​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​

Our quest for convenience may actually kill our security defenses.

by

Risk Level: HIGH

Offsite and web enabled access from anywhere is creating significant security holes.

Type of Threat:

We are giving Authorized user access to almost everyone we work with, supplying corporate information or valuable data from anywhere on mobile devices, apps, or through public WIFI. The opportunity exists for countless bugs and virus to gain access, not to mention the risk of a loss of a mobile device with connectivity settings intact. It’s more common than you think!

Why this is so important:

Personal devices are not usually monitored, whether personal or company owned. This opens up huge risks to your secure data just from typical user behavior, which includes personal web surfing, pornography (viruses), torrents, movies, personal email, apps, software / malware and more. End users believe connections to the corporate are protected, but what is not clear is what else is watching and logging that activity. With no protection on the end-point it’s impossible to know how extensive the threat.

At risk employees:

Desktops and Laptops contain user logon information to what matters; Data, company drives, bank information, credit information, identity. It’s a risk just to have Authorized users accessing this info, but potentially ten-fold risk if they do it from home on their own PC’s or Laptops. Quite simply a simple USB insert of a kids homework paper can introduce all sorts of stuff on the PC.

How to mitigate:

Simple as it sounds, you need a usage policy that requires any device accessing the network to have on it policy enforcement both on the network and off, period. We can debate legal infringement all day, but it boils down to having the privilege to access company information remotely requires a security cost. DLP end points that enforce last known policy regardless of connection to the Internet is a must. Technical Recommendations – We recommend software that loads on each workstation and enforces policies of data-loss, internet access, usb usage, attachment scanning and more to be in effect at all times both on the corporate network and off. This becomes even more important for work remote employees and contractors. DLP end point is a simple and easy managed software that we recommend.

The case for web filtering and web application firewalls: security | productivity | liability.

by

Risk Level: MODERATE

Internal threats now represent more than 60% of the risk to company data, 40% coming from hackers.

Type of Threat:

Web applications and web-enabled mobile devices for convenience is a green-field frontier for hackers. Corporate defenses were never designed to block web – they just allow port 80 and block playboy.com. Ok we’re way beyond security of 1998, so now we must re-look at our gateway devices and require them to control the most important aspects of our company, including web application access, usage, monitoring, website visits, reporting and more. We can no longer standby and hope our CRM access, our database, email and more is secure.

Why this is so important:

Convenience has driven faster than our security policies. Internal threats now represent more than 60% of the risk to company data, 40% coming from hackers. We must remember internal threats are dangerous for three main reasons;

  1. We trust them (authorized users)
  2. We don’t typically monitor them
  3. We give them access to everything.

End users and executives alike have a limited time with an organization. The best practice is to realize that loyalty is not what it used to be, and to get serious about a policy, then employ technology to ensure the data and assetts are protected. When people are conntected to the web or even their web mail, the natural belief is they can “send” important documents to their home email, from their home email, to “work” on it remote. That activity just lost your entire database of customers. Hopefully they dont work for a competitor in the future….

Liability has gone up? You bet!

Giving someone an ipad is enough to cause liability. Imagine them at home accessing things they should not with a copmany resources. Guess who’s fault it is? Yup – it’s the companies. Now imagine an employee downloading music and movies on a corporate owned system through open ports the traditional firewall/filter combos cant block. Again it’s the fault of the company. The third point brings up someone losing their laptop, which happens to have customer information. This happens all the time and brings hundreds of thousands of liability dollars, apologies, letters of shame, identity theft issues and more. Again, the companies responsibility and liability.

How to mitigate:

A couple easy ways; First you need a usage policy defining what can be accessed and what is inappropriate (BorderLAN can help with this template), Second a smart filter that monitors, reports and blocks inappropriate access both ON network AND OFF network on company devices or even personal devices. Third is to outline a web -app policy and procure a device to manage those apps. Think of it as a interal facing web-app firewall.

Technical Recommendations:

We recommend Appliance based Web Filtering with capabilities of controlling IPAD’s and mobile iDevices. We recommend Web Application Firewall appliances to mitigate and enforce usage policies on apps that are accessing critical and confidential data. BorderLAN can help consult with and size these appliances for your organization.

Copyright © 2012 BorderLAN. All rights reserved.
Privacy policy | Terms of service
Find us on Google+