Cyberinsurance Law Blog

Had my mother previewed this post, she would have cautioned me not to give myself a kenahorah (ken-a-ho-rah).  That’s a yiddish term.  It means doing or saying something to tempt evil, to invite bad things to come your way.  The title of this post, in light of what may or may not be warranted mass hysteria, would seem to flirt with something that, to be on the safe side, should not be flirted with.  Alas, like the names of my children, Bubby does not get a preview of my blogs.  She sees them after they are posted, just like you.  So, at the risk of a kenahorah…

My office is still open.  Will that be the case tomorrow?  Or the next day?  Unclear.  The NBA just suspended the entire season.  Schools are closing.  New Rochelle, New York has created a one-mile quarantine zone.  Anything is possible.  We are officially freaking out.

Many companies are either going remote or are preparing to do so.  But the fortunate employees who can do their jobs from home are more likely than those who cannot to access or process sensitive electronic data.  Think about it.  Many professionals are going this route.  Even manufacturing or other industrial processes that have become largely automated are probably able to control some or all of their operations remotely.  Because the volume of remote work is increasing, so too are the opportunities for cyber crime.  Here’s three simple, easily implementable tips to improve security as we all voluntarily quarantine ourselves in what I truly hope will prove to have been an unnecessary panic.  I’m just not sure at this point.  The tips…

Avoid public networks.  I’m not sure I understand why someone would work from home to stay healthy, and then head to a Starbucks to work, but people do inexplicable things every day.  If you are going to work remotely from any kind of public place, don’t use their wireless networks.  Public networks are like the public drinking fountains of the internet.  The opportunities for mischief abound.  Now would be the time to invest in a hot spot, even if you’re working from what you think is a not-hot spot.  Did that joke play?  PS – buy some bottled water.  It’s not like the stuff goes bad.

Secure your home network.  Just avoiding the ‘Bucks doesn’t mean that you are working securely.  Your home network has to be password protected.  Your password has to be complicated.  Upper  case.  Lower Case.  Numbers.  Maybe a #@$ for good measure.  For more tips on improving cyber security at home, check this out.

Verify.  Then Verify.  Then do it again.  People are well-aware of social engineering and business e-mail compromise scams at this point.  That’s when a criminal hacks into your network or simply sends an fake email that mimics the email address of a coworker and tells you to do something that your company really doesn’t want you to do.  Like send a million dollars to a bank account that does not, in fact, belong to one of your vendors.  Many businesses refuse to provide or accept wire instructions by email at this point.  Those that do often require telephonic verification using a known phone number, not one provided in the same email as the wire instructions.  Duh.  Preferably, you are confirming with someone that you actually know or have at least spoken to previously.  With more remote work, there will be less face-to-face interaction even on mundane matters.  You should scrutinize any work-related instructions that you receive via email.  Eyeball that email address closely to see whether there’s even a small difference from what you would expect the legitimate address to look like.  Hover over the sender in the “from” line to see the expanded address.  Call and confirm.  Update your company’s cell and home phone lists, and talk about this process before the mass exodus.  If we’re going to go an extended period of time without actually seeing each other, developing greater telephonic connectivity is key.  For those of you under the age of 35, texting does not count.

Here’s a final bonus tip for employers.  Check your cyber coverage.  Make sure remote work and personal devices are covered, whether company issued or not.  It’s also a good time to confirm that your security practices match your insurance requirements as to, for example, encryption, dual authentication or password protecting personal devices.  In a world of endless emails, attachments and – for better or worse – increasingly impersonal interactions, things are set to become even more virtual.  You’re taking steps to protect the health of your family.  I commend you for it.  Protect your data as well.  And don’t, under any circumstances, give yourself a kenahorah.

Read more of Jordan’s blogs at https://www.databreachninja.com/