With many industries moving important data to the cloud and the Covid-19 pandemic making telecommuting more prevalent, business owners need to be aware of cybersecurity risks and trends like never before. During a recent webinar with Comcast Business and the South Florida Business Journal, local experts shared how companies of all sizes can protect their businesses and staff from the potential hassles and financial burden of a cyberattack.
Lead by moderator Patrick McGranaghan, Comcast Business Senior Manager of Security Training and Awareness, the panel of experts included:
- Ed Breman, Founder & Principal at Cyber Armada Insurance
- Tim Devlin, Co-Managing Partner at Daszkal Bolton
- Howard Grodin, Director of Information Security, Risk & Compliance at AvMed
- Christine Guzman, Chief Financial Officer at Inktel Holdings
- Mary Hummel, Manager of Cybersecurity at Broward Health
- Dennis Klein, Partner at Kelley Kronenberg
- Mike Novak, VP of IT Security and CISO at Seminole Hard Rock Support Services
- Diego Tibaquira, Professor, Cyber Security Center of the Americas at Miami Dade College
The discussion focused on three topics – cybersecurity threats to be aware of in 2020, steps owners can take to secure their businesses and what cybersecurity risks are likely to develop following the Covid-19 pandemic.
Cybersecurity Threats to be Aware of in 2020
Several experts noted that one of the most common types of cybercrime – phishing – still poses the biggest threat to businesses of all sizes. Phishing is when a cybercriminal attempts to fraudulently obtain a victim’s personal information by disguising oneself as a trusted entity through an electronic communication, typically an email.
Broward Health Cybersecurity Manager Mary Hummel pointed out that phishing has persisted as the number one type of cybercrime over the past decade because of how it preys on the sense of urgency of its victims.
Hummel also brought up an important point that was emphasized by multiple panelists throughout the discussion – a critical component of fighting phishing attacks and cybercrime in general is educating and engaging an entire staff, from frontline employees all the way up to the CEO. A company’s investment in security equipment and software, no matter how advanced, will not make a difference if employees do not understand and follow cybersecurity protocol and policies.
AvMed Director of Information Security, Risk and Compliance Howard Grodin further iterated the importance of employee training by recommending that companies conduct phishing tests several times a year to see how vulnerable the company is to an attack. Then by following a test with additional education and employee engagement, hopefully fewer employees will take the bait in a future test – or an actual phishing attempt.
Hummel also noted that information technology and security teams need to pay attention to smart devices and the Internet of Things as the industry is still in its infancy and the necessary programs and software to fully protect those devices are still being developed.
Finally, Cyber Armanda Insurance Founder and Principal Ed Breman explained how loss of a company’s own data is not the only potential problem. Cybercriminals often employ a technique known as “island hopping” by first breaching a smaller company that is a third party vendor or contractor – then using the information they obtain there to hack in to a much larger entity the first company does business with. Depending on the circumstances, the smaller company could ultimately be held financial liable for the entire attack and the financial losses of its own as well as the larger company.
Steps to Secure Your Business
Dennis Klein, Partner with the Kelley Kronenberg law firm, offered important information for business owners to consider on the legal end when developing cybersecurity policies. Especially in light of the rise of employees working from home because of the Covid-19 pandemic, companies have to remember that people don’t always abide by the rules – and someone who typically does follow the rules might let them go out the window when they’re working at home in a more relaxed environment than an office.
Klein also addressed a company’s liability for the actions of its employees in the event of a data breach. If an employee fails to follow a company’s policies, such as transferring work documents or data to a personal device, and there’s a data breach and customer information is compromised, the firm could ultimately be held liable for that breach because it did not enforce its own policies and procedures.
Dr. Diego Tibaquira, Professor at the Cyber Security Center of the Americas at Miami Dade College, emphasized the importance of employee engagement and training, noting that companies must secure the “human element” to prevent cyberattacks.
Dr. Tibaquira also reminded everyone not to forget the basics – such as not using the same password for multiple accounts and not posting sensitive personal information on social media profiles or online platforms that hackers could gather and use to gain access to personal accounts.
Christine Guzman, Chief Financial Officer at Inktel Holdings, reminded the audience that because cybercriminals are always pushing and looking for new ways to hack in to a company’s network, business owners have to always be on the defensive.
Future Cybersecurity Risks
Finally, experts looked in to their “crystal balls” to discuss what potential cybersecurity risks await companies in the future, particularly as a result of the Covid-19 pandemic.
Mike Novak, Vice President of IT Security and CISO at Seminole Hard Rock Support Services, explained that it is actually too early to tell what impact the pandemic is currently having on cybersecurity because we have not passed the 180-day benchmark. He said he does believe that a major factor in how things play out will be greatly impacted by the fact that many companies and employees are working remotely for the first time. That means instead of worrying about the security of the company’s network, companies have to be concerned with the network security at employees’ homes.
Tim Devlin, Co-Managing Partner with Daskal Bolton, emphasized that upper management cannot just listen to the IT department when there are issues or problems. Instead, IT employees should be a part of ongoing conversations about the company’s strategies and policies. In additional to his company’s in-house IT staff, he also found that hiring a consultant several times a year to review the company’s cybersecurity set-up was extremely beneficial.
For more information about Comcast Business and its cybersecurity services, visit business.comcast.com/enterprise/products-services/cybersecurity-services or call 1-(866) 429-0152.