fbpx

Work-from-home scenarios create a new level of cyber security risk

Is your business information secure? 

Now that many employees are out of the office and working from home cyber security takes on a new dimension with a workforce environment never before imagined.

“On the one hand it’s great we have all the technology and capability to do this, [because] no one planned for this,” said Daniel P. Lopresti, professor of computer science and engineering at Lehigh University in Bethlehem.

While IT professionals know the domain of the businesses they need to protect – the physical and cyber boundary around it, they and can take measures to make sure security is in place.

Remote access to data and information adds another layer of complexity to protecting sensitive information accessed outside of the workplace physical and cyber campus footprint.

 “We’re in a wild, wild west world right now,” Lopresti said.

Since quickly deploying a remote workforce employers need to plan and adjust for how the work-from-home landscape creates new challenges for IT professionals.

“This exposes tremendous potential for risk in the cyber realm,” Lopresti said.

According to the CPA Practice Advisor website “remote desktop protocol” or RDP hacks are up a whopping 330 percent since coronavirus shutdowns in March. Lopresti recommends minimizing that potential for data and information hacks by buying a new computer or having the employer buy or provide a work-dedicated device. 

Keep the company work on a separate laptop or computer from personal or children’s school activities, and be aware of the vulnerabilities exposed on video conference and virtual sharing platforms and applications such as Zoom Bombing. Zoom Bombing refers to unwanted and disruptive participation in Zoom calls by those not invited to the call.

The Zoom hack that leaked data from an estimated half million users, illustrated the weaknesses in the platform’s security, he said. 

Beyond use, passwords are a critical piece in protecting information, and not just on laptops, tablets or cell phones. Lopresti said change the default password, and make new passwords on home network and WiFi connections regularly to prevent security threats while working remotely.

“At home the user is responsible for the home network such as changing passwords regularly…because those can be compromised, too,” he said.

And powering devices down at the end of the work day is among the simplest solutions to foil hackers.  “Shut the computer down every night…that reduces the risk. A machine that is shut down can’t do any damage,” Lopresti said.

Know the risks

Education is among the most important tools in the cyber security kit, according to Sondra Lorino, president and owner of Parallel Edge, Inc., based in Philadelphia. With clients in the Lehigh Valley, she said educating clients about cyber security is paramount to protecting, their data regardless of whether the job takes place in the office, or in a remote home office set up.

“Especially right now employees are more vulnerable,” she said.

Whether a remote worker is sharing a computer with another family or household member or have “children running around,” remote employees need to be savvy about scams or emails while using their home equipment on company time. [An] employee is the main way hackers get into a system,” she said.

Which comes back to educating employees about their cyber security hygiene. Lorino said about 99 percent of security breaches happen – not because a hacker figured out the way in, but because an employee inadvertently shared access by providing information.

“They [employees] are the first line of defense,” she said.

Older equipment, along with outdated or older software versions for virus protection, ups the ante for security breaches. By replacing older equipment, updating software and making sure security patches are consistently loaded businesses can minimize the cyber risks to their data and information while employees are working remotely. 

Add in multi-factor software authentication – where layers of protection are in place and the security gets tighter around sensitive digital material.

“Multi-factor authentication on Office 365 and other apps that allow it, [means] if you do get hacked and someone gets your password for Office 365 or Google apps, they need the next level [advance],” Lorino said.

This kind of protection makes it harder for hackers to navigate and strike gold by successfully entering a system.

Secure Virtual Private Networks or VPNs are mainly used to access remote computers and have multi-factor or dual factor authentication, Lorino said. She stressed authenticating users with appropriate software or apps is a key to better cyber security from remote offices, or when accessing information or data on a server from remote locations.

While phishing and ransomware attacks are higher since coronavirus shutdowns, there are lots of ways to minimize the risk for remote workers and their employers.

Lorino expects more businesses will make use of Cloud services and software programs like Office 365, a subscription service offered by Microsoft where documents will be stored, and employees can share, access and collaborate on projects.

