Connect with us

Strategies

Tips for staying secure while working from home

Because many devices attached to home networks don’t get patched or updated as frequently as corporate devices, the most common exploits detected so far in 2020 have targeted older systems. Nearly two-thirds of attacks targeted vulnerabilities disclosed in 2018, and a quarter targeted vulnerabilities from 2004.

Published

on

Due to the global pandemic, nearly two-thirds of companies have moved half or more of their employees to telework. Sixty-two percent of employed Americans, for example, say they have worked from home during the crisis, with the number of remote employees doubling between March 13 and April 2 of 2020, and this is not just a temporary change. Nearly a third of all organizations with remote workers expect that half or more will continue working from home after the pandemic. 

The security implications of such a dramatic transition in such a short period of time cannot be overstated. Under normal circumstances, moving an entire workforce from secure IT environments to home networks with very little cybersecurity would take long-term planning and preparation. But that was not an option in 2020. As a result, 32% of respondents to Fortinet’s 2020 Securing Remote Work Survey found that setting up and managing secure connectivity to be the most challenging aspect of switching to telework.  

Part of the problem was that the devices at the company’s core network were not designed to manage the volume of VPN connections required. As a result, many connections were not secure. Or even if they were encrypted, existing firewalls were incapable of inspecting VPN tunnels to ensure they weren’t being used to deliver malware – at least not without significantly slowing down connections. 

But the other part of the challenge is that many home networks were not setup to support the bandwidth requirements of VPN, let alone bandwidth-hungry business applications such as video conferencing. In addition, end user devices (many workers began working from home using a personal device) were often unpatched and unsecured as were other devices connected to the home network. These challenges made home networks an ideal target for cybercriminals. 

Cybercriminals Are Targeting Remote Workers 

And as one might expect, threat researchers saw a significant shift in the behavior of cybercriminals. According to the latest Threat Landscape Report from FortiGuard Labs, global sensors detected that the top attack targets identified in the first half of 2020 switched from targeting corporate devices and applications to things like consumer-grade routers and devices such as DVRs normally attached to home networks.  

There was also a significant increase in attacks targeting end users that used concerns about the coronavirus to lure them into clicking on malicious web links or open attachments infected with ransomware or other malware.

Part of the problem was that the devices at the company’s core network were not designed to manage the volume of VPN connections required. As a result, many connections were not secure.

The FortiGuard Labs team saw an average of about 600 new phishing campaigns per day during the spring. And because home users were no longer protected by corporate security devices, web-based malware became the most common attack vehicle, outranking email as the primary delivery vector used by cybercriminals for the first time in years.  

And because many devices attached to home networks don’t get patched or updated as frequently as corporate devices, the most common exploits detected so far in 2020 have targeted older systems. Nearly two-thirds of attacks targeted vulnerabilities disclosed in 2018, and a quarter targeted vulnerabilities from 2004. 

Seven Recommendations for Remote Workers 

During the last several months, IT teams have been scrambling to close the security gaps in their remote worker strategy. But while 92% of organizations report budget investments to address teleworker security, end users are still the front line of any security strategy – and never more so than now. Here are a few suggestions of what they can do to reduce risks. 

  1. Learn to Spot Attacks: Many organizations are sponsoring training programs to help their workers identify suspicious emails, websites, text messages, etc. In addition, there are free programs available online to provide end users with essential security training and information. And make sure everyone at home using the network, from roommates to children, get cybersecurity training as well. 
  2. Harden Passwords: Another easy step is to simply make passwords harder to guess, and also use different passwords for different accounts. To manage these passwords, use a secure password management system that can remember passwords. Then all anyone needs to remember is the login information for that one application. 
  3. Use Multi-Factor Authentication (MFA): Also known as two-factor authentication, MFA combines something a user knows, such as a password, with something they have, such as a fingerprint or a security token. MFA should especially be used when accessing financial information or logging onto the company network. 
  4. Patch Home Devices: Have users look at all of their devices at home and make sure they are running the latest versions of their operating systems. Even gaming and entertainment systems have options that let users check to see if they are running the latest version. 
  5. Secure Home Networks: This is probably a good time to consider adding or upgrading a security application to protect the home network and devices from attacks. In addition, many home routers now include gateway security which should also be enabled. Some cable operators and internet service providers also provide free security. Remote workers should make sure that logging onto the home WiFi requires a password. They should consider an email gateway that can detect and filter out malicious email attachment and links. 
  6. Improve Device Security: New advanced endpoint security solutions, known as endpoint detection and recovery (EDR), not only provides better threat detection, but also prevents infections that manage to get onto your device from executing their malware. EDR solutions should not only be applied to remote worker devices, but also on other endpoint devices in the home.   
  7. Upgrade Internet Connections: Remote workers should consider upgrading their internet service so they can run business-critical applications even when others are streaming movies or playing online games. Companies should consider providing funds to help offset the cost of a bandwidth upgrade. 

Enhance Your Remote Work Security Now 

Cybercriminals will continue to target remote workers, with no signs of letting up. Adding these seven steps to any corporate security strategy is the right way to begin protecting today’s distributed networks that include remote workers. 

