[BreachExchange] 3 Things Wilderness Survival Can Teach Us About Email Security

Destry Winant destry at riskbasedsecurity.com
Fri Jun 19 10:22:19 EDT 2020


It's a short hop from shows like 'Naked and Afraid' and 'Alone' to
your email server and how you secure it

Predators are opportunists. This is true whether the predators are
wild animals, like the lions, bears, and wolverines on survival
reality TV shows like Naked and Afraid and Alone, or are
cybercriminals using the novel coronavirus pandemic to attempt to pry
data and money from people. Companies must protect data with remote
email security as more employees work from home.

In both TV shows, people overcome incredible challenges. Naked and
Afraid participants – typically one man and one woman at a time –
attempt to stay for 21 days in the wild with no clothes and little
more than a firestarter. Alone participants – separated from each
other in the wild – build shelter, start fires, and forage and hunt
for food to outlast the others and win $500,000.

Warding off predators in the wild is critical for the people featured
on Naked and Afraid and Alone. The lessons learned from their
in-the-wild protective measures can be applied to the corporate world
and remote email security.

Lesson #1: Build a Shelter
In the jungles of South America, lean-tos are popular. In African
countries, Naked and Afraid participants use tangled branches and
other natural resources to build bomas. A boma is a traditional
enclosure used to hold livestock or serve as a small dwelling. They're
typically round, about 6 feet high and can be closed up at night.
There, participants can feel protected from lions, hyenas and other
nocturnal predators.

In Everything on 'Naked and Afraid' is Real – and I Lived It, Blair
Braverman describes her experience on the show in South Africa and
shares how there was no other option than for her and her partner to
immediately build a boma.

Just as shelters provide a home away from home for participants on
adventure shows, a virtual private network (VPN) offers an office away
from the office for remote employees. VPNs take the reassuring
qualities of the company's private network – including its security,
functionality, and management – and delivers them to the public
network being used by the remote employee.

VPN, which can be supplemented with digital certifications, protects a
computer's information from cybercriminals who want to use it to
access personal company data. Using a VPN is "one of the most
essential precautions" to take for remote employees, including senior
executives, according to Entrepreneur.

"When you're handling login information to company bank accounts,
software accounts, or intellectual property, it's vital that you
protect yourself," the article says. "Not to mention, it's essential
that you protect your employees from hackers as well. You have records
of them on your servers, after all, so it's vital that you secure that
information appropriately."

Lesson #2: Put Up Barriers
In the wild, threats come from all sides. Participants of Naked and
Afraid and Alone respond by putting up barriers of all kinds between
themselves and threats. They cover themselves with mud to deter
mosquitos. They use branches to elevate their beds above snakes and
other potential dangers on the ground.

On Alone, some participants cook in a separate location from their
shelter; "otherwise, curious animals will come nearby," according to
Survival Skills Guide, adding that predators are looking for easy

Cybercriminals seek easy marks. Using Secure/Multipurpose Internet
Mail Extensions (S/MIME) for email encryption makes it much more
challenging for them to assess confidential data in employee emails.
Keep in mind that if this protective email barrier is to work, both
your company and regular recipients must have S/MIME.

S/MIME, a standard for public-key encryption, prevents anyone other
than the intended recipient from intercepting – or tampering with –
email messages from the sender. Recipients know that the message
received is the one that was sent.

Lesson #3: Set Up an Early Warning System
On the sixth season of Alone, participant Jordan Jonas successfully
caught rabbits, fish, and a bull moose while in the Arctic chill of
northern Canada, according to The Spokesman-Review. He stored the meat
on a high platform he'd constructed outside his shelter. But after a
wolverine stole some of his moose fat, he needed a warning system.

Jonas ran a cord from the platform to his shelter, with empty cans
foraged from the shore strategically placed above his shelter's
entrance. He reasoned that if a wolverine attempted to climb onto the
platform and tripped the cord, the rattling of the cans would alert
him. It worked and captured the wolverine before it could take any
more of his food.

Cybercriminals can seem as ferocious and tenacious as a wolverine.
COVID-19 phishing attacks increased by 600% during the first quarter
of 2020, according to Forrester.

Domain-based Message Authentication, Reporting and Conformance (DMARC)
acts as an early warning system to enhance remote email security. With
DMARC, phishing emails are caught by the email provider of the
recipient and quarantined or rejected before they show up in the
recipients' Inboxes. IT can even receive notifications of any phishing
email attempts by setting up alerts.

Consider this example of how DMARC works. A cybercriminal wants to
steal your company's business credit card numbers so impersonates your
HR manager in an email. That email says that the company needs to
update its records so employees should confirm their business card
numbers. Before this email reaches employees, DMARC alerts your IT
department of the phishing attempt and notifies your company's email
provider, which stops the email before it can confuse employees.

As more employees work from home, keeping data safe from
cybercriminals is more challenging. The number of phishing emails and
malware threats have soared over the past couple of months. Borrowing
strategies that have kept people safe from predators in the wild can
keep the company protected from cyber-predators preying on remote
employees and trying to snag company data.

More information about the BreachExchange mailing list