Robot
BLEEP, BLIP, BLOOP
While we generally don’t like to make the world black and white, there seem to be two starkly different ways that people think about automation and cybersecurity. While some believe that bots are basically invulnerable, since they never deviate from rules and are immune to the kind of curiosity that makes you click on a phishing email, others have nightmares about increasingly smarter robots going rogue on their networks, making them resist RPA altogether.
So, what’s the real deal? Well, it’s neither. In fact, both of those attitudes are unfortunate, since underestimating security risks makes your enterprise vulnerable and being overly suspicious limits your ability to automate. As with most things in life, you need to arm yourself with information before tackling the issue. We’re here to help with our September 7th webinar “Secure your bots: Best practices for RPA security through credential management.” It will feature enterprise security industry leader CyberArk and members of our product team who will walk you through the latest aspects of enterprise security and explain how safeguarding credentials will fend off risks.
But to get you thinking about this stuff (and possibly even share a few laughs) we’re going to outline the three most common security risks RPA users need to know about (all of which have excellent solutions) and how enterprises often miss the mark.
1. Audit log or “What if my bot goes crazy??”
Suddenly, your bot doesn’t do what it’s supposed to do. It’s a fearful scenario that can be panic inducing. What do you do? Well, you obviously unplug it, but don’t leave it at that. There’s a reason the bot lost its mind, and it’s not because it has one of its own. You have to go back and reconstruct what happened (i.e. malicious code or other misuse by an employee), which is why it’s so important to make you sure that you have an audit log that records all activity.
2. Bot password management or “Are bots the same as people?”
Everyone knows that it’s important to keep passwords secure. That’s why it’s standard practice to regularly reset passwords that people use. Yet, enterprises don’t do the same for bots because they lack the proper tools. While bots are not the same as people, you still need to employ the same security precautions. One way to secure passwords is two-factor authentication, which is a great idea, though things can get complicated when you attempt to integrate your bot with an RSA token. Some users get creative and come up with their own designs for a camera (so the bot’s OCR can read the screen), like the one in the picture below. We’re here to tell you that you don’t have to go there. There are better ways to manage bot credentials and access (hint: listen to our webinar to find out what they are).
3. Data restriction management or “Oops I forgot about the bots again”
Here are some areas where enterprises commonly forget to apply the same restriction to bots as they do to people:
· Geo boundaries — Data that can’t leave a certain country or region (i.e. EU). Since this restriction is not accounted for in RPA software, enterprises tend to overlook to implement it.
· Data retention — Once a transaction is processed, it’s important to remove sensitive data, no matter whether it was a bot or person who worked on it. Oftentimes this step is neglected when processes get automated.
Now that you know that a) securing your bots is important and b) it’s easy to forget to do so, don’t miss our webinar. It will get you started on the road to keeping your bots safe and sound.
Visit WorkFusion to learn more about how RPA and cognitive automation can reduce cost, increase capacity and improve service delivery for your business.
How safe are your bots? The top 3 RPA security risks and most common mistakes enterprises make was originally published in WorkFusion on Medium, where people are continuing the conversation by highlighting and responding to this story.
Continue reading...