I wrote a post last week about a survey that had found that way too many organizations fail to enforce security and privacy protocols. According to the CEO of a company that deals with mitigating the risk of network security breaches, the answer to that problem lies in making enforcement easier.
That CEO is Bob Walters of Untangle, a provider of network security products in San Jose. In a recent interview, Walters said the findings of that survey generally track with Untangle’s information. A big issue, Walters said, is that bad consumer security habits often bleed into the organization:
The good news is that organizations are about twice as rigorous about security as consumers are—our data indicates that up to 80 percent of consumers are using outdated software that puts them at risk. The bad news is that poor consumer security habits impact businesses in the BYOD era. People are overwhelmed. Consumers typically don’t understand how Internet security works, and organizations are trying to deal with a rapidly evolving environment with many vulnerable endpoints. To cope, they’re working with multiple appliances, logins and management interfaces. What they need is simplification, which would enable better enforcement.
As you might expect, Walters pitched Untangle as the answer:
The BYOD issue has tremendously complicated life for administrators and IT professionals in business and academic settings by introducing so many more endpoints to the network and expanding the types of devices and platforms the business or school has to support. Untangle has addressed this by providing an easy-to-use, end-to-end solution that allows administrators to protect, monitor and control networks. With Untangle, IT can support BYOD and open Wi-Fi by identifying users through a captive portal or Active Directory, and provide security and policy enforcement support as appropriate to user groups.
I asked Walters what his experience has shown to be the most serious and most common problems SMBs face with regard to their employees’ misuse of the company network. His response:
Poor security practices are probably the most serious issue, since they can result in a headline-making data breach. The most common problem might be time wasted on social networks. Some employers don’t mind if workers check their Facebook page a couple of times a day or use their mobile devices for Snapchat, but it can be a real productivity killer if employees spend hours online. Fortunately, there are solutions SMBs can put into place to address both the security issue and excessive use of social networks on the clock.
I mentioned that there had recently been news reports about a former Oregon State University student who engaged in inappropriate webcam activity in the university library. I asked Walters what measures the university could or should have had in place to prevent such activity. He said it’s a fixable problem.
In a general sense, institutions need ways to identify applications that are negatively impacting the network in real-time and detect potentially criminal activity. Once identified, network administrators can stop users from streaming videos or engaging in a variety of other activities using the organization’s equipment, such as hiding their activities with apps like UltraSurf, downloading illegal content with P2P clients, and streaming content and consuming huge amounts of bandwidth. A good network monitoring and management system can also control specific application functions.
So which is the more serious problem for SMBs—misuse of the company network from the inside, or penetration of the company network from the outside? Walters said it depends on the situation, but an outside breach generally has the potential to be more catastrophic:
We’ve all seen news reports about high-profile breaches that have had a major economic impact on companies, not to mention the hit to the brand as customers wonder if the company can be trusted with their data. Fortunately, SMBs haven’t been seen as high-value targets to date. However, that may change as time goes on. It’s worth noting that misuse of the company network from the inside can include illegally downloading and selling data, so that can be just as disastrous. The bottom line is that companies need a simple way to monitor what’s happening in their networks and systems.
Walters went on to point out that IT budgets need to keep pace with the growing need to be proactive rather than reactive in the area of security:
SMBs, like all organizations, face budget constraints and challenges. We saw loosening in 2014 with IT budgets growing year-over-year, but 2015 is forecasted to be flat. Oftentimes, IT will only budget for security and network upgrades because of a crisis—whether it’s a breach from the outside, misuse from the inside, or something more prosaic like the end of life of a product currently in deployment. With the headline-making breaches last year, companies are starting to realize that security can’t be something that sits on the back burner waiting for a budget windfall. Organizations of every size need to be sure that security is part of the game plan for 2015.
Finally, I asked Walters what network misuse issues SMBs are likely to face five years from now that they’re not facing today. He said the Internet of Things will be the next big challenge:
Analysts predict that by 2020, more than 40 billion connected devices will be online, which obviously expands the number of potential network endpoints that businesses of all sizes will need to manage. Cybercriminals are already gearing up to exploit this emerging vulnerability. The scale is much larger than the challenge posed by the BYOD trend, but the good news is that there are so many different types of devices that it will be difficult for any single hacking strategy to defeat security across all of them.
A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.