My contempt for the COVID-19 hysteria is well known. I am convinced that individuals and government entities are grossly overreacting in the absence or ignorance of fact, and I am not convinced that we could not have accomplished the same result as we have for less than the roughly 9 trillion dollars it’s costing. Regardless of what we did, we did those things, and continue to do them. Those things have unintended consequences that are ongoing.
One thing that has struck me is the likely impact of national lockdown, working from home, homeschooling, etc. on security. The impacts range from the obvious cybersecurity issues to the less obvious – how safe is a workplace when no one’s there most of the time? Let’s ignore “32% unemployment and 47 or so million laid off or furloughed” and thus disgruntled unemployed who may have legacy access. I’m reminded of the line from Die Hard With a Vengeance: “It’s Christmas! You could steal City Hall!”
PSA: The videoconferencing program and app Zoom is not safe (hint: not just zoombombing). The FBI agrees with me. So do security agencies in the UK. … and Germany. … and India. … and Canada. … among others. Moving on…
With varying degrees of “lockdown” in most of the country, a lot of people are working from home, and even those people who aren’t working from home are still accessing work data – email, files, messaging – remotely. People are using the same cellphone they may have voluntarily infected with TikTok’s malware (or Zoom’s) to access your server. If you don’t provide your employee with a laptop (“BYOD” or “Bring Your Own Device”), what unsavory things might they be doing on the same machine they’re using to VPN into your system? [Notice no link on that sentence… use Google and your imagination you sicko]. Do your employees working from home even have antivirus and antimalware (half of all Americans don’t)? Your system has basically been connected to every system their computer has accessed. Enjoy that thought. Again, does anyone you laid off, anyone whose hours were cut, anyone on furlough still have access to your computer system? Why? Is that a good idea?
This is not an idle concern. Interpol is worried about cybercrime during this pandemic. The FBI has said cybercrime has “quadrupled.” Bad actors are even targeting hospitals in the middle of a life and death struggle. COVID may double the cost of cybercrime. Now is a really good time to look at your data security rules and protocols.
I distinguish general data security from document security in a few ways. Data security is the current hobgoblin used to scare CEOs and CTOs in bed at night, and implies malicious actors deliberately attempting to gain remote access to data. In addition, first, physical documents are still a factor and with mail being sent to homes, from homes, to locations with no one present most of the day, etc., theft of mail is a reality. Even postal inspectors have warned about it during the pandemic. Second, with people working from home loss of documents can occur through entirely innocent means – “reply all” is not always your friend. Sometimes people fat-finger an email address and send things to the wrong person or people. With entire offices on laptops, laptops get lost, they get stolen.
Not everything that needs to be sent needs to be sent right now, and a lot of things just don’t need to be sent. As with data security, it makes sense to consider office mail, email, and equipment security rules and protocols.
While we’re all on lockdown, our offices are empty. While deliveries are limited, our trucks are parked. Bluntly, no one is around to watch these places. The result has been a spate of burglaries of closed businesses, with burglary as much as doubling in some hard-hit communities and vehicle theft in some places climbing by as much as 28%. With no one in them, warehouses are targets, and trucks and trailers are as well – as a sign of the times sheriffs in North Carolina found almost 18,000 pounds of toilet paper were stolen along with the truck hauling it.
Physical security relates to data and document security. Physical access to a server makes it much easier to break into, or even to copy so that the duplicate can be parsed later. Physical access also means that any piece of accessible paper (particularly in plain view) is fair game.
While many tractor trailers on lots are empty, I’m waiting for the story where someone steals a truck solely to rob a warehouse – really hard to trace that. Two felonies, one felony, three felonies… after the first one, what’s the difference, really? For those trucks on the road, they get robbed too. Methods of physical security during a pandemic don’t really differ from those in less unusual times – we just need more. More key security, more camera monitoring, more GPS monitoring, more lot gating, etc. It’s worth considering things such as where keys are stored, where trucks are parked, and what policies are in place for physical security more generally.
With those cheery thoughts, I leave you to your never-ending search for toilet paper, hand sanitizer, and facemasks.
For more information on this article specifically, or more generally on how to deal with issues that arise from COVID 19, please contact Dov Szego (804-377-1263) at firstname.lastname@example.org, or Steve Setliff (804-377-1261) at email@example.com.