Strategies

4 Tips on doing business in a digital world

Doing business in a digital world requires end-to-end approach.

Published

on

By Lesley Salmon
Kellogg Company SVP, Global Chief Information Officer

It’s no secret that technological advances will continue to improve consumers’ experiences. While CIOs will always be responsible for keeping their organizations safe, secure, and sustained, successful businesses must harness the power of new digital solutions to drive better business decisions, and outcomes and ultimately grow the business.   

Depending on who you ask, doing business in a digital world can mean different things. To some, it means adopting consumer-facing digital offerings like e-commerce, mobile apps, and digital marketing; to others, it means digitizing operations and processes internally. To continuously evolve and adapt to forever-changing consumer expectations, CIOs must take an end-to-end approach to digital – focusing on four areas:  People, Process, Technology, and Data & Analytics. If you do this, you will realize the value it can add to your organization. 

1. Focus on your people.

For me, it’s all about people – having the right people delivering through great partnerships with the key stakeholders across the business, understanding their needs, pre-empting, and then responding to them. A recent Gartner poll stated that talent is a top challenge for CIOs in 2022. To attract and retain the right people, we need to satisfy their hunger to experiment, fail fast and learn.

When our Kellogg IT team told us they didn’t see enough growth opportunities, we knew we needed to take a new approach to learning and development. We built our Year of Development Always (YODA) initiative with a vision to cultivate our childhood curiosity and an eagerness to learn. We created several tracks in the program for technical training, career strategies, and shadow programs to help our colleagues learn and explore new facets of the overall IT function.  The program has seen great results, team engagement is at an all-time high.

2. Don’t frown on the word process; embrace it.

When we think of ‘process,’ many people immediately imagine a rigid and inflexible approach. I challenge this perspective – we sometimes have to slow down, to speed up. Processes can be flexible while still providing structure for business growth – they’re what drive progress every day!

Part of doing this is closely linked with People because Process can be about engaging business colleagues at the right time with the right solutions. Being a trusted partner means bringing the company along the digital journey with us, which is essential for our future success.

3. Integrate technologies that delight consumers and drive better business outcomes.

We know that building scale and leveraging our platforms will deliver value for the business, but what about delighting our consumers?

In 2020 a team member attended an event and learned that more than 2 million people in the UK live with sight loss and cannot simply read the information on packaging. It sparked an idea to add NaviLens technology to our packaging, allowing visually impaired people to access all of the information on our packaging via their smartphones – either by having it played aloud or by using accessibility tools.

We partnered with our Packaging and Design team and launched a successful pilot making Kellogg the first ‘food’ company in the world to include NaviLens technology on our packaging.

Our company’s purpose is for everyone to have a place at the table, and we want all consumers to be able to access important information about the foods we sell.

4. Making better business decisions with data and insights.

Data has always been available but never in the abundance that it is today. While CIOs may not manage every corporate data program, the IT function is critical in ensuring commercial and functional teams understand what data is available and use it to fuel insight-driven actions.  

At Kellogg, we’ve re-imagined our data & analytics approach and focus on data ownership, quality, ethics, and governance. This is the recipe for making better business decisions.  

The real magic happens when you join forces with other business areas, like Marketing, to combine our insights and analytics capabilities with innovation, e-commerce, and more. This has allowed us to create a rich omnichannel experience that ensures we have the right foods, attractive pricing, and tailoring the right message to our diverse consumers.  

Freeing data from silos is critical to meet consumer needs and preparing for the future consumer experience. We recently commissioned research that looks at what consumer shopping trends we can anticipate by 2035; we are making investments to prepare for those consumer expectations.

For example, in 2035 and beyond, the retail environment will fit the needs of each shopper. Shoppers will see the personalization of products and shopper journeys as a baseline expectation to fit their unique attitudes and needs. Traditional online and offline environments will become increasingly integrated, supplemented with AI and innovative technologies to offer data-driven capabilities. 

Final thought…

Digital is the driving force behind any business, and IT is in the driver’s seat. Commercial business leaders can and should partner with their IT teams to help prepare for digital shifts to create more personalized experiences that create brand affinity.

Continue Reading

Strategies

Tips on how to avoid a debt trap

Here are some practical tips to help better manage, stabilize, and avoid a debt trap.

Published

on

According to CNBC, an average American has over $90,000 in debt. Accumulating debt is not only a financial burden – it can be mentally and emotionally taxing as a borrower finds themselves trapped in debt because the high-interest charges keep piling on. 

Steve Sexton, financial consultant and CEO of Sexton Advisory Group, shares some practical tips to help better manage, stabilize, and avoid a debt trap.

