Remote Control: Security challenges of working from home and how to tame them
Or, what the Coronavirus pandemic can teach us about other threats to our security – especially when working from home
Ok, I think we can all agree: 2020, in summary, was a pretty dire year.
At the start of the year, there were inklings of a new infection but no-one was really talking about epidemics or pandemics or working from home. We’d been here before several times in the last few decades: H1N1 ‘Swine Flu’, SARS, H5N1 ‘Bird Flu’, MERS, Ebola … They’d all posed a threat. They were horrific for some. But they’d been largely contained and in each case most of the world just had a mild scare. Birds might not agree with me about the containment of Bird Flu – it still kills millions of them every year. Apologies to any birds reading this.
It won’t happen to me
Maybe the near-misses made us complacent? Most humans do exhibit a cognitive condition called optimism bias: a tendency to believe that bad things won’t happen to them. It’s an evolutionary advantage that enables us to take risks. You’re not going to get far crossing that ocean on a rickety raft if you’re paralysed by the fear of drowning or giant sea monsters. Even though both eventualities are likely. But we convince ourselves that that stuff only happens to other people. Like that last idiot who tried. And the sixteen before him.
On the upside, optimism bias makes some people take ridiculous risks. Without it, where would shows like You’ve Been Framed get the wince-worthy videos? Or the myriad YouTube channels dedicated to embarrassing and usually painful Fails? Every cloud.
Optimism Bias on the grand scale leaves whole societies open to all kinds of threats, as it makes us blasé about our vulnerability. We tend to under-prepare. When perceived threats arise, they pique our interest and alarm bells start ringing. After they are subdued, logic should tell us to continue with preparations, because the next threat could be the one that floors us. But optimism bias takes the urgency away from the situation and appetite for doing (and, crucially, funding) further work all but fizzles out. And preparedness is the casualty.
Fail to prepare …
The Covid-19 pandemic has highlighted huge strategic differences between countries across the world. Those that suffered most with the previous threats of SARS and MERS are largely those that have invested the most time and effort in recent years in the strategy for dealing with an epidemic. They are also the countries that would have modelled most carefully their response to a pandemic. Pure speculation here, but weren’t the populations and governments of those countries also the most likely to take the threat seriously from the start?
One lesson we can all take from our current situation is that erring on the side of caution is the best strategy for containing a new threat and stopping it becoming a major one.
The old normal
And therein lies a lesson for life in general. We prepare for threats to ourselves and to our security to some extent because in many cases it’s the norm. We lock the doors when we’re the last to leave our house or place of work. Chances are that’s the same place at the moment. We don’t eat rancid food. We wash our hands after going to the toilet. God, do we wash our hands. So much.
Even though we assume that we are in control of our lives and work, 2020-21 illustrates how circumstances can change very quickly. If you don’t prepare, you’re vulnerable. Vast numbers of us left the comfort of our nice, self-contained and carefully-controlled offices, with their neat LAN networks or WiFi security. And we found ourselves working from home, sitting in our pyjamas (not me obviously – three-piece suit every day) at the dining room table on our home broadband, with only our cursory knowledge of cybersecurity to protect us and our precious data from greedy digital demons.
You’re the problem
Suddenly, we became part of a problem most hadn’t anticipated. Working from home opens all kinds of opportunities for internet ne’er-do-wells, as we connect remotely to our company networks. Machines are outside of the company network on potentially insecure WiFi. It becomes difficult to control who is doing what, and to contain identified threats.
This is where services like WALLIX come in very handy. They were like the countries that had built a Test & Trace app a decade ago, that had had enough of a scare to take a new threat very seriously. WALLIX have comprehensive solutions for managing access to networks and control of the machines that connect to it. They were already helping companies to safely work with remote users and contain associated threats when the pandemic hit.
Long-distance relationships. They never work.
What are some of the threats we face when we’re far-flung from the office? Well, when we’re in our usual workplace, we restrict access to our machines to the people in the building. And you control access to the building to make sure that only employees or associates of the company are present. Do you know who’s using the machine connected to the company network when that machine isn’t in the office?
WALLIX Bastion addresses this by providing privileged account management (PAM). This is a way of ensuring that only those that need access to a resource have it. On top of that, it will manage users’ passwords, monitor their access and detect suspicious activity. It will instantly lock out anyone behaving abnormally.
Getting in with the wrong crowd
Machines outside of the office can connect to other networks and devices. Working from home means they’re much more vulnerable to threats from different hardware and software they wouldn’t usually encounter in the workplace.
You can use WALLIX BestSafe to keep control of what happens to connected machines, wherever they are. It prevents the installation of unwanted applications that could introduce threats to the machine’s integrity. Added to this, BestSafe quietly but efficiently monitors and fights malware to keep your business machines nice and clean.
(Good) practice makes perfect
Communication across companies to maintain processes and good practices for security is much more challenging when working remotely. IT departments have to manage machines they can’t get their hands on. They place a lot more responsibility on users that might not have a great level of technical knowledge.
WALLIX Trustelem looks after the essential processes of security housekeeping. It provides Identity as a Service (IDaaS) which helps to keep on top of who’s who in your organisation. This checks their identity before allowing access to applications and data. It also ensures that people regularly change passwords (and that those passwords meet a minimum security standard).
Do Your Best
So what’s your new motto? Be Prepared, like the Scouts. Well, it’s a bit late for that, as we’re in the midst of the whole pandemic situation. But you can still make changes by learning from those who were prepared. In terms of your business security when there are lots of people working from home (increasingly the norm), you can adopt new technologies like WALLIX to take back control.
Keep those rose-tinted specs trained on the future
And keep a healthy dose of optimism bias going. The end will come. The storm will abate. and we will emerge, blinking, into a new world. A little older (who hasn’t had a Lockdown Birthday yet?), a little wiser and, hopefully, a lot more appreciative of each other.
Stay safe and keep in touch.
If you’re interested in a free WALLIX demo to see how it could work for you, let us know.