“Right now it’s pretty expensive to put a server or workstation [in the Cloud], but I think those prices will start coming down, and we’ll start to see more of that,” Lorino said.

Work in the cloud

Another option is to log into a workstation that is in the Cloud, while using monitors as a window into the workstation there. “It’s more secure for a remote workforce because you have more control over that environment,” she said.

Concerns about current antivirus software and regular backup maintenance – that may be unknown on a home or remote system setup – can be eliminated in the Cloud, where the employer has control over those elements. 

“I think more and more people will operate that way,” she said. “Its new technology and not a lot of people are using it yet.”

Because companies are seeing the value of hybrid and remote work options for their employees, Lopresti expects the work from home movement will continue well into a post Covid-19 world. 

“These safe and secure practices in home work environments have to become part of our everyday life, because [work] has changed forever,” Lopresti said.

Compressed schedules, remote work and grab-and-go meals are all ‘normal’ Fall 2020 college experiences

There are likely as many models for higher education in response to the Covid-19 pandemic this fall as there are colleges and universities across the country. In fact, in eastern and central Pennsylvania schools are offering classes entirely online, entirely on-campus and just about everything in between.

York College, for example, brought the majority of its approximately 4,000 students back to campus a little bit early this fall and plans to end the semester earlier than it typically would, with the students finishing classes and taking final exams remotely, according to Mary Dolheimer, chief communications and marketing officer.

“We compressed the fall semester,” she explains. “We removed any breaks. When they pack up for Thanksgiving they won’t be returning to campus. We wanted to get them through the semester with as few gaps as possible to reduce the chance that we would transition to remote due to a resurgence (of Covid-19).

”Harrisburg University, on the other hand, is operating remotely for the fall 2020 semester, which began on Aug. 31, and it is a transition for which the institution and its faculty were well-prepared, says University President Eric Darr.

“We have been delivering blended online to thousands and thousands of graduate students for a lot of years now,” Darr says. “The infrastructure is the same. The technology was there. The faculty was already educated on the platform. All the training and education had already been done and the investment in the technology had already been done. For us it was not too much of a change.” The biggest challenge in making the transition, he adds, was making sure the science courses for which the university is known would continue to meet their learning objectives in a virtual format.

The university will be bringing 12 senior biotechnology majors back to campus for a week in October for a required lab class that the faculty simply could not find an acceptable way for the students to complete remotely.

Bringing students back to York College safely required effort on several different fronts, Dolheimer says. For example, implementing social distancing in campus facilities meant moving furniture and marking furniture not to be used. Plus ventilation systems were checked and everything was cleaned top to bottom with approved cleaning agents. And, capacity has been greatly reduced in the dining hall, the library and common spaces, she says.

Classrooms were also equipped with microphones and cameras to enable remote learning for those students who were not able to return to campus due to documented medical issues.

“We’ve added outdoor seating to provide additional space,” she says. “We’ve closed the dining hall to most seating accommodations. We are offering more of a ‘grab-and-go’ option so you no longer have to go through the line and pick what you want.”

Bethlehem-based Lehigh University, which is offering both on-campus and remote classes this fall, also needed to take a look at its campus facilities to make things as safe as possible for returning students and faculty, according to Lehigh Provost and Vice President for Academic Affairs Nathan Urban.

In addition to spending the summer assessing the university’s physical spaces, Urban says, Lehigh put together many opportunities for faculty to get some additional training about best practices for remote instruction. “We wanted to make sure that faculty knew what had worked well in the spring and knew best practices from other universities and what our local experts could tell them as well, including experts from our College of Education,” he says.

Lehigh only offered on-campus housing to first-year students for the fall semester and allowed all students to choose between fully remote or on-campus learning. Those who opted for fully remote learning — even if living in nearby off-campus student housing — have no access to campus buildings other than the student health center.