  • An emergency fund is essential. “Aside from budgeting and living within your means, having an emergency fund for unexpected expenses is one of the best ways to avoid going into debt in the first place,” says Sexton. “Plan to have at least 6 months’ worth of expenses saved in this fund, which can help you financially weather a temporary crisis and keep things running until the situation stabilizes.”
  • Consolidate various loans under a single one. “Taking on multiple loans at different interest rates beyond one’s capacity to repay can be resolved by taking on a single loan,” adds Sexton. “By doing so, the borrower can simplify their finances and no longer need to worry about remembering multiple repayment dates. This step can help the borrower better emerge from a debt trap.”
  • Leverage cash flow to prepay high-cost debt. “An important factor to streamline your repayments and avoid debt traps is to use a temporary inflow of funds to prepay debt with high-interest rates,” says Sexton. “These include annual bonuses or capital gains on share sales which can be used to prepay personal, credit card, or auto loans. When loans with high-interest rates are repaid, you are effectively saving the extra amount that would otherwise have gone towards the higher interest charges.”

Continue Reading

Strategies

3 Tips to include in a business crisis plan

To better protect businesses and their people, emergency preparedness experts from Rentokil North America and their family brands, Steritech and Ambius, shared three elements to incorporate into a weather-related hazard mitigation plan.

Published

on

Across the world, natural disaster events are on the rise. Climbing temperatures pave the way for an increase in droughts, wildfires, floods and other weather emergencies. In 2021, United States natural disasters created more than $145 billion in economic damage, three times the amount originally estimated by the National Oceanic and Atmospheric Administration.

The Federal Emergency Management Association estimates that about 25 percent of businesses do not reopen after experiencing a weather-related disaster. Without a plan in place, one weather emergency leading to a power outage, flood or property damage may be all it takes to force a company or business to close its doors permanently.

To better protect businesses and their people, emergency preparedness experts from Rentokil North America and their family brands, Steritech and Ambius, shared three elements to incorporate into a weather-related hazard mitigation plan. Business owners and operators can use these tips to establish a plan and better protect their employees, customers and business.

Tip One: Prepare for Power Outages

Power outages can happen anytime, anywhere. A nearby accident can take out power lines resulting in a local outage. Heavy rain, high winds or extreme temperatures from severe storms can also lead to a regional or widespread outage. Business owners may not be able to prevent a power outage from happening, but planning ahead and incorporating step-by-step instructions for the business’s unique needs can help prevent the loss of temperature-controlled products.

Conduct an extensive walkthrough of the facility and make note of any temperature-controlled products or power-reliant vulnerabilities. Include clear instructions for handling these products in the case of a power outage and ensure resources are readily and easily available. 

Consider having a paper log on hand in order to manually monitor and document product and food temperatures as long as it is safe to remain in the building or if the power outage is confirmed to be brief. Avoid opening reach-in and walk-in cooler doors as much as possible to keep items cold. A freezer in good condition may maintain its temperature for up to 24 hours if unopened.

“When a power outage impacts temperature-controlled products, discard any foods that may have been in the cooling or warming process,” advised Paula Herald, Technical Consultant at Steritech. “Don’t take chances trying to cool down hot foods; discard in the interest of food safety.”

Tip Two: Address Air Quality Concerns

Flash floods and wildfires continue to sweep across the United States releasing toxins, bacteria, smoke and other harmful pathogens into the air. These contaminants infect the air and seep into floors, walls and furniture, linger long after the flood or fire subsides. Exposure to these pollutants can be highly dangerous to people and can lead to heart and lung problems, eye and skin irritation and a number of other health-related issues.

Do not enter a space that has been impacted by a flood or fire without first receiving approval from health and safety officials. Once the area is deemed safe to enter, assess all structural damage, look for signs of smoke damage or mold and dispose of anything that can not be washed, rinsed and disinfected such as furniture and carpet. Air decontamination units can be used to help remove any remaining airborne toxins, gases and pollutants.

“The increased frequency of natural disasters is having a significant impact on air quality,” said Matt Hayas, Director of Product and Innovation at Ambius. “Business owners can address indoor air quality concerns by investing in specialized air decontamination units designed to effectively remove 99.9999% of air pollutants before, during and after severe weather situations.”

Tip Three: Remove Destruction and Debris

Natural disasters can leave behind damaged roofs, broken windows, fallen trees and other destruction and debris. Structural damage and piled-up debris are not only safety hazards, they can also create the perfect harborage for rodents, insects, birds and other pests looking to build a new home.

Once the weather emergency has passed, it’s important to conduct an extensive walk-through of the property. Identify any open access points and move any fallen trees and debris as far away from the building as possible.

“A minimum distance of 25 feet is recommended to keep pests from entering the building,” said Nancy Troyano at Rentokil. “Rodents can fit through holes as small as one-fourth an inch so it’s critical to conduct a thorough inspection of the building, before and after a storm hits.”

Dealing with the aftermath of a weather-related disaster can be overwhelming and costly. A pre-established hazard mitigation plan can save businesses up to $13 dollars per $1 dollar invested (National Institute of Building Sciences). As climate change continues to advance, the threat of weather emergencies may soon be a reality for many across the country. Be proactive and establish a plan before a disaster strikes. Incorporate these tips into a crisis plan to better protect businesses, properties and the people they serve.

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending