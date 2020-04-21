America’s move to work remotely as a safeguard against COVID-19 exposure opens vulnerable home computers and corporate networks to penetration by hackers.

A recent survey of CFOs by Gartner business consulting indicates nearly 75% intend to have at least some employees work remotely until home-quarantine or social distancing restrictions are lifted.

That’s hundreds of thousands of people connecting with business networks each day from home computers.

For hackers, that’s like a bank vault protected by a paper clip, unless companies and the home computers linked to the network have hefty and up-to-date safeguards.

Cyber schemes are expected to cost business about $6 trillion by 2021, with the cost of ransomware attacks increasing 74 percent over 2019, to $11.5 billion.

From hijacked conference calls on Zoom—the so-called Zoom-bombing—to a ransomeware attack on a World Health Organization coronavirus testing facility, crucial security gaps are being exploited to steal dollars, data and personally identifiable information.

Small businesses are even more vulnerable because they typically don’t have the IT integrity and dedicated security staff of most corporations.

Here are some best practices for employers and home users to defeat hackers:

Credentialing

· Audit passwords to ensure they are long and complex.

· Don’t reuse passwords.

· Consider using a third-party password manager.

· Ensure all personal and work credentials have unique passwords.

· Implement multiple-factor identification (the coded text sent to a cell phone) .

· Disable the browser feature that offers to save passwords; clear browsers of all remembered passwords.

Home routers

· Update with the latest firmware and software updates. If you don’t know how, contact your router manufacturer if you own the router or your Internet Service Provider if you rent the router.

· Change the router’s default password to something strong.

Wi-Fi networks

· Create separate personal and business Wi-Fi networks. Many routers allow multiple Wi-Fi IDs.

· Keep personal devices off the business network.

· Do not connect work devices to public Wi-Fi, often offered at stores, coffee shops, hotels and airports.

Limit access

· Only you can use your work device; lock it when not in use—even if you are just taking a break.

· Do not leave devices in vehicles or unattended in plain sight, such as near a window.

Encrypt data

· Encrypt sensitive emails. Find this option under your email security settings or via your cloud service

· When using portable computers, ask your system admin to enable full disk encryption.

System updates

· Ask your IT department or IT vendor to ensure your work computer is updated, patched and secured.

· Check your home/personal systems to ensure they are updated and secured, to avoid lateral attacks (infection from one device to another on the same network).

Report

· If you see anything suspicious or abnormal, notify your IT Department, IT vendor or cyber-security vendor immediately.

Websites, incoming email

· Be extra cautious opening emails if you don’t know the sender.

· Do not open email attachments from unknown senders. These so-called phishing emails are one of the primary sources of network attacks.

· Be careful browsing websites you don’t normally use.

Hackers are persistent and stealthy

Attackers work hard to get into networks because the payoffs are so high. One successful entry out of 100 attempts is a good return.

Often, companies don’t know for weeks that their systems have been compromised. Marriott International didn’t discover a data breach until 2018, four years after attackers gained entry into the Starwood hotel brand, which Marriott acquired in 2016. About 500 million customers were affected.

Here in Mercer County, we worked with a firm that only discovered an intrusion when it got a ransomware demand. The company said it couldn’t afford to pay the demand. The attackers were so deeply inside the company’s system that they locked down the network and sent the CFO a copy of the firm’s financial statement. A “yes, you can” message.

By the time we were hired, all we could do was fortify the network against further attacks.

Strengthen your passwords

Passwords are the keys to the kingdom for hackers, and complex passwords are a business’s best defense, short of using a password manager.

While the password length is helpful, it takes more. A single, lower-case, eight-letter word found in a common dictionary will take an automated hacking program using a common computer no more than two days to break. On a supercomputer or botnet, it takes about 1.8 seconds.

The most effective password is at least 10 characters and contains an assortment of symbols, numbers and upper- and lower-case letters. Stay away from birthdates and names of children or your spouse.

And here’s the challenge we hear all the time: “I need a password I can remember.”

Try mnemonics or passphrases, which use the first letters of a phrase or list to form a word. Remember how Roy G. Biv helped you recall the colors of a rainbow: red, orange, yellow, green, blue, indigo, and violet.

Or use abbreviations or word fragments.

I like Yf@BCty4Rt! (Your friends at Blueclone thank you for reading this!)

The author is CEO of Princeton-based Blueclone Networks. He has appeared on network television as a cyber-security expert, and is co-author of the Amazon best-seller “You Are The #1 Target: Why Your Business Is Likely To Be The Victim of Cybercrime Now More Than Ever Before…And What You Can Do To Stop It.”