Title : Security Question FAQ - Updated

Posted by : Tariq Azmi | 2020-09-10

Frequently Asked Questions from our webinars, cybersecurity educational seminar, and lunch and learns

Now that most of the people have adjusted to working from home, Should the companies still be concerned about security of their data? Or Cyber Security.?

  •  The security is a mindset, it cannot be set it forget it type of thing. New threats are always evolving, and we must be vigilant. No one was really prepared of COVID-19 and when things are done in a hurry to accommodate there are steps that will be missed, protocol will be missed. I am sure if the business/corporation has internal IT or outsourced IT, the IT professionals were on a timeline to get it done and it was done

This COVID has provided the cyber criminals an opportunity. What are some of security concerns?

  • Well, the most common one we see is the phishing emails. Regardless how big or small the business is, they are all waiting on SBA funding or PPP approval emails. The Cyber Criminals are sending fake emails and hoping someone will click on the link which is really trap they created. That trap is either to get your personal information or a company’s information.
    Non – businesspeople who are waiting on stimulus checks are getting robo call, text or email asking them to update their bank information for direct deposit  

Zoom meetings have been in the news a lot with the security concerns. Should business still use zoom?

  • Yes, business can still use Zoom for their calls and meeting.  Zoom is probably good example of how a tool was deployed without much scrutiny.  Everyone wanted to get back to work, wanted to IT professionals to set up and make it so that employees can work from home.
    There are multiple settings in zoom that can be tweaked to make it a secure platform.

Should we have someone test our security?

  • Regardless of this COVID, all business should get their Network and Application security tested by a 3rd party once a year.  As I mentioned earlier threats are always evolving and the In house IT or outsourced IT is always reacting and putting out fires don’t always have time to do the maintenance.  Think of it as getting tune up on your car or changing the HVAC filters. Security of the network and application should be treated no different.

All our employees are now using VPN? Are we safe?

  • Yes and NO, since work from home option was put in place in a hurry and not all individuals received a their systems from work it is hard to tell if those systems being used to connect are secure, updated. 
  • Home computers are most likely used by multiple members of the family it may or may not be maintained or kept updated which would be risk factor.  Those home computers may already have a virus or malware that might be tracking the users behaviors

Industry specific questions. Healthcare industry is working hard to handle COVID. What should medical industry be doing and plan for during this time?

  • Lately, Healthcare industry has been investing in Mobile devices and cloud technology which is rather convenient for the users to update patient charts and records. At the same time, it holds lot of personal data about their client/customers which makes them a target.
  • Emails should be scrutinized “there are emails with subject line “your PPE Order” Delivery Date changed for PPE, You COVID TEST KITs etc are being used to get user to click on the link

How about Banking & Finance Industry?

  • No different, COVID has really created an opportunity for Cyber Criminal to set up traps. Just like consumers and business owners who are looking for funding these phishing emails are being sent to financial institution with subject line “PPP application” or the emails they are able to highjack from one of the businesses they are sending emails with “PPP supporting documents” and the attached .pdf or excel spreadsheet have the embedded virus or malware that can be in installed on the Bank Personnel’s machines.
  • Finance industry has to comply with the SOX compliance and do a network Security and application security test yearly. It may not be a bad to time to get it done.

What other industries do you believe are at risk?

  • Any all, Cyber Criminals are taking advantage of this crisis, they are targeting business and individuals.  We do not want to make it seems like only these industries or those industries are a target.  Think of it as thugs who want to extort people of their belongings, the