Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

6/17/2020
02:00 PM
Dean Coclin
Dean Coclin
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

3 Things Wilderness Survival Can Teach Us About Email Security

It's a short hop from shows like 'Naked and Afraid' and 'Alone' to your email server and how you secure it

Predators are opportunists. This is true whether the predators are wild animals, like the lions, bears, and wolverines on survival reality TV shows like Naked and Afraid and Alone, or are cybercriminals using the novel coronavirus pandemic to attempt to pry data and money from people. Companies must protect data with remote email security as more employees work from home.

In both TV shows, people overcome incredible challenges. Naked and Afraid participants – typically one man and one woman at a time – attempt to stay for 21 days in the wild with no clothes and little more than a firestarter. Alone participants – separated from each other in the wild – build shelter, start fires, and forage and hunt for food to outlast the others and win $500,000.

Warding off predators in the wild is critical for the people featured on Naked and Afraid and Alone. The lessons learned from their in-the-wild protective measures can be applied to the corporate world and remote email security.

Lesson #1: Build a Shelter
In the jungles of South America, lean-tos are popular. In African countries, Naked and Afraid participants use tangled branches and other natural resources to build bomas. A boma is a traditional enclosure used to hold livestock or serve as a small dwelling. They're typically round, about 6 feet high and can be closed up at night. There, participants can feel protected from lions, hyenas and other nocturnal predators.

In Everything on 'Naked and Afraid' is Real – and I Lived It, Blair Braverman describes her experience on the show in South Africa and shares how there was no other option than for her and her partner to immediately build a boma.  

Just as shelters provide a home away from home for participants on adventure shows, a virtual private network (VPN) offers an office away from the office for remote employees. VPNs take the reassuring qualities of the company's private network – including its security, functionality, and management – and delivers them to the public network being used by the remote employee. 

VPN, which can be supplemented with digital certifications, protects a computer's information from cybercriminals who want to use it to access personal company data. Using a VPN is "one of the most essential precautions" to take for remote employees, including senior executives, according to Entrepreneur.

"When you're handling login information to company bank accounts, software accounts, or intellectual property, it's vital that you protect yourself," the article says. "Not to mention, it's essential that you protect your employees from hackers as well. You have records of them on your servers, after all, so it's vital that you secure that information appropriately."

Lesson #2: Put Up Barriers
In the wild, threats come from all sides. Participants of Naked and Afraid and Alone respond by putting up barriers of all kinds between themselves and threats. They cover themselves with mud to deter mosquitos. They use branches to elevate their beds above snakes and other potential dangers on the ground.

On Alone, some participants cook in a separate location from their shelter; "otherwise, curious animals will come nearby," according to Survival Skills Guide, adding that predators are looking for easy meals.  

Cybercriminals seek easy marks. Using Secure/Multipurpose Internet Mail Extensions (S/MIME) for email encryption makes it much more challenging for them to assess confidential data in employee emails. Keep in mind that if this protective email barrier is to work, both your company and regular recipients must have S/MIME. 

S/MIME, a standard for public-key encryption, prevents anyone other than the intended recipient from intercepting – or tampering with – email messages from the sender. Recipients know that the message received is the one that was sent.

Lesson #3: Set Up an Early Warning System
On the sixth season of Alone, participant Jordan Jonas successfully caught rabbits, fish, and a bull moose while in the Arctic chill of northern Canada, according to The Spokesman-Review. He stored the meat on a high platform he'd constructed outside his shelter. But after a wolverine stole some of his moose fat, he needed a warning system.

Jonas ran a cord from the platform to his shelter, with empty cans foraged from the shore strategically placed above his shelter's entrance. He reasoned that if a wolverine attempted to climb onto the platform and tripped the cord, the rattling of the cans would alert him. It worked and captured the wolverine before it could take any more of his food.

Cybercriminals can seem as ferocious and tenacious as a wolverine. COVID-19 phishing attacks increased by 600% during the first quarter of 2020, according to Forrester.

Domain-based Message Authentication, Reporting and Conformance (DMARC) acts as an early warning system to enhance remote email security. With DMARC, phishing emails are caught by the email provider of the recipient and quarantined or rejected before they show up in the recipients' Inboxes. IT can even receive notifications of any phishing email attempts by setting up alerts.

Consider this example of how DMARC works. A cybercriminal wants to steal your company's business credit card numbers so impersonates your HR manager in an email. That email says that the company needs to update its records so employees should confirm their business card numbers. Before this email reaches employees, DMARC alerts your IT department of the phishing attempt and notifies your company's email provider, which stops the email before it can confuse employees. 

As more employees work from home, keeping data safe from cybercriminals is more challenging. The number of phishing emails and malware threats have soared over the past couple of months. Borrowing strategies that have kept people safe from predators in the wild can keep the company protected from cyber-predators preying on remote employees and trying to snag company data.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register

Dean Coclin is the Senior Director of Business Development at DigiCert. Dean brings more than 30 years of business development and product management experience in software, security, and telecommunications to the company. In his role at DigiCert, he's responsible for ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25772
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...