Cyber mischief makers know you’re teleworking and they’re trying to take advantage of it. Now, you might not still carry a blackberry device, but your email security may in fact still be protected by the company software. BlackBerry’s Vice President of Secure Communications David Wiseman joined Federal Drive with Tom Temin to share tips on maintaining good security.
Insight by Splunk: USDA, FDA and Army Futures Command will explore how agencies are using data as a tool in digital transformation and cybersecurity.
Tom Temin: Mr. Wiseman, good to have you on.
David Wiseman: Thank you, Tom.
Tom Temin: So what are the concerns now with so many people teleworking? And of course, email, I think remains the primary way that people communicate certainly in the federal government. What is going on and what can people do to prevent it?
David Wiseman: Unfortunately, right now, we’re seeing a big surge and all types of attacks. And these are typically by pretty sophisticated entities that have put systems in place and now they really started to ramp them up. So from a work-from-home perspective, kind of two things come into play. The first is, you know, it is a lot easier to target people on their home networks. But the second is with so many people working from home, the staffs typically aren’t in place back in the corporate data centers to provide the levels of monitoring and everything that you would want with this increased number of attacks. So there are definitely some things that our government employees can do personally to help protect themselves.
Tom Temin: Yes, that’s right. Because often to do emails, you do not need to log on to the VPN that you would have to do to do the other applications that your agency hosts, correct?
David Wiseman: That’s correct. You know, a lot of agencies have been able to set up by email where you can get it on a mobile device or even on your computer without a VPN connection. And that’s good for two reasons. One, it’s a lot more usable when you’re outside the office. And the second reason there is once you do open up a VPN, if it’s on a personal device, that’s a channel back into the enterprise, which becomes a high risk point.
Tom Temin: So the home networks, then, people have Comcast or they have Verizon or these things. What are the particular dangers with that? Because fishing can get you no matter what network you’re on.
David Wiseman: Oh, that’s right. Though phishing attacks can be even stronger on you at home, just because there aren’t as many security firewalls and systems in places as you would have at your office, you know, for protecting you from that type of attack. But I think one of the key things is as much as possible, use your your government email to do your business, use the government-issued equipment. And don’t slide into using your personal email accounts or your personal consumer messaging or cloud storage. That might be easy, particularly if you’re starting to work more remotely with contractors and other parties. But that just really expands the risk factor to you personally and to your agency.
Tom Temin: And just describe briefly the architecture by which the BlackBerry network which still runs even though people don’t have the devices, which by the way, still have the best keyboards ever. I don’t care what they say. No Apple keyboard even comes close.
David Wiseman: I still miss those, too, yeah.
Tom Temin: But how does that fit into the ecosystem nowadays?
David Wiseman: Yeah, what we do now today’s is we provide a container that’s on people’s Apple device or their Android device or their PC or their Mac. And that’s a secure container that gives them access to their email. And all of the network traffic and everything for that email runs through BlackBerry’s NOC, or Network Operation Center, where we’re doing continuous security, monitoring, monitoring for threats, and then making sure that the emails are continuing to move and not, you know, subject to denial of service attacks and things such as that. But that’s how, you know, without the VPN connections by using the BlackBerry containers and the BlackBerry network, federal employees are able to get their information on their government mobile devices. And we’re actually working a lot right now with a number of DoD agencies, how we could quickly start to make that available on bring-your-own devices. Because not all government employees have, you know, government-issued equipment. Now they’re having to work from home.
Tom Temin: We’re speaking with David Wiseman. He’s vice president of secure communications at BlackBerry So that’s one more reason to use only the federal government account to send things. But I guess if you have that container on your device, then that means you don’t have access to, say, your photos and other materials outside of the container, but also on the device, correct?
David Wiseman: Correct in the sense that it segregates that information. So in the container, you can have all of your government business, if that includes documents and photos that can be in there. But it’s separate from any personal documents, personal photos, you may have outside the container on the device. And that’s when you’re using a bring your own device. Obviously, if you’re using government-issued equipment, you should only have government materials on that.