This hybrid approach means that most Lehigh classes are being taught to students in a classroom on campus and students participating via remote learning simultaneously.

While no one has a crystal ball to help predict what the future will hold with respect to the pandemic, York College’s Dolheimer says the school has already altered its spring 2021 calendar with the safety of its students and faculty in mind.

“We’ll return to campus a little later than usual and be operating with a compressed schedule as well,” she says. “We’re not coming back until Feb. 1 and we usually return a week or two before that. Right now we have scheduled some holidays and breaks but that will be under consideration. We’ll see what it is like in the spring.”

Supply Chain Risk Index shows slight improvements, lingering concerns in Pa.

After a devastating collapse of the supply chain in many industries at the start of the COVID-19 pandemic, business leaders say they believe things are getting slightly better, but won’t be back to pre-COVID normal for quite some time.

Right now the supply chain is something everyone is keeping a close eye on.

“If it’s working no one knows what’s going on. When its stops working everyone is looking at it,” said Zach Zacharia, associate professor of Supply Chain Management and director of the Center for Supply Chain Research at Lehigh University in Bethlehem. “People who’ve never heard of the term supply chain are now paying attention to it.”

The Lehigh Center for Supply Chain Research has just released its Fourth Quarter Supply Chain Risk Index, which is down 2.5 points from the third quarter.

SOURCE/LEHIGH UNIVERSITY CENTER FOR SUPPLY CHAIN RESEARCH

“People are starting to see that the risk in some sectors is diminishing. Manufacturing is returning, demand is coming back. Some industries, like the ecommerce space is really taking off,” Zacharia said.

However, the average Lehigh Business Supply Chain Risk Management Index is 66.97 [on a scale of 1-100] suggesting a high level of risk in the 4th Quarter. Anything above 50 would be considered higher than average.

The biggest areas of risk concern on the index were Economic Risk, Supplier Risk, Operational Risk and Customer Risk, Zacharia said.

Economic Risk

The biggest concerns industry leaders have for their supply chain is economic risk, Zacharia said. Economic Risk was a 78.26 on the index.

Zacharia –

Issues such as labor shortages, commodity prices, government deficits, continued COVID-19 impact and demand remain concerns, but Zacharia noted that, while high, the Economic Risk index was down slightly from the third quarter.

“People see there’s still a huge economic risk, but it has gone down,” he said.

Some of the industry leaders surveyed for the index cited a concern over demand spikes, which necessitated purchasing additional product to augment the supply of products that they manufacture. He gave the example of Georgia-Pacific, a major supplier of toilet paper in the U.S. When COVID-19 hit, panic buying soaked up inventory in retail toilet paper, which is about 50% of the company’s market.

Meanwhile, commercial toilet paper demand, the other 50% of its business, all but disappeared. The company had to switch up its manufacturing to meet the demand for retail toilet paper, but changing manufacturing facilities to accommodate a different product line is costly.

There was a concern that the company would need to invest too much money to meet the changed demand, when they didn’t know if the unusual demand shift would blow over and the demand for their commercial line would return.

Supplier Risk

“Globalization is effective and it’s greatly improved our standard of living and lowered our costs,” Zacharia said.

However, by relying so much on suppliers from around the globe, and perhaps relying too strongly on certain individual markets, like China, risks were created in the supply chain. The Supplier Risk Index was 74.38.

Zacharia said many companies have been shifting away from lean inventory, keeping larger stocks of needed supplies and products onshore and have diversified their supply chain to avert any geographically centered shortages like they experienced with COVID-19. Still, he said, there are remaining problems.

“Some containers are still stranded,” he said.

Suppliers could not, in many cases, get products to retailers in time for the shopping season they were needed for. “The retailers are saying ‘you missed our season, what are we going to do with it now?’ But, the suppliers are saying ‘we want to get paid,” Zacharia said.

He said to look for a growing amount of litigation over supplies and goods that didn’t arrive on time.

