Securing Data With a Frenzied Remote Workforce–Podcast

The baby upchucks. The dog loudly informs you that she’s detected a budding squirrel armageddon. Your department’s Zoom meeting starts in four minutes. The Bank of Fezziwig texts: If you haven’t enabled online banking, click here.

What. Do. You. DO?!?

It doesn’t matter that you’ve been working remotely since circa P.P. – that’s Pre-Pandemic times. Now, your spouse is underfoot, your kids are bouncing off the walls of your quote-unquote office, you haven’t had coffee, and you’re pretty sure you don’t even have an account at B of F, so you better just click that link and get the thing off your phone and out of your face.

(Brought to you by SpecOps. Underwriters of Threatpost podcasts do not assert any editorial control over content.)

Wrong answer! You’ve been smished by an attacker who sent a malicious link via SMS.

Two years into the pandemic, remote work has become common, but securing data is just as tough as it’s always been. You don’t have to look far to see tales of human error leading to cyber malfeasance: The human factor is at the base of most cyberattacks, from the employees who fall for business email compromise (BEC) attacks to whoever forgot to shut down that no-longer-used VPN account that attackers used to launch the calamitous Colonial Pipeline ransomware attack.

Mark Loveless is a staff security researcher at GitLab, maker of the web-based Git repository. He’s an expert at securing data when you’ve got a remote, oftentimes frantically distracted workforce. After all, as GitLab puts it, it’s “one of the world’s largest all-remote companies,” with over 1,500 team members located in more than 65 countries around the world.

Mark visited the Threatpost podcast to give us an update on the world of remote work and to answer this question: Where are we now with data protection?

Caution: If you’re playing a drinking game based on how many times he’ll say “Zero Trust,” stock the liquor cabinet before listening. Mark also cautioned that the dog might see a squirrel during our interview. It happens.

You can download the podcast below or listen here. For more podcasts, check out Threatpost’s podcast site.

Register Today for Log4j Exploit: Lessons Learned and Risk Reduction Best Practices – a LIVEThreatpost eventsked for Thurs., March 10 at 2PM ET. Join Sonatype codeexpert Justin Young as he helps you sharpen code-hunting skills to reduce attacker dwell time. Learn why Log4j is still dangerous and how SBOMs fit into software supply-chain security. Register Now for this one-time FREE event, Sponsored by Sonatype.