CYBERSECURITY BASICS : KEY INSIGHTS from BOMA Cybertsecurity Panel
May 10, 2018 Published by Rajesh Goel
Recently, Raj Goel presented to answer the question “How Vulnerable Are You Building & Company Operations?”, the panel also included Todd Januzzi, CIO Paramount Group, and FBI’s SSA Albert Murray. The discussion began on the topic of how important is to backup files in a timely fashion.
“First off, conduct a desktop exercise,” said Raj. “Create a couple of dummy files with no valuable data, then delete them. How fast can IT restore it?”
Raj explained that most businesses haven’t bothered to test how quickly they can get their business running again after an emergency.
“What we find in more and more is people don’t even have the basic steps necessary to turn something off and turn it back on,” said Raj. “The other thing we find most people don’t know, is if they lose power right now — it’s happened in Sandy — what is the right order for turning things back on so they don’t make things worse? Most people don’t have that documented.”
Albert followed this up by explaining how the many available resources can be very helpful in developing effective business continuity.
“We don’t really give specific plans but the biggest takeaway is to make sure you have a plan and have tested that plan like Raj said here earlier,” added Albert.
“Cybersecurity scares people, it scares the board and public companies,” said Todd. “When I need money for cybersecurity it’s usually not a question because it’s so vital to a company, but what I try to do is take 25% of my budget and earmark that for cybersecurity.”
When it comes to how to invest, the panel agreed that the best defense against digital threats is a robust data backup contingency.
“We practice onsite and offsite, and multiple stage backups; by the time the client notices the attacks, yes, all the files are encrypted, and some of the onsite back-ups are also encrypted and we ended up with data recovered from them off the cloud because we’re not just keeping one copy of it,” explained Raj. “In all three incidents, we have 100% recovery.”
Continuing, Raj explained that personal technology practices — using a default password at home, linking unsecured household devices sensitive data, and failing to update personal devices — often leads to poor business security practices.
“What we saw in our practice is while we were educating folks like you at work, when you went home, you walked into a maelstrom of chaos,” said Raj. “What we notice is that we were seeing a lot of threats coming into the workspace from insecure practices at home”
Januzzi continued on the importance that people play in IT security, saying that at Paramount, employees are regularly trained and tested on security practices.
“We’ll do testing throughout the company,” said Januzzi. “I’ll take a simple USB drive and I’ll put it on someone’s desk and I’ll mark it payroll […] many people will open it up and many types of people will travel to it, so we end it and say, Ha, jokes on you.”
The panel then moved on to discuss how personal security practices with mobile devices often inform corresponding business practices.
“We’re implementing the bring your own policy, meaning we can wipe your phone,” said Todd. “We can control your device, but most of our devices outside of email are not really connected with any systems that we have, within our environment.”
The risks associated with employees using personal devices for work cannot be overstated.
“Think about it: if your personal device is compromised, your username and password are compromised as well,” said Albert.
Raj then moved the discussion towards cybersecurity in the home, making the point that most executives’ homes are in many ways a small business in and of themselves.
“When it comes to your home, look at your income statement; if your income is six-figure or higher, congratulations, you’re not just a family, you’re a small business,” said Raj “You have to treat it the way you would a small business.”
Similarly, as you would train and restrict your employees’ use of IT at your office, the same consideration should be given to your children at home.
“You’re better of getting a good corporate firewall and setting up your Wi-Fi for the kids that’s separate from your family network because the kids will do stuff you can’t imagine,” said Raj. “Monitor what they’re doing; talk to them.”
The major recommendations imparted by the panel included:
- Making a considerable investment in a regularly tested backup data recovery solution.
- Technology such as conference room systems and smart TVs should be on separate networks because they can’t be reliably secured.
- Patching and updating systems on a regular basis, otherwise, basic and recognized vulnerabilities will quickly be exploited by hackers.
- Educating employees is a vital part of security, as it’s often poor security practices that lead to a breach, to strictly technological security measures such as a firewall.
- Employing a comprehensive and security-focused Bring Your Own Device Policy for employees
- Segregating Wi-Fi networks to keep corporate members, employees, and guests separate from each other
Learn the lessons that few others have bothered to take to heart. Reach out to Brainlink at (917) 685-7731 or firstname.lastname@example.org today to schedule your security assessment.