In December 2021, AMA New Orleans hosted Staying Secure in a Remote World, which discussed how companies, employees, and freelancers could improve their online security habits. The webinar featured security experts Vince Gremillion of Restech and Jack Reiner of Elliptical Hosting.
As more and more marketers transition to permanent remote work environments, businesses will need to take extra precautions to ensure their data remains safe, even when accessed outside the safety and confines of company networks and firewalls.
What are the biggest cybersecurity risks to companies?
Personal devices and (unprotected) home networks are two of the biggest potential exploits for hackers. “Most home networks don’t have strong wifi keys, and possibly even use default passwords on their devices,” explained Vince Gremillion. He used a hypothetical example of a home security camera that required the user to open a port in their firewall in order to view the camera feed, which could lead to trouble.
When asked about having employees use their work computers instead of personal devices, Vince recommended the use of virtual desktops. Jack Reiner agreed, “I’ve used a virtual desktop for years now, and this way if anything ever happens to the laptop I use, it doesn’t matter. The purpose of the laptop is only to login to the virtual desktop. And that’s behind firewalls, it’s backed up and well-protected, and can be regenerated quickly if anything goes wrong.”
Phishing attacks have also increased. Most people know not to click suspicious links or download executable files in emails, but when employees are isolated at home, and possibly distracted, these attacks are possible when they can’t simply ask their coworker next to them if they meant to send a particular email.
Working from non-office environments
Both panelists warned against connecting to public wifi at cafes, coffee shops, etc. There’s no guaranteed security from public networks; they’re there for convenience. Vince recommended rolling your own VPN with Amazon, Azure, etc. rather than using commercial VPN services. “The problem with commercial options is you don’t know what their servers are doing or what kind of agreements they have with various governments,” said Vince.
Going beyond VPNs, Vince discussed the use of Secure Access Service Edge (SASE) services and device-level authorization, which authorizes the devices allowed to connect to a network. These solutions are common at the enterprise level but will become more prevalent for smaller businesses.
Increased security controls and email deliverability
Jack Reiner discussed email deliverability issues when using 3rd-party email marketing services like MailChimp, Constant Contact, etc. There are DNS records (namely SPF and DKIM) that whitelist the servers that are allowed to send email from your domain. Failure to make the requisite DNS changes can result in bouncebacks and potential blacklisting because the email came from servers not authorized to send on behalf of that domain.
Why all websites are targets for hackers
It’s not unreasonable to think your small mom-and-pop website won’t be a target for hackers, but this is incorrect. Every web server can also function as an email server, and spammers are always looking for a clean IP to propagate spam. If they can hack your site, then they can send spam from your site. Hackers can also embed redirects into a webpage to take users offsite to malicious URLs.
To protect website owners, Jack stressed the need for malware scanning on the website at the server level. External malware monitoring can only scan the files it can see, whereas internal scans can scan all of the files on the server.
Jack also noted that most attacks are automated (bots), so hackers aren’t necessarily targeting specific websites.
Cloud vs. Local Security
With more people working from home, cloud-based file sharing services like Google Drive, Microsoft OneDrive, etc. have exploded in popularity. We asked our panelists if storing files in the cloud was more secure than storing offline.
Vince said the cloud was more secure IF … you protect it with strong passwords and multi-factor authentication, it’s backed up, and it’s encrypted. Your laptop can be lost or stolen, and most likely you’re not encrypting your device or using multi-factor authentication to access it.
If you’re synchronizing files to your desktop from Google Drive, OneDrive, etc. then you still need to encrypt your computer. An issue with encryption is that encryption keys are stored in memory. If you just close your laptop and it goes into suspend mode, then the keys can be taken out of memory and your laptop can be decrypted. People need to make it a habit to turn off their devices to take full advantage of encryption security.
Staying safe going forward
Vince recommended using a password vault to store strong passwords. Do NOT save the passwords in your browser. Also use two-factor authentication whenever available.
Jack advised against sharing too much personal information on social media. Privacy laws do not protect you if you divulge personal information voluntarily. Many Facebook timelines are filled with games and trivia that can be used to harvest vast amounts of user data to be used for nefarious purposes.
Most importantly, you are ultimately responsible for your own security and your own data. If it’s going to hurt you to lose it, then you need to do everything you can to ensure you’re protected.