The COVID-19 pandemic has highlighted more than ever the importance of everyone’s access to broadband – for telework, online school and our social interactions which are now mostly remote and video-based. And while the Internet can be a powerful tool for us to advance our lives in positive ways, for some it is a way to wreak havoc on an individual or a company.
At the Fiber Broadband Association’s most recent live video series Fiber for Breakfast, two cybersecurity experts came together to discuss what everyone can do to ensure their information is safe. Doug Howland, senior director of systems products at Calix, and Alex Ryals, vice president of security solutions at Tech Data, discussed the importance of cybersecurity now more than ever, and why fiber is one of the most secure options around.
“Fiber can’t be ‘sniffed’ in the same way copper can,” Ryals said.
All networks—no matter how they receive their internet—are susceptible to security breaches. From successful phishing attempts to the interception of unencrypted data, hackers are finding increasingly creative ways to infiltrate someone’s network.
Companies use a variety of methods to secure their networks. Malware, VPNs and end point (?) security products all protect secured information being shared over a network. While it’s top of mind for IT professionals, Howland said it should be an important part of everyone’s lives—from the singular consumer inside their own home to companies operating over a large network.
“Everyone should wake up and think about security and how it relates to your day,” he said. “Training and awareness are a core pillar of what you need to do to set the culture of security and privacy.”
First, it’s important to understand what some of the security limitations are of each network type. Fiber is not immune to being tapped, but compared to satellite and fixed wireless connections it fairs better, Ryals said.
It can be difficult to run a VPN over satellite because of the latency involved, Ryals said. And for fixed wireless connections, information can be grabbed right out of the air if not encrypted properly. As for copper connections, information can be “sniffed;” or using the electromagnetic current from copper cable to piece together data coming off of it.
For fiber in particular, these outside interceptions are harder because of its construction. It’s difficult to break the glass and mirror traffic.
“With fiber, we don’t have that challenge because it’s light—there’s no leakage off the cable,” he said.
But hackers don’t always need physical access to the network to get in. Often hackers use schemes to get inside the network by targeting individuals. Phishing emails and ransomware—where a person or entity threaten to publish the victim’s data unless a fee is paid— are popular methods. Howland said that’s why it’s important for individuals and companies to ensure their physical network is secure and to make sure they’re being smart about the emails they’re opening and links they’re clicking on the internet.
“You should have a zero trust attitude—question everything,” he said. “If something doesn’t look right, report it. A strange email, strange behavior on your system—take this time to reinforce reporting strange activity even when you’re at home.”
Beyond evaluating potential phishing schemes, both Ryals and Howland said people and companies can enact simple things to strengthen security. IT departments should regularly be checking updated patches of open source and commercial software and hardware, require their employees to regularly change their passwords and think about putting different devices on different networks.
And lastly, it’s important to have a plan if (and when) things go wrong.
“You need to have a good process in place, an event response plan, when it happens, said Ryals. “You need to make sure you’re using good firewall technicians and that you’ve trained your teams that are monitoring the security aspects of your network to identify when these things happen.”
Companies should also emphasize that using company-issued equipment while working from home is important. Employees might try to circumvent security measures enacted by their company, but they open themselves—and their company—to possible hacks.
Both said if you’re concerned about cybersecurity, the best step to take is evaluating what systems are currently in place and identifying holes in that system. Howland recommended to companies looking to find their cybersecurity weaknesses to hire an “ethical hacker.”
“Once your systems are up, test them,” he said. “Go out and get [an ethical hacker] and see what they can do to your network in a safe environment and fix it. You need to make sure you have a baseline of performance.”
Join us next week for our Fiber for Breakfast live video series. The topic: Building out Fiber Networks to Rural Communities