By Patrick Connelly, originally published in Buffalo Law Journal, Buffalo Business First on Oct 1, 2020, 6:00am EDT.

Remote work setups leave business networks more vulnerable to cybersecurity threats

Ikram Massabini and his Buffalo-based company MVP Network Consulting take an interesting first step when they assist businesses with cybersecurity needs.

“We actually try to hack the network,” he said. “We try to find the vulnerabilities in their firewall and systems.”

October is National Cybersecurity Awareness Month, an initiative organized by the federal government’s National Cybersecurity Alliance that encourages people to be smart as they use the internet.

Massabini, who came to IT by way of engineering, said no network can ever be 100% safe, but MVP follows best practices to make digital systems as secure as possible. The company also helps businesses comply with regulations that aim to ensure data privacy, such New York’s SHIELD Act and the federal Health Insurance Portability and Accountability Act.

MVP also examines the issues that could be caused by an internal threat, such as when an employee clicks on a malicious link, he said.

“We put ourselves in those shoes and see how much damage a person can do once a threat gets in,” he said.

MVP has 68 employees in Buffalo, most of whom work with companies on cybersecurity. Having some of its own employees work remotely early in the pandemic helped the company to identify threats of which businesses need to be wary.

“Your home computer, router and firewall are not as secure as your office network is,” Massabini said. “But all of a sudden we were asking everybody’s home to be part of the office network. We spent a lot of time not only scanning office networks, but also making sure that people who were signing onto the network were coming in securely and were able to function from home just like they do at the office.”

Increased vigilance by employees operating from home is key, along with continuous review of the precautions in place, said Anna Mercado Clark, partner, Phillips Lytle LLP.

“Now that companies have passed that point where they were scrambling to get their workforce the equipment that they need, it’s important to go back and see if the security settings and software are up to date,” she said.

Clark and others at the firm provide guidance on training procedures that are tailored for remote employees. They also work with companies on data recovery and incident response plans that would be followed if a breach happens.

“The breaches that we are seeing are of data that companies hold in connection with their day-to-day operations, but their employees are also becoming victims of data breaches at other organizations,” Clark said. “There’s a lot of concern there because, if their credentials are compromised in other settings, that could have implications on their business.”

Rod Davis, property management specialist at Buffalo Niagara Realty Group Properties, has noticed hackers using fictitious web listings for rental properties to trick people into wiring money. In one instance, he said a listing for a property he rents was spoofed on Craigslist. A woman communicated with the lister and sent money for an application fee. She was approved by the lister and called Davis to see when she could pick up the keys.

“She explained the whole situation to us,” Davis said. “She called the police and I filed a complaint with the FBI, but this is something people have to be aware of. The hacker took the information from our listing and basically said that you could rent the property from him.”

Massabini said it’s crucial that people are careful what they click on, particularly as scammers want to take advantage of the pandemic.

“People are hungry for information right now,” Massabini said. “We are seeing phishing emails being sent at a very high rate where people are being asked to click on a link that can give a hacker access to their machine. If a hacker does get access to one machine, we don’t want them to be able to jump to other computers. We want to have internal security that blocks them from that.”