Live Chat
Connect to a Tech
It’s not like there are songs on the radio or yard decor out celebrating it, but slowly, cybersecurity has seeded itself in people’s minds every October.
“It’s Cybersecurity Awareness Month, and I do think people are beginning to understand October is a time we shine a light on cybersecurity,” said Dorin Hemmelman, lead security adviser at Workplace by Direct.
“I’m glad people are starting to pay closer attention.”
Hemmelman and his team live the realities of cybersecurity – and resulting security breaches – every day, and the field is evolving fast.
“The big buzzword in our industry is AI,” he said. “Everybody is both excited and nervous about artificial intelligence.”
In the context of cybersecurity, AI represents the latest disruptor, Hemmelman said. In his career, he has seen businesses add computers at workstations, give access to the internet and provide smartphones to employees. All were considered major security challenges at the time – and the approach to tackling AI should be similar to what has worked in the past, he said.
“First, get an inventory of what your people are using. What AI platforms do they use or want to use,” he said. “Then, do due diligence on those platforms to understand the data you’re submitting to them. Do they keep it confined or contained so it doesn’t leak out to other people performing queries? And then develop policies – policy and procedure just like everything else. Train users on how to use it and what the risks are.”
With AI, some risks are obvious already, and others are still emerging.
Hemmelman cautions users to know what platforms they’re interacting with when using company data.
“There can be instances where you’re submitting sensitive data to these platforms not realizing it could be used in someone else’s query results, and next thing you know, we have a bad situation brewing,” Hemmelman said.
AI also presents significant threats from “deep fakes,” or AI-generated audio or video that could make an employee think, for example, that a supervisor authorized a money transfer when in fact it was a bad actor’s AI-generated impersonation.
“We’re already seeing it with email,” Hemmelman said.
“Everyone used to think a hacker was a young man sitting in a dimly lit basement using sophisticated coding skills. And now, you can be anyone in the world, and you just need to know how to prompt AI and you can launch a cyberattack, so our adversary pool rose exponentially because you don’t have to be a techie person anymore to be a hacker.”
That makes it all the more critical to partner with a cybersecurity firm that can help you stay ahead of bad actors, he said.
“My fear is if people don’t pay attention to this, they will get behind in terms of not only using AI productively but from a cybersecurity standpoint,” he said.
“Make sure you have someone who is on your side from a technical standpoint. There’s too many people who worry about it (only) when they need to worry about it,” Hemmelman said.
“That won’t cut it because the threats are growing at an exponential rate. The people who aren’t paying attention to this are the ones that will really get in trouble. If you’re working with someone who knows what’s going on, you’ll be in a way better place than trying to DIY your cybersecurity.”
Workplace by Direct will host a webinar on AI and its related risks at 10 a.m. Oct. 30. To sign up, visit here.
“Fortunately, we aren’t yet seeing locally some of the threats we know exist with AI,” Hemmelman said. “That makes it an ideal time for businesses to learn about the risks and how to mitigate them.”
In the meantime, his team sees plenty of other issues. Here’s an inside look at their top five recurring causes of security incidents.
Lost or stolen devices
Yes, laptops and phones are great and allow us to work from almost anywhere. The downside: They often hold sensitive data.
“When they go missing, it’s bad enough — but we’ve seen cases where the password was written on a sticky note attached to the device,” Hemmelman said.
“That’s like leaving the keys in the ignition of a parked car. If your device ever gets misplaced, the IT team is left cleaning up a mess that was completely preventable.”
Also important: Don’t forget to turn off someone’s email account when they leave your organization.
“That’s just another open door no one is paying attention to,” Hemmelman said.
Downloading ‘free’ software
We all love a bargain, but in cybersecurity, “free” usually comes with strings attached — and those strings often include malware.
“Skipping IT and installing your own software can result in system infections so severe that the only solution is to completely wipe and reload your machine,” Hemmelman said.
“The five minutes you ‘saved’ by not asking for help could turn into hours of downtime.”
Fake support phone calls
“Hi, this is Microsoft calling about your computer.” Sound familiar? Threat actors love pretending to be tech support. Once they get remote access, they install spyware, steal your data or worse. Real IT support won’t cold-call you, so if you get a suspicious call, hang up and contact our help desk directly.
Fake captchas
You’ve probably seen the “Click all the bicycles” or “Select the crosswalks” puzzles designed to prove you’re human.
“Hackers have taken this concept and twisted it into something dangerous — fake Captchas that ask you to run commands or install software,” Hemmelman said.
“If a Captcha ever wants you to do more than click a few squares, stop right there.”
Emails from trusted senders – who aren’t actually trusted
This is the most common — and most dangerous — attack the team sees at Workplace by Direct.
A co-worker’s account gets hacked, and suddenly you’re receiving an email that looks legit but isn’t. Maybe there’s an urgent request or a strange attachment.
“The natural instinct is to trust the sender, but in reality, it’s a threat actor using that trust against you,” Hemmelman said.
“If you get something unexpected, verify it another way — preferably in person or by phone. And no, replying to the email doesn’t count.”
To learn more
To learn more about how Workplace by Direct can keep your business and team cyber-secure, click the button below.
