Who’s Responsible for Your Cybersecurity?

I Accept Full Responsibility

“…it doesn’t matter who you are, whether you’re an individual, a small company or a large company, if you have vulnerabilities you’re going to be discovered, and you are a target, and cybersecurity is your responsibility.”

> Eric Cole, former CIA cybersecurity expert

This statement was made after a February 5, 2021 incident where hackers accessed a Florida water treatment facility.  They tried to poison the water supply by using a dormant remote access software.  A human operator quickly discovered the hack, so no damage was done. This highlights, however, the growing security issues related to allowing so many employees to work from home using some type of remote access software.  The problem isn’t necessarily with the software itself but rather with individual employee credentials being obtained through Phishing or other methods.  Also, certain work functions and data are now remotely accessible, where they were not previously.  This opens the door to greater remote access vulnerability.   

Here are some key tips to make your remote workers more secure:

  • Use Multi-factor Authentication (MFA), where a code and/or biometrics are used as an additional layer of proof that the person trying to gain access is authorized.
  • Use Virtual Private Network (VPN) technology so that the systems are not directly exposed to the Internet.
  • Don’t allow shared accounts.
  • Use a company-managed Password Manager that will generate and store complex passwords for each employee in their individual “vaults”.
  • Implement a regular testing and training schedule to educate employees on phishing and other methods whereby hackers gain access to corporate networks and data.

Protecting your organization from cyberattacks should not simply be delegated to your IT people.  Management needs to be involved in weighing the costs and practicality of various security measures versus the level of risk you are willing to take.  It is also critical that management makes it clear to all employees that cybersecurity is a corporate-wide priority and that everyone is expected to be diligent about security. 

BSC Solutions Group can help your organization develop and implement a cybersecurity strategy that fits your needs.  Reach out to us today.