Operational Risk

The Operational Risk Index was 60.00 “People are still waiting to see if there’s going to be another government handout,” Zacharia said.

An extension of enhanced unemployment payments, for example, could keep people out of the workforce. Zacharia noted that at one point the unemployment compensation was higher than some people were making at work discouraging them from returning to their jobs.

At the same time other government money from sources like the CARES Act, were a lifeline to keep many companies running and many industries – particularly those in hard hit areas like hospitality – are saying more help is needed to keep operational.

Homeschooling has been another factor that has affected companies.

“People didn’t realize what an important role schools had in the workforce,” Zacharia said. “It allows people to go into the office because they’re watching your children. If you have to take care of a child at home you’re not going to be as productive.”

Customer Risk

The Customer Risk Index is 70.66, fueled by a number of concerns over consumer and wholesale demand.

“What will the holidays look like? No one knows and this is the biggest risk to Q4,” said one respondent to the index survey.

Store closures are another major concern. So are COVID-19 related restrictions that may be keeping people from bricks and mortar stores, eating in restaurants or traveling. To adapt, many retailers are going to the customer. Ecommerce has skyrocketed, accelerating many of the plans many retailers were exploring to meet a changing demand.

Pricing is also a concern. Can retailers and suppliers sell products they promised at a certain agreed upon price when expenses, like transportation costs, have skyrocketed?

Unemployment also remains high, so there is a concern consumers won’t have money to spend.

Other factors

Other issues industry leaders cited as concerns on the Supply Chain Risk Index were cybersecurity related. With so many people working from home, there could be more gaps in security hackers could exploit.

The election has many concerned because it comes with it possible changes to tariffs and relations with China.

Transportation remains a risk, too. The truck driver shortage, which was a problem before the pandemic, continues to plague the trucking industry.

Air freight costs have gone up drastically, but that has benefited some in the airline industry. With passenger traffic down significantly, Zacharia said some carriers have taken the seats out of passenger planes and used them to ship cargo to take advantage of the income opportunities.

Productivity was a bright spot on the index.

Zacharia said most of those surveyed felt that the productivity of office employees working from home remained strong.

Any lost productivity was mostly in areas like manufacturing floors where safety and social distancing requirements impacted operations.

Looking ahead

While the fourth quarter Supply Chain Risk Index was down, Zacharia said those surveyed say risks remain significant and will remain for some time.

“Even my board thinks it’s going to be the second or third quarter of next year before we really start seeing any real recovery,” he said.

Early outreach, big dreams leading more students to study engineering

Engineering professor, Sara Atwood, works with a pair of engineering students at Elizabethtown College in Elizabethtown. PHOTO/SUBMITTED

Educators in the region’s colleges and universities say they are seeing a steady growth in students interested in majoring in engineering disciplines, and the ones coming into their programs are showing more knowledge and have more hands-on experience than in the past.

Most see two main factors for the trend: 

First is the availability of engineering jobs and the salaries. Second, the years of pushing the idea of engineering careers and other STEM fields to the young set are starting to pay off.

The current starting salary projection for Class of 2020 engineering graduates is $69,961 per year, according to the National Association of Colleges and Employers. Those salaries can be earned in a variety of fields.

In Pennsylvania, a number engineering disciplines are in demand.

The Workforce Development Board of the Greater Lehigh Valley named civil engineers, mechanical engineers and industrial engineers as some of the most in-demand engineering fields. Demand for skills in drafting, engineering and mapping technologies is also very strong.

At Elizabethtown College, which has a prominent engineering program in Lancaster County, engineering professor, Sara Atwood, said the growth in engineering interest has been significant.

“In the last 10 years we have definitely had a huge increase in engineering enrollment. We are essentially at capacity for our program,” Atwood said.

She said the engineering degree gives them skills they can use in engineering jobs or even in finance or law careers.

