Sometimes You Just Can’t Trust A Random Network

by David Cassel / Aug 15

At my last position, we worked with personal information that was protected by federal privacy laws, so there were very strict security policies for mobile devices. It wasn’t even possible to access the corporate network remotely unless the IT department had pre-installed a valid security token on the machine. (They joked that security was too important to leave it up to the individual users.) Personal laptops were forbidden, and the only machines allowed on the network were ones that had been built and issued by the IT department. Now they’re even using a Network Access Control system that scans the machine for the latest Windows patches and anti-virus updates — and blocks access until the machine is in compliance.

And I understand why. At my previous job, an IT worker drove 90 miles to visit our site and patch a security hole in the network. After a few hours reviewing every single machine, they eventually found the source of the problem — a single contractor’s laptop which hadn’t performed the last security upgrade. The lesson learned: if there’s a hole, someone will find it.

I’m working remotely at my current position, and we reached the same conclusion the hard way. We collaborate on an online magazine using a blogging platform that had a major security breach in May. We hadn’t performed the last upgrade, and somebody used the hole remotely to install an admin-level account — and then re-wrote our content with invisible links to bolster the pagerank of a spam site. Before we’d identified the problem, Google had dropped our pagerank a full two full two ranks, which I calculate cost us over 30,000 sites visits. It was embarrassing to realize that in this case we were the users who’d skipped the vital security upgrade.

Concerns about security ultimately led me to a hard and fast rule. Sometimes it’s tempting to log in from a cyber cafe or other businesses offering on-the-road internet access — but I just don’t trust them. A network security breach guarantees hours of headaches and stress, so I’m not taking any chances. I worked for a large national corporation, and I trusted the security of their network, even when accessing it remotely. And even now, collaborating on an online platform, I have faith that my internet service provider is running a secure network. But the local coffee shop up the street? Just because they’re online doesn’t mean they’re secure!

• Add Comment