Tom Temin: So what that means is if someone were to send you say, a JPEG that has malicious, something buried in it or a PDF, and you opened it on your device, you could not forward it using the government email, if the email is within that container?
David Wiseman: That’s correct. And then one of the other things we’re doing is providing an AI-based, smart anti-virus to actually protect from, you know, when those types of situations happen. Even zero day attacks where, you know, when someone does open a JPEG or some other attachment, we can basically instantly notice that there’s a problem and lock that particular document or that particular piece of software down. So that’s another technique that’s starting to be applied. This AI-based machine learning technology for protecting from those types of attacks.
Tom Temin: And that operates on the fly?
David Wiseman: That’s correct. It operates – a model has been built by looking at billions and billions of attacks, you know, over the last decade, and then it’s able to run independently on the device. So you know, even if it can’t be constantly updated, it can still protect you from brand new attack vectors.
Tom Temin: And what about agencies using Office 365 email or Google email? Now I know that the versions they use are not the same versions that consumers have. But does that complicate things when you’re on cloud email was as opposed to your own Exchange server?
David Wiseman: If you’re using the government cloud emails, they are very secure. And one of the things we do at BlackBerry is we provide connectivity between the BlackBerry containers and things such as Office 365. So from our perspective, it’s just another mail server, but we’re providing some special security in conjunction with Microsoft there. So that when you are working on things like Word files, or PowerPoints or Excels, you still can maintain the security of that through the whole process.
Tom Temin: All right, what else do people need to know?
David Wiseman: Yeah, I think the other thing is, one of the challenges is when people are working remotely for the first time, you know, how do you stay in touch with them and provide accurate information to all of your employees and get feedback on their situation? So that’s another area we’ve been helping the government agencies with is this kind of crisis communication. About 75% of the federal agencies were using BlackBerry systems to reach their employees, but then also account ability of how can people report back what their personal situation is? And how can they communicate between agencies? So the challenge here is with everyone being so distributed, you know, how do you know the information you’re getting is timely and accurate. And that’s what we’ve been working with a number of agencies on.
Tom Temin: And has the phishing situation – which I guess relates to that because you need to know that the email you got as who you who it’s from, you think it’s from – is that on the increase also now?
David Wiseman: Yeah, we’ve seen a big increase in the attacks of phishing, identity spoofing, which you just mentioned there is a big one. That comes in beyond just emails. We see that a lot now on mobile phones, people experience that at home all the time, where you get a caller ID that looks like someone you know, but it isn’t. Those attacks are ramping up. And then also identity spoofing on consumer messaging systems that you’re chatting with someone. I think it’s my colleague, but it’s not really and so big surges and all those types of attacks.
Tom Temin: Yeah, so what’s your best advice? For the people, say that would normally be monitoring from a location in the federal agency that are doing it remotely? What’s your best advice for them right now?
David Wiseman: Yeah, I’d say four things come to mind. One we mentioned is you know, if you have the government issued hardware, use it. If you have to use your personal equipment, if possible, dedicate just one device just for work, keep it off, you know, what you’re doing from your personal life. That’ll minimize the attack vector. Putting some of the new AI-based antivirus technology on that equipment, personal equipment. And then the other is don’t mix your work and your personal communications in the same channels. And what that means is if you don’t have access to your government email, don’t just use your regular personal email. Set up a, you know, Gmail or Outlook account or something and just dedicated for use for that work business. And the same thing in terms of any type of a messaging technology, because that’s going to protect you because there’s a closer visibility on the information that’s flowing in that account. And it’s gonna also help you from making any accidental mistakes in terms of you know, forwarding people incorrect emails.
Tom Temin: David Wiseman is vice president of secure communications at BlackBerry. Thanks so much for joining me.
David Wiseman: Thank you.
Tom Temin: We’ll post this interview at www.FederalNewsNetwork.com/FederalDrive. Hear the Federal Drive on your schedule. Subscribe at Apple Podcasts or Podcastone. Stay up to date on your agency’s latest responses to coronavirus. Visit our special resource page at www.FederalNewsNetwork.com