Slow Down to Shore Up Your Security


Posted on by Kacy Zurkus

Working from home has its perks, but working from home while home schooling little ones is, well, a recipe for disaster. In addition to the constant flood of emails that need my attention, I have a six- and eight-year-old who need help with their reading and math. I find myself saying (ad nauseum), “If you take your time and focus on what you’re doing, you won’t make as many mistakes.” It’s sage advice for everyone right now, and words that were echoed when I spoke with Bob Diachenko, Independent Cyber Security Consultant, Incident Response and Communications and Owner at SecurityDiscovery.com.

In trying to understand what security teams are currently dealing, I asked Diachenko what new security challenges stem from an increase in the remote workforce. “I’d say there are no new challenges—only old ones that have become more stressful.”  

We can all imagine (or perhaps some of us even are) the security engineer or developer who is working from home in a house filled with family members of all ages who are constantly distracting them. “Imagine the number of errors that can occur in this environment,” Diachenko said. “We are under a lot of stress. You can’t deny that. And we are working in a stressful environment. Inevitably, every human will make many more mistakes, even small ones, which can sometimes be the biggest.”

Take Zoom meetings, for example. As we’ve all come to learn, there are a number of Zoom links that can easily be found online. People forget the basic security settings, so those meetings become searchable.

“My team and I currently analyze a number of remote management tools and their readiness for increased workload. Almost half of those we’ve analyzed have medium-to-critical vulnerabilities ready to be exploited by malicious actors who seem to be taking advantage of the current situation,” Diachenko explained.

Additionally, he added that many protocols, such as remote synchronization (Rsync), are now heavily used, and the number of configuration errors made by human mistakes is growing exponentially, putting corporate and personal data at risk. “This relates to every aspect of cloud security. These aren’t new challenges. They are old challenges put into a stressful environment. As such, they are exponentially bigger than they were,” Diachenko said.

Now more than ever, we need to be cognizant of our cyber-hygiene, which Diachenko said ironically has a lot in common with the everyday hygiene we must follow these days.

“There should be a constant check up routine from organizations to see if an employee follows simple cyber-hygiene. Put a reminder in your calendar to check the perimeter for any exposures. Raise up a set of rules to check,” he said.

The main challenge right now is that security teams not only have to do their jobs in these environments, but they also have to guide ordinary workers through this new routine of working from home.

“A lot of ordinary workers, account managers, and non-related security personnel are facing the challenge of setting up their work in the home environment, and they need to be educated in the basic security steps to follow when they work from home. Having educated employees is the key to the security of the entire organization,” Diachenko said.

One basic step we can all take is to slow down. Being aware of the distractions around us serves as a good reminder to double- and triple-check for mistakes so that they don’t result in bigger problems. Here are some additional resources to help shore up your security with strong password protection, cloud system configuration and internal perimeter checkups.


Contributors
Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights Mobile & IoT Security

application security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs