In summary, as employees continue to work from home, or potentially start to return to the office with a compromised device, they must be cognizant of their computing security. Introducing one weak link can compromise the entire firm’s network.    

You can access the transcript of the webcast here.