Happy Cyber Monday! Are you protected from the greatest security threat to your company on this busy online shopping day as well as every other day?
That security threat would be your employees—and you. This is all thanks to our collective move to using mobile devices, as well as the increase of social networking and online collaboration. A new survey from Ring Central found that 88 percent of workers use their personal smartphone to continue working outside of work hours. We all know about the rise of BYOD, but my guess is that a lot of people use their phone to connect to the office network without getting the proper clearance to do so.
But I’ve found one surprising number from that survey, according to the Ring Central blog:
Half of the people polled even use their mobile phones while they are sitting right next to their desk phone. If you find yourself choosing your smartphone to handle business calls, faxes and email, you are in the majority.
Jason Fredrickson, senior director of application development at Guidance Software, told me that the problem is that the obsession employees have with their smartphones, tablets and now wearable Internet-accessible gadgets turns into a corporate security risk. Employees use these gadgets even when more secure, work-controlled options are available. The bad guys are targeting people’s personal accounts with the intent of using them as ricochet points into corporate systems. The number of potential ways to execute an attack will keep increasing, making it difficult to keep track of all the possible entry points.
Fredrickson’s suggestion to me about how to end this problem is for the enterprise to take a more nuanced approach to security:
The layered security approach will still be a necessity and companies will continue to have to check the boxes on intrusion detection, firewalls and anti-virus systems. However, adding layers to the security stack will not solve the problem, and the perimeter will continue to become more porous as device types proliferate and BYOD becomes the norm. We will see more and more attacks that exploit existing vulnerabilities, like mobile devices, USB drives, and Bluetooth speakers. Attackers will also find ingenious new ways to jump traditional boundaries and preventative safeguards to penetrate perimeter security.
He added that in addition to strengthening the human perimeter, the enterprise today needs to take a proactive stance on information security by using endpoint-security analytics systems. The best of these can create baselines from ongoing study of the processes and other activity taking place closest to that human attack vector and corporate endpoints like servers and user workstations. It can also provide early alerts when anomalies occur.
As the saying goes, a chain is only as strong as its weakest link. In network security terms, that weakest link could very well be the employees who are using their own smartphones for business.