IT Security Beware: A Cyber Security Nightmare at Work Can Start at Home
A family in Dayton made the news this week when they got slapped with the harsh reality that a cyber intruder had infiltrated their digital lives. GDF’s founder talks about the lessons IT security personnel should take away from examples like this and the importance of getting everyone in an organization up to speed on at least basic cyber security awareness, because whether an employee is in the office or at home, organizational data security can be affected.
Watching a cyber nightmare come to life in the privacy of one’s own home can be quite unsettling, just ask the family in Dayton who could do nothing more than sit back helplessly as a hacker took control over their digital world, as reported this week in TribLIVE on Wednesday, September 2nd. And while it may have made the whole situation that much more jarring to the senses for the family, they should feel lucky that their attacker was brazen enough to reveal their presence.
But just think about what can happen when cyber intruders lay low and don’t reveal themselves after having gained a foothold on a home network. To Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City, it’s a problem that should bear long and hard consideration by anyone responsible for an organization’s cyber security.
“Danger lurks everywhere in the cyber world,” says Caruso, “and that’s why more time and resources are being spent every year to try and combat the ever growing and evolving problem of cyber threats. But approaching it as an “only at work” issue can be a recipe for disaster. Just think about what happened to this family, they had an intruder not only snooping around their computers and able to steal, manipulate or destroy data at will, but he or she had eyes and ears throughout their home and access to every device connected to their WiFi network – cameras, microphones, everything. Every phone call, every conversation, every visitor in that home could be a source of valuable information which an attacker could leverage. Imagine an attorney discussing a case with a client, privileged information and all, or an insider discussing plans which could drastically affect stock prices in the near future, or sitting on the couch discussing trade secrets with a colleague, or simply accessing the office network from home, the possibilities are endless. It’s also a pretty easy leap to infect a mobile device that an employee uses both at home and the office which could introduce malware to the network at work. The fact is, if every employee is not being well trained and regularly updated on the basics of cyber security, an organization has no one to blame but themselves when the chickens come home to roost.”
“First and foremost, attackers need to find a way to get their foot in the door, and they have two choices,” says Caruso. “Either they can try to wade their way through a tangled web of stiff security measures, or they can find a human patsy to fool into unwittingly giving them the keys to the castle so they can walk right in the front gate. That’s what makes social engineering attacks like phishing and spear phishing campaigns so dangerous for organizations and so preferred by hackers, and without all the security bells at whistles which can often be found these days in the workplace, starting with an employee at home can be a much easier mark. It takes just one bite on the bait and the enemy is in, doing reconnaissance and possibly laying the groundwork for a lateral shift from home to the office.“
“Our vulnerability assessments and penetration testing plans are designed to find weak links in the security chain and solve problems,” says Caruso, “including raising awareness for every employee enterprise wide against social engineering ploys hackers commonly rely on, and uncover any existing and/or resident threats and thoroughly eradicate them. From proactive solutions to help thwart today’s cyber threats, to a proven track record as emergency incident responders, we certainly have plenty of experience helping all kinds of clients navigate not only the dangerous cyber threat landscape they face on a daily basis, but all the potential pitfalls and headaches that can arise should the unthinkable happen and a breach is successful. We can customize solutions to fit any client’s real needs, it’s just a matter of picking up the phone to get the ball rolling – with sooner being far better than later when it comes to combatting cyber threats.”
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit out cyber security page.