Can Linux Be Used To Offer More Security In A WFH World (On And Offline)?

Operational security at least seemed so much easier back when traditional 9-to-5 office life was still dominant. Talk of professionals taking their work home with them was largely metaphorical, with only occasional instances of C-suite types dragging their laptops everywhere they went. Business hardware and systems would be shielded through physical security and isolated networks. One office (or office complex), one place to guard: entirely straightforward.

Now, after a year that’s seen countless businesses (some eagerly and others reluctantly) adopt the working-from-home model, there are different challenges to overcome. Teams are scattered and must share sensitive data across the internet — data to which other companies and fraudsters would love to gain access. When information gets out, reputations are destroyed and businesses (particularly those working entirely online) struggle to survive.

So what can be done about this? Well, there are various steps you can take to improve cybersecurity, and in this post we’re going to consider whether the use of Linux is one of them. Can companies bolster their remote-working operations — even offline — through swapping their current operating systems for Linux? Let’s see what conclusions we can reach.

What are the strengths of Linux for securing online activities?

While this certainly isn’t a comprehensive account of what makes Linux great for online security, there are three long-standing benefits of Linux distributions that we should focus on here:

• They’re entirely customizable, removing the need to rely on third parties. Windows is updated by Microsoft, and iOS is updated by Apple. It’s possible to find unofficial and unsigned patches, but they’re always going to cause issues with support services (and that’s if they work at all). This means that those using these systems must rely on those companies to react appropriately to security threats.

Because Linux is open-source software, it doesn’t rely on security updates from any single provider, and its ever-improving compatibility options make it a stable like-for-like replacement. If you want to run a VPN service, you’ll find that all the leading contenders support Linux — and if you want to do something like implement a system-level proxy server, you can easily load up a caching proxy like Squid through the terminal. 

Additionally, the fundamental transparency of Linux makes it relatively simple to review for potential security issues. If you’re willing to put in the effort to steer the ship, you can achieve far more impressive levels of security through Linux systems.

• They’re updated by people who care about privacy and security. Leading software companies do care about security, but largely in the sense that their profits and reputations are affected by system vulnerabilities. Linux, on the other hand, is heavily driven by passionate enthusiasts who actually care about user privacy.

If you’re looking to resolve a certain issue, you can inevitably find free community support to point you in the right direction. And if you want to run a cut-down OS with none of the default telemetry services that plague all the mainstream alternatives, Linux isn’t just your best option: it’s your only practical option.

Throw in superior support for things like using SSH and saving and reviewing comprehensive log files, and you have a fantastic out-of-the-box option (so to speak) that will only get better the more you work on it.

• They’re not high-priority targets for hackers due to their niche appeal. While it’s true that Linux servers have become very popular (and thus attracted attention), the same can’t yet be said of Linux desktop operating systems. Almost all attention goes towards Windows and iOS, all because it’s far more economical to target them.

On top of that, you need to factor in the presence of different Linux distros. Where Windows installations will differ only marginally, systems running on Debian, Red Hat and Linux Mint can have far more substantial differences. There isn’t much motivation for a hacker to specifically target Linux Mint systems, making them much safer.

How can Linux secure remote-working hardware?

We’ve looked at how Linux helps to secure online operations, but what about offline activity? Remote-working hardware still poses a threat, after all, and needs to be kept in line. Well, just as it supports plenty of online security services, Linux also offers a tremendous array of at-home security solutions that allow extensive configuration.

For businesses that still want to use office spaces (or those determined to monitor their remote-working employees extremely closely, however much that seems like a bad idea), there’s open-source monitoring software like Zoneminder. For network user authentication (key for all remote-working companies, and often managed through cloud systems like Azure Active Directory), there’s the free Kerberos protocol.

And for those who need to keep their business hardware secure on the go (despite lockdowns, there are still workers who need to travel), it’s easy enough to take advantage of tools like the Yubico Pluggable Authentication Module (PAM). The PAM makes it convenient to use hardware dongles for user authentication, ensuring that lost laptops don’t present major weaknesses.

What is the value of tech comprehension in cybersecurity?

User error is the one thing that even the most tightly-secured systems can’t fully move past. This is why social engineering is such a popular endeavor for fraudsters. Hacking an up-to-date system is complicated and risky, while convincing a poorly-trained employee to volunteer their login details under false pretences can provide quick success.

Due to this, ensuring that your employees have strong awareness of security basics will do much to make your operation stronger — and though Linux still has an intimidating learning curve, it’s sufficiently approachable that you could make it your main operating system without asking more of your workers than they can reasonably provide.

It certainly helps that so much is done through browsers at this point. If someone can use a Chromebook, they can get to grips with a Linux distribution, and learning more about how Linux works (and how it treats something like admin authentication) will slowly but surely leave them less likely to make basic security mistakes.

Wrapping up, the answer to the titular question is a strong yes. Less likely to be attacked than other systems, built with security and flexibility in mind, and equipped with rich compatibility features that make it easier than ever to swap from Windows or iOS, Linux is a mature solution that every modern business should consider using.

About the Author

Elliot Mark is a senior writer at Ecommerce Platforms with a deep curiosity for all things digital and the changing world of ecommerce. He’s helped create a number of unique online stores, providing content and marketing support to help people grow their own ecommerce biz. Connect with him on Twitter @EcomPlatformsio.