Recently, Brainlink’s founder Raj Goel presented as a part of a breakfast panel for the BOMA/NY (Building Owners and Managers Association of NY) on the topic of cybersecurity. Answering the question “How Vulnerable Are Your Building & Company Operations?”, the panel also included Todd Januzzi, CIO Paramount Group, and FBI’s SSA Albert Murray. The discussion began with the panelists explaining the nature of modern cybercrime, which was distilled into a few key points:
- Businesses are targeted hundreds of times each day by hackers that are looking for vulnerabilities in their systems
- Vulnerabilities are basic, such as out of date software and default passwords
- Unaware and untrained employees are often the weakest part of a business’ IT security
Raj explained that much of these dangers are linked to personal technology practices. Using a default password on your computer at home, linking unsecured household devices to other, more sensitive data, and failing to keep personal devices up to date often informs poor security practices at the office.
“What we saw in our commercial practice is while we were educating folks like you at work, when you went home you walked into a maelstrom of chaos,” said Raj. “Johnny’s downloading Snapchat, Susie’s doing whatever, [and] husbands are doing whatever husbands do in their private studies in man caves. What we noticed is that we were seeing a lot of threats coming into the workplace from insecure practices at home”
Januzzi continued on the importance that people play in IT security, saying that at Paramount, employees are regularly trained and tested on security practices.
“We’ll do testing throughout the company,” said Januzzi. “I’ll take a simple USB drive and I’ll put it on someone’s desk and I’ll mark it payroll […] many people will open it up and many types of people will travel to it, so we end it and say, ‘Ha, joke’s on you.'”
The major recommendations imparted by the panel included:
- Technology such as conference room systems and smart TVs should be isolated on separate networks. They simply can’t be reliably secured, and as such, shouldn’t be left as a venue for hackers to gain access to your main system.
- Corporate networks should be segmented – Visitors should be isolated from infrastructure, CCTV/HVAC from Infrastructure
- Systems need to be patched and updated on a regular basis, otherwise, basic and recognized vulnerabilities will quickly be exploited by hackers.
- Educating employees is a vital part of security, as it’s often poor security practices that lead to a breach, as opposed to strictly technological security measures such as a firewall.
Want to teach your employees more about proven security processes and procedures? Contact Raj today at (917) 685-7731 or raj@brainlink.com to book him for your next conference, or Lunch & Learn event at your firm.