At Penn State Lehigh Valley in Schnecksville, which has a two-year engineering program, Tracey Carbonetto, a lecturer of mechanical engineering, said the majority of students on campus are in some sort of an engineering program. Mechanical, industrial, civil, aerospace and biomedical are among the top being studied, she said.

“There’s a lot of different directions an engineering career can take you,” she said. “And there’s a promise of a good job market. They’re not going to toil away for four years and then get out of school and they can’t find a job.”

At Lehigh University in Bethlehem, which has one of nation’s top engineering programs, it’s harder to quantify an increase in demand, said Greg Tonkay, associate dean for academic affairs in the engineering college. Demand to get into Lehigh’s engineering program is always strong, he said.

“We tend not to see large changes in enrollment in engineering because the school tries to balance its enrollment in different programs,” Tonkay said.

He did note that the incoming students are coming with a level of know-how, hands-on experience and enthusiasm that he wasn’t seeing 10 years ago.

He credits scholastic STEM Programs for letting younger students experiment with engineering technologies and create real-world projects that go beyond basic academic lectures.

“There was a time prior to the STEM push, where students had no experience working with their hands,” Tonkay said. “Society as a whole doesn’t fix as much anymore, so there’s no tinkering. STEM started a bunch of activities that are hands on so they can decide if it’s something they want to do or not. 

Atwood said such programs have helped to increase women enrollment. 

“We’ve seen that the effects of such programs have doubled the percent of women in engineering and more people are being exposed to it at an earlier age,” Atwood said. “10 years ago people came in here and didn’t really know what engineering meant.”

Karen Buck, manager of workforce initiatives for the Manufacturers Resource Center of the Lehigh Valley, said there are many academic programs being developed throughout the state of Pennsylvania to expose younger people to opportunities in engineering from actual lesson plans that focus on engineering subjects to extracurricular efforts.

She pointed to the “What’s so Cool About Manufacturing” contests, which sends eighth grade students into manufacturers to create videos about their operations, as a popular program that began in Lehigh and Northampton counties seven years ago and is debuting in Central Pennsylvania this year.

There is also a “Dream Team” of recent engineering grads that go into schools to talk to school students about engineering opportunities.

“This is good because they’re getting to talk to people a little closer to their age,” Buck said.

Carbonetto said bio-medical fields and green technology are also attracting students that hope to use their education to shape a better world.

“In the bio-medical file all of these possibilities are becoming feasible,” she said. “These students have the option to do something that may be remarkable. They can have an impact on the world when they’re 22-23 years old.”

A Conversation With: Aaron Barnes

(Photo: Submitted)

Aaron Barnes, 44, was recently promoted to vice president at Urban Engineers, providing construction support services from the firm’s Mechanicsburg office. He has been with Urban for 20 years, working on projects with the Pennsylvania Department of Transportation and the Pennsylvania Turnpike Commission, among others.

Barnes has a bachelor of science degree in civil engineering from Lehigh University and is a registered professional engineer (PE) in three states.

He lives in West Brunswick Township, Schuylkill County, with Becky, his wife of 15 years, and their 12-year-old sons, Logan and Wyatt.

Q: When working on a public project,  with the Pennsylvania Turnpike Commission, for example, how do you make sure the project is correct from a technical standpoint but stay mindful of the budget?

A: Our main focus is the time, quality and cost, so we’re always mindful of those things. We have a set of what we call contract documents, plans and specs that are specific to the job. Our responsibility on the construction end of things is to administer the contract, and that involves monitoring the cost, the schedule and the quality of work that’s being performed. We’re basically under the guidelines of the owner’s specifications.

When leading teams through complex construction assignments, what are the keys to keeping the project flowing through so many people with different perspectives and tasks?

