Johannesburg, 02 Apr 2013
As South African IT managers and network administrators grapple with increasing threats against their organisations from hackers, phishing, malware and naive insiders, there is another dark threat looming on the horizon. These risks involve the use of corporate laptops in the home environment where security is secondary to convenience and fun.
"Companies generally allow employees to use their business computers at home as they see the extra productivity as beneficial, but they do not consider that home Internet connections are never as secure as the corporation's," says Hedley Hurwitz, MD of Magix Security. "Surfing for personal interest or allowing the kids to use the laptop opens the device to all manner of malware and Web-based attacks."
These concerns are not marketing hype or scare tactics. The AV-Test Institute registers over 130 000 new malicious programs every day. These can be embedded in Web pages, attached to innocuous e-mail attachments, included in free, downloadable games, or hidden on USB sticks. All the user needs to do is open a Web site or an e-mail attachment, plug in the USB stick, or run a downloaded application to be infected.
The next time the individual logs onto his work network, malware can easily be transferred to the business, giving criminals simple access to corporate data resources. And all the while the laptop will be fully protected by reliable anti-virus software.
An Aberdeen report entitled "Endpoint Security: Anti-Virus is Not Enough" [1] , says: "Aberdeen's analysis confirms the prevailing wisdom that endpoint security based on anti-virus software alone is not enough."
Aberdeen adds that patch management and host-based intrusion detection and prevention software offers better performance when it comes to endpoint security. These security mechanisms are generally well embedded in corporations, but are not designed to catch malware transferred directly from authorised users' laptops, where anti-virus applications are only able to detect known malware.
The Norton Cybercrime Report 2012 reported that cyber crime claims 1.5 million victims daily (or 18 per second) and is making more use of e-mail, social networks and mobile technology to gain access to potentially lucrative resources.
In addition, if other common programs used by all users, such as browsers, Acrobat Reader and the Windows operating system, are not regularly patched with the latest security updates, the home user's computer becomes even more susceptible to the latest malware.
"Ignoring the threat of unrestricted use of corporate laptops at home is a significant vulnerability in any organisation's security posture," says Hurwitz. "The solution is either to ban all personal use and surfing on company equipment, an unpopular and almost unenforceable option; or to prepare the business' infrastructure to detect, disarm and alert IT security administrators when malware tries to move from authorised laptops onto the corporate network."
[1] http://www.mcafee.com/ca/resources/reports/rp-aberdeen-endpoint-security.pdf
Share