Forgive me in advance if this in any way adds to the noise and not the signal surrounding COVID-19 (colloquially known as the coronavirus), but it would be hard to recap RSA 2020 without mentioning the backdrop that impacted the massive congregation with each passing day. The theme for this year’s RSA event was "Human Element" which turned out to be uncannily appropriate considering the always apparent risk of each otherwise innocuous attendee.
It is no coincidence that the cybersecurity community borrows terms from healthcare and other industries to draw analogies, such as referring to a computer as "infected" or calling particular malware a "virus" depending on behavior. Rather than propagate the FUD that can accompany these terms, let's instead draw some constructive parallels between these human elements and proper cyber-hygiene that were highlighted last week at RSA.
With announcements of some vendors taking preventative measures by not attending and flight cancellations from various regions, not to mention the changes afoot in light of the recent disinvestment of RSA by Dell, it was difficult to know what to expect for the overall attendance. But, if attendance did dip, it was impossible to tell from the buzz and activity both in the Moscone halls and the surrounding city streets. It all felt somewhere between business-as-usual and mild pandemonium—so no different from previous years.
Within 24 hours of my arrival in San Francisco, a state of emergency was declared by the city due to COVID-19. While this was merely a precautionary measure, it was accompanied by some simple steps for protection and I couldn't help but see their application past the Human Element.
Wash your hands - We all know that people are often the weakest link in any defense strategy, but there is no more valuable place to protect than our most vulnerable point. Cleaning surfaces and running air purifiers are great steps for maintaining a pristine environment, but will do little if we aren't practicing good hygiene in regards to the (human) endpoints, roaming in and around our network.
Limit Travel - We have already mentioned how the right secure remote access tools can facilitate maintaining productivity while working remotely, but this advice takes things a step further by focusing on the potential risks of subjecting yourself to new environments, and the risk to those environments when any new element is introduced. The best remote access tools not only facilitate secure connectivity, but achieve it with a healthy layer of separation that protects both parties.
Avoid Handshakes - While this does not mean "don't connect with people", it does suggest not being so casual about connecting directly without safeguards. Those safeguards should provide only protected and permitted connectivity and visibility into who and what is going on in your environment. By adopting a posture of protection rather than acceptance, we limit our exposure to a broad range of risks.
Much like doing business today in the modern technology landscape, attending RSA came with some risk. But by being aware and taking some basic precautions, it proved to be a worthwhile investment. While there are no guarantees of prevention, these are universal protective measures that anyone can take both in the Human Element and Beyond.