The week before we got the Stay-at-Home orders, I was in a tech leadership meeting where the topic of Work-from-home was top of the list. The roundtable question was “Are we ready for Work-from-Home?” and while the consensus was that the tech mature enough to let everyone go home, our business processes just weren't ready but that this Covid thing might just give companies the push to try it out.
Well, yeah. That happened.
Now that we're a couple months into this accidental social experiment, we've learned a lot. Zoom has been in the news for massive privacy flaws, we hear the success and horror stories of remote working, and we're even seeing the late night comedians find their new normal without a live audience. (I'm not talking to you John Oliver. You've always presented with a sense of embarrassment that there were people in the room with you. Stay at home was made for you.)
IT teams scrambled, and now we have a happy, productive workforce buzzing away in home offices, kitchen tables, sofas and wherever else we can find to work... All seems well, all is working, only...
When we all created social distance to limit the surface that Covid-19 could spread, we created a new surface that hackers, bots, and other bad actors can slip into our bank accounts, medical systems, and other places we don't want them to be.
The problem is this: when you go to an office and use a computer that is managed by that office, on a network that is managed by that office, connecting only to other systems managed by that office.
Only now, people are using their personal laptops which may, or may not, have sufficient virus and malware detection. Instead of one network, everyone is using their home networks. Instead of having to get into a single, highly fortified facility, you just have to wander the neighborhood looking for someone with their guard down.
And then there's the tech support issue. We know that social engineering, or phishing, is the most common way security is breached. Not only are there more opportunities to hijack the computer or the network, but with confusion, constantly changing advice and new working rules every day, the opportunity for someone to sneak in and take advantage of the chaos is even greater.
What can you do?
Well as always, it starts with the individual – honestly we like to talk about strong Identity Access Management, and security, but the reality is that the attack surface hasn't just increased because there are more networks and computers involved, it's because there are more people who have to be responsible.
Yes, there are things the Enterprise needs to do to improve identity and enforcement, and we talk about those things all the time. But to be honest, there's a data war going on, and it's about to get a lot more intense and we all need to do our part.
Be safe. Be Vigilant.