In recognition of cybersecurity awareness month Bryley President Garin Livingstone was invited to speak with Hank Stoltz on the Worcester Chamber’s WCRN radio program Voice of Business.

When asked about keeping up with the changing threat landscape, Garin said, “The [Bryley Tier 1] Checklist is ever-evolving. We created it … a few years ago to make sure we had all our ducks in a row, and maybe we had six, seven, eight points. Now, it’s almost three pages long with everything that we recommend for people for best practices. [The Checklist has] to keep up with the technology and the automation, the tools and the news, [for example] zero-day vulnerabilities” which are publicly disclosed, high-severity vulnerabilities most of which have yet to be patched by the developer.

About risks of remote and hybrid work Garin offered, “the way you can think about it is when everybody was in the office, they were actually already protected by certain pieces of hardware that were in place, such as a firewall or physical web-filtering. So when you were in the building, you were protected by those things. [In the building] you can also turn around and ask … ‘I got this email. That’s weird. Did you get the same one?’ ‘Yeah, I got that. It’s spam. Delete it.’ When you’re working from home you’re a little more segregated from everybody and you’re not behind those pieces of hardware.

“So [in the pandemic] one of the first things we needed to require was if somebody’s bringing their own personal device in, to make sure they got every [needed security feature, like Virtual Private Network {VPN} and antivirus] loaded on that computer so that they were just as secure when out of the office as they were in the office.”

And when asked to provide security advice that someone could apply today, Garin said, “my top-tier advice for absolutely everyone … is if there’s two-factor authentication for it, enable it. That’s going to help cut off so much of the attack surface because now you have a token, which is either a thumb-drive or your cell phone with an app on it or SMS and emailed codes [which are] less secure, but still acceptable. Because if somebody else tries to log-in and you don’t have that [second] factor authentication, they’re going to have an easier time just cracking your password and being able to just get right in, as opposed to the checks and balances that that token provides.”