A man’s home is his castle. Where information technology is concerned, however, a home is not exactly an impenetrable fortress.
For the men or women who recently began regular workdays at the coffee table or the breakfast nook, the home has become a place that can come under siege, anytime. Since the lockdowns related to COVID-19 began in March, hackers have found enticing new ways to break into business and institutional computing systems, leveraging the fact that their employees are working at home and might have weak security. That has created many a headache for employers.
‘A New Set of Challenges’
Many companies built their security infrastructures with the assumption that a majority of employees would be working from the office, said Jim Matteo, CEO of Bird Rock Systems in Sorrento Mesa. Then practically overnight, employees went remote. “That creates a new set of challenges,” said Matteo, whose company offers security among other IT services. It had $20 million in revenue last year.
“I think you do have an increase in cyber threats,” Matteo said.
Bad actors have all sorts of new vulnerabilities to exploit, including unlocked doors that can lead to big networks.
Eric Basu, CEO of Point Loma-based Sentek Global, said he knows of a very large enterprise computer system that was hacked by someone who got in via a home computer. It was not even a computer belonging to an employee. It was that of a vendor.
Devices connected to the home internet are one way hackers might break into a household’s network, and by extension, those of a homeowner’s employer. Such devices might be security cameras, baby monitors or toasters, said Tony Anscombe, chief security evangelist with ESET, an IT security software and services provider. ESET’S North American headquarters are downtown; the business has 200 local employees.
ESET has a product that scans a home network for security flaws, giving tips such as a router network needs its password changed, or firmware needs an update.
Technical improvements such as double-factor authentication and virtual private networks can be necessities, but experts suggest not skimping on the basics either. A person should “be smart about passwords” as well, said Ken Slaght. Passwords that a hacker can guess easily are trouble.
Slaght is president of the nonprofit Cyber Center of Excellence, which promotes the industry. Slaght capped off his military career in San Diego by commanding the Navy’s information technology and space organization, now known as NAVWAR.
At Home With Cybersecurity
San Diego is a cybersecurity hub. The region hosts more than 150 cybersecurity businesses. Its 8,450 cybersecurity jobs generate some $2.2 billion worth of economic impact, according to a report distributed by Slaght’s organization in 2019. NAVWAR accounts for 3,530 cybersecurity jobs locally.
The sudden need for companies to support a remote workforce could be a “good news, bad news” story, Slaght said. “The good news is this opens up more business opportunities” for entrepreneurs. Very large organizations have the support they need, but small- to medium-sized businesses have no staff to assist them.
“There’s a lot of opportunity for people with the right credentials to start their own companies,” Slaght said.
Cybersecurity might be an answer to the need for jobs in today’s economy, he added. “One trend doesn’t go away: we just need more talent,” Slaght said. The industry does not necessarily require coding skills or superior math skills. Community colleges are turning out talented workers, adding diversity to the workforce, he said.
No Time Like the Present
What lies ahead? It looks like more of the same.
“This is not going away,” said Anscombe. “Now is the time to put a good, strong remote access policy into place.”
Encryption, good endpoint security and strong authentication (also called two-factor authentication or multifactor authentication) are all necessary for people working remotely, he said. Apps such as Google Authenticator are better than authentication sent via text message, said sources consulted for this article. Hackers have ways to take over wireless phones to get access to text messages.
Every expert interviewed for this story spoke of the need for virtual private networks, or VPNs. The metaphor people use to describe VPNs is a tunnel: information goes in and prying eyes can’t see what is passing by.
As work has shifted to people’s homes, clients have seen the value and flexibility of cloud services, said Bird Rock’s Matteo. Those include cloud-based voice systems. When employees went remote, organizations with legacy PBX phone systems didn’t have the flexibility of those with cloud-based systems.
A New Normal
Matteo said he is hearing from a lot of companies whose staff went completely remote during the pandemic. Now that employees have a chance to return to their offices, many are electing to stay at home. As a result, employers are investing in long-term security and infrastructure changes.
Working from home might turn out to be one of the many aspects of the “new normal,” Anscombe said. He noted that Twitter made news recently when it told its employees they could work from home indefinitely.
“We could all end up on lockdown again,” he said.
Ideally, a person working from home will be able to access their work network seamlessly.
It takes security training and lots of time spent upfront, said Sentek Global’s Basu, but the effort pays dividends.
“Nothing happens seamlessly by accident.”