Keeping the show notes short again this week. It was another crazy week at FRSecure and SecurityStudio. We make progress towards our mission each and every day, regardless of COVID-19. Our mission is to fix the broken information security industry, which can be summed up by this statement:
Information security isn’t about information or security as much as it is about people.
When we help people, we help our industry. After all, would anyone care about information security is nobody suffered when things go wrong?
We’ll keep on trucking! We’re grateful for the people who put their trust in us and our credibility.
Let’s just get to it, episode 78 show notes below…
SHOW NOTES – Episode 78
Date: Monday, May 1st, 2020
Episode 78 Topics
- Catching Up (as per usual)
- Working from home
- Listener Mail
- Wrapping Up – Shout outs
[Evan] Hey guys and gals. Welcome to the UNSECURITY Podcast. This is episode 78, the date is May 4th, 2020, and I’m Evan Francen. With me today is my co-host, Brad Nigh. Good morning Brad!
[Brad] It is a good morning and Brad’ll be in a good mood for sure. Let’s see how he responds.
[Evan] Another good show planned for today, but before we jump in, let’s catch up. It’s sort of our usual thing to do about this time.
Quick discussion about some of the cool things we’re doing.
[Evan] We’ve been talking a lot lately about working remote or working from home. This has been a hot topic for some time, but since the COVID-19 outbreak, this is one of the top trending topics in the information security world. Let’s discuss another take on this, more of a future looking strategic perspective.
Working from home
- What work from home looked like before COVID-19.
- What happened because of COVID-19.
- What the future looks like after COVID-19.
There are plenty of news articles about these topics and there’s no shortage of “expert” advice. Here’s just a few:
- Is Working From Home The Future Of Work? – https://www.forbes.com/sites/nextavenue/2020/04/10/is-working-from-home-the-future-of-work/#4260c2c846b1“An early-April 2020 MIT survey of 25,000 American workers found that 34% of those who’d been employed four weeks earlier said they’re currently working from home. Combined with the roughly 15% who said they’d been working from home pre-COVID-19, that means nearly half the U.S. workforce might now be remote workers.”
- “The Brookings Institution’s Katherine Guyot and Isabel V. Sawhill just wrote their take on remote work and COVID-19, calling the pandemic “among other things, a massive experiment in telecommuting.”
- ‘In a March survey of HR execs by the Gartner IT research firm, 76% said the top employee complaint during the pandemic has been “concerns from managers about the productivity or engagement of their teams when remote.”’
- “In 9 State of Remote Report, 19% of remote workers called loneliness their biggest struggle with working from home and 17% cited collaborating and/or communication.”
- Some May Work From Home Permanently After COVID-19: Gartner – https://www.crn.com/news/running-your-business/some-may-work-from-home-permanently-after-covid-19-gartner“Gartner last week released results from a March 30 survey of 317 CFOs and business finance leaders that found 74 percent of those surveyed expect at least 5 percent of their workforce who previously worked in company offices will become permanent work-from-home employees after the pandemic ends.”
- “According to Gartner, about 25 percent of those surveyed expect 10 percent of their employees will remain remote, 17 percent expect 20 percent will remain remote, 4 percent expect 50 percent will remain remote, and 2 percent expect over 50 percent of employees now working from home to permanently work from home after the pandemic subsides.”
- Working from home has a troubled history. Coronavirus is exposing its flaws again – https://www.theguardian.com/commentisfree/2020/apr/12/working-from-home-history-coronavirus-uk-lockdown“According to the Office for National Statistics, only 5% of the UK labour force worked mainly from home in 2019, but well over a quarter had some experience of home-working.”
- “With all but key workers confined to their homes, the virtual office is now the new norm – a development that could prove to have far-reaching consequences.”
- As working from home becomes more widespread, many say they don’t want to go back – https://www.cnbc.com/2020/04/24/as-working-from-home-becomes-more-widespread-many-say-they-dont-want-to-go-back.html“States of Play, a joint CNBC/Change Research survey of swing states, finds 42% of respondents nationwide saying they are working from home.”
- “Once the economy reopens, 24% say they’d like to work either entirely or more from home compared to how they worked before, while 55% plan to head back to the office.”
- “Some 60% report being either as productive or even more productive than they were working from the office.”
But what about information security?
- Security tips for working from home (WFH) – https://blog.malwarebytes.com/how-tos-2/2020/03/security-tips-for-working-from-home-wfh/
- Remote working safety and security – https://www.kaspersky.com/blog/remote-work-security/34258/
- Remote working: Security tips for working from home – https://www.zdnet.com/article/remote-working-security-tips-for-working-from-home/
- 8 Best Practices for Working Remotely – https://ci.security/resources/news/article/8-best-practices-for-working-remotely
A different approach – S2Me and S2Team
[Evan] In early 2019, SecurityStudio release its first version of S2Me. The S2Me was released (well ahead of COVID-19) to gauge people’s information security habits at home and S2Team was a way to share the results with an employer without violating privacy at home. Last week, SecurityStudio released version two of S2Me and I’d like to talk about all this.
- What is S2Me?
- What is S2Team?
- How do S2Me and S2Team work together?
- S2Me is a simple, personal information security risk analysis tool for use at home. S2Me helps people understand their risk related to security, privacy, and safety. Once these risks are understood, S2Me attempts to motivate people to build better information security habits at home.
- S2Team is a collection of S2Me aggregated results to help organizations understand their employees information security habits. Organizations use S2Team to develop better, more personal information security training programs.
- A couple of quotes from the “Introduction to S2Team and S2Me Topic Descriptions” draft document:
- “The problem isn’t people. The problem is managing risk related to people.”
- “People are creatures of habit. People will occasionally deviate from their habits, but habits are their default. Habits create peoples’ baseline and become nearly (or in some cases completely) involuntary.”
- “People choose to form new habits because if they desire the positive outcome or because they fear a negative one.”
- A quick peek into S2Me.
- A quick peek into S2Team
[Evan] I think we’re on the right track, trying to help people build better information security habits at home where everyone ultimately benefits.
[Evan] A loyal listener, one who got a shout out from me last week, Jason Dance, sent us this article that I thought was interesting and worthy of a brief discussion; It’s Not Just Zoom. Google Meet, Microsoft Teams, and Webex Have Privacy Issues, Too. – https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex/
[Evan] Alright, now some newsy things quick.
[Evan] It’s easy to find interesting things to talk about in our industry! Here’s a few that caught my attention:
- Newly-discovered Android malware steals banking passwords and 2FA codes – https://www.tripwire.com/state-of-security/featured/newly-discovered-android-malware-steals-banking-passwords-2fa-codes/
- National Emergency as Trump Bans Foreign Power Grid Kit – https://www.infosecurity-magazine.com/news/national-emergency-trump-bans
- Fake Email Campaign Demanding Ransom in Cryptocurrency – https://www.ehackingnews.com/2020/05/fake-email-campaign-demanding-ransom-in.html
Consumers will opt for competitors after a single ransomware-related service disruption – https://www.helpnetsecurity.com/2020/05/04/ransomware-related-service-disruption/
Wrapping Up – Shout outs
[Evan] Wow. Lots of things. Well, episode 78 is almost in the can. Brad, got a shout out or two?
[Brad] Maybe he does, maybe he doesn’t…
[Evan] Here’s mine…
[Evan] Seriously, a huge thank you to our listeners! We love your encouragement and we don’t take your advice lightly. You’re all great! Keep the questions and feedback coming. Send things to us by email at firstname.lastname@example.org. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.
Have a great week!