One of our major roles in any complex project is getting the parties and stakeholders involved and getting their concerns and objectives on the table early. And the key to all that, really, is open communication. When you have a lot of different stakeholders and a lot of different things going on in the job, the best way to resolve anything is to bring people to the table so they can express their concerns. If they understand what the other party is thinking, it actually makes it much, much easier. We have found that  sometimes people are afraid to talk about things that may go against the grain, and we try to tell everyone, no matter what it is, we want to bring any problems or concerns to the table so we can head off any problems early.

What will you take from your time in the field to this new administrative role as vice president?

One of the things I love about my job is I interact with a wide range of people, a variety of agencies, every single day. I treat people that work for me way I expect to be treated, and that’s first and foremost with dignity and respect. With my role as vice president, I don’t think a whole lot has changed. I’m going to head up maybe some larger initiatives, but my approach will always be the same. Instead of texting or emails, I prefer a phone conversation or a face-to-face chat. I can detect tone, things like that that make my job easier. In any kind of public works, we’re building something for the public so the end goal is basically a facility, a bridge, or anything that can be used, so we need people’s feedback.

What is your favorite project that you have worked on?

The replacement of the Lehigh River and Pohopoco Creek bridges was unique in that it was a large job, a lot of different things on that job from the foundation right up to the structure. Some people might think, well, it’s just another bridge. It is, but that job was a complete redesign. The foundation plans changed, pier designs changed, the span lengths changed, our permitting changed. We were more or less doing a design build while we were going in the construction phase. Along with that we did what we call value engineering, which is basically an innovative way of doing something and it actually saves the project some money. It was a four-year job, and we actually came in under budget and on time. Seeing it through to completion, especially on time, was a big deal.

A Conversation With: Erik Hume

(Photo: Submitted) –

Q: What legislative and professional development initiatives will you be directing during your term as vice chair of the real property division for the PBA real property, probate and trust law section?

A: The real property division is part of a larger section of the PBA. That group is composed of lawyers who practice primarily in real estate law. I’m vice chair of the real property division, and that’s part of a larger leadership team for the section. I work with the section leadership on initiatives that come out through the year, but my focus is going to be more on the real estate side. This includes everything from monitoring and reviewing legislation that would affect real estate law, as well as educational and professional development opportunities for our members.

Q: With Saxton and Stump, you often lead complex real estate development projects. What are the keys to balancing all the pieces and making these projects successful?

A: A great team that puts forth a collaborative effort is needed for any complex transaction. When you get into something that’s difficult and complex, no one person can do everything. Throughout my career, I’ve been blessed with great colleagues. One of the things at Saxton and Stump is everyone brings a client-focused, can-do attitude; everyone rows in the same direction and we work hard to get deals over the finish line.

Q: Most of the areas in which you practice are closely tied together, but how did you get into corporate health care and life sciences and hospitality as well?

A: Saxton and Stump is a full-service law firm and one of the nice things about having a real estate law practice is pretty much every business, in one way or another, has a real estate need. Even in our digital economy, somebody, somewhere has to address real estate as part of their business. As we’ve expanded over the years, we’ve gone into practice areas that complement each other. As a result, in many of our corporate health care and life sciences transactions there could be a real estate component, where they need somebody to look at zoning or the transfer of a property, and the same goes for hospitality. Based on my experience practicing real estate law, I’m able to work with my colleagues in those areas, and at the same time learn what some of the issues and concerns are that regularly come up in those transactions.

Q: What’s your favorite kind of convenience-store fireworks?

A: Sparklers. Some of my happiest memories, be it from my childhood or with my children growing up, is twirling around with a sparkler on a warm summer night.

About Erik Hume

Erik Hume, 44, was recently elected vice chair of the real property division of the Pennsylvania Bar Association’s real property, probate and trust law section, where he will serve for the next year. He is a shareholder and chair of the real estate group at Saxton and Stump, and has more than 20 years of experience in law.

Hume earned a bachelor’s degree in government from Lehigh University and a law degree from the University of Pittsburgh School of Law. 

He lives in Hampden Township with his wife, Karen, and their children, 13-year-old Alex and 12-year-old Katie.