ReEngineering the Engineer: Security 101: COVID, a New Level of Growing Pain
Life was seemingly simple when I started engineering. We printed out a large floor plan from the architect and drew the floor framing on tracing paper. Then we designed one beam after another, writing the reactions on the plan, then the girders, then on to the columns and carrying the reactions down to the foundation.
Difficult? Not really. Tedious? Absolutely. Reflecting on that process, all I needed was a calculator, the composite beam design guide to interpolate designs for the beams and girders, the steel manual for the column designs, and some quiet time to focus.
Years later, we discovered software that virtually eliminated the tedious part of our steel floor framing design. Model some members, enter some loads, press a button, and presto: all the beams and columns are designed in seconds. As revolutionary as that was, it was just an internal process for our office. It simply helped us do our work faster and more efficiently.
Of course, the efficiency improvement was infectious, so we started buying more computers. They all needed to talk together, so the office put in a network and connected everyone. But this was all happening just in our office.
In the 1990s, the internet made its way into our lives and connected our office to the outside world for the first time. It’s still our internal office environment, but now it’s protected like a fort with a firewall around it. Fast forward to BIM, and now we’re sharing data externally all types of ways. We work in our protected fort, but we have these secure pathways that allow us to safely share information with the world: BIM360, DropBox, Box, sharefile, etc.
Enter the COVID pandemic …
All at once, most of us now are working outside the protected fort. The fort is still safe, but getting access to it from the outside isn’t so simple—or secure—anymore. We’re using not-so-secure home networks and not-so-secure home computers. As an owner, you quickly realize there now are many potential holes in the armor. The security dilemma just gets piled onto all the other anxiety from this year: the pandemic, workload concerns, racial tensions, the election, named hurricanes into the Greek alphabet, wildfires and <enter your anxiety here>. It’s a lot to handle.
Home-Office Security Measures
However, there are some simple things to implement to help manage the security risks. Late this summer, one of our larger architectural clients started a monthly roundtable discussion with its clients to discuss network security. Most of what they discuss is orders of magnitude different, but there are a few underlying themes everyone can implement to make this remote life more secure.
The obvious first thing is to make sure Windows is doing all its updates. Security updates are there for a reason: to fix something that isn’t secure. It’s important at the corporate level, and it’s just as important at the home level.
Make your corporate passwords more secure, and change them relatively often. The consensus seemed to be a 10-character minimum (13 was another option) with lower-case, upper-case, number and special characters all required. Make it a simple sentence or phrase that’s easy to remember, then substitute numbers and special characters for letters. “I love my dog” becomes !L0veMyd0g. Easy, peasy. We change passwords every three months. If you change too often, everyone gets password fatigue; they only change one character when the renewal is required—not so effective.
Although some hacking happens at the network level, the vast majority of breaches occur when someone clicks on something in an email. Simple rules and common sense prevail here. You will not be notified by email if a relative died and left you a boatload of money.
We talk about these things all the time in our office. So much so that I’ve received phone calls from my own staff about an email I sent out (that apparently should’ve been better worded). They’re double-checking to make sure it was actually from me. I’ll take those phone calls all day long; it means they’re listening and being careful.
We’re bombarded with so many emails, and the filtering software can’t catch everything or you risk over-catching the good stuff. It’s easy to let your guard down. Fortunately, for something bad to happen, you have to click on or open something. The bad guys are getting sneakier, making the email look like it comes from someone you know or a company you order from.
Talk about it. Share bogus emails with them if you have to. Teach everyone to be vigilant. The more they know about and understand the risk, the more secure your remote office can be.