IT security and control firm Sophos has revealed new research into the types of user businesses fear most likely to expose their networks to IT threats.
The research shows that 31% of companies believe remote or mobile users expose their networks to the greatest threat, compared to 25% that consider guests or external contractors the greater danger. In contrast, an additional 44% of companies believe standard employees are actually more likely to expose the network. (208 respondents, Sep 2007)
According to Sophos, many businesses struggle to ensure their mobile workforce adhere to the same security policies as their desktop users. This is because they have insufficient insight into whether these remote machines are equipped with the required software, system patches and up-to-date security applications.
Furthermore, Sophos experts note that guests and contractors are often overlooked from this equation and allowed to forgo these security checks entirely, greatly increasing the chances of exposing the company network to attack.
"Remote workers and guests can be a real problem for IT administrators trying to safeguard corporate networks, particularly when they`re using different devices, different security software and different operating systems or system patches," says Brett Myroff, CEO of master Sophos distributor, Netxactics.
While these users don`t have malicious intentions, if they`re allowed to logon they can inadvertently expose the network to a myriad security threats.
"Without a solution for standardising who and what is allowed network access, these companies are greatly increasing the risk of leaving avenues open for cyber criminals to exploit," Myroff says.
The research also highlights the large proportion of organisations that hold concerns over their desktop-based employees - workers that are likely to be using similar devices and permanently connected to the network. Whether down to irresponsible online behaviour, using peer-to-peer applications or instant messaging programs, or simply because their PC isn`t correctly configured, any employee that doesn`t adhere to internal security policy could be exposing the network to threats.
"Also of concern is the number of companies that are unaware of non-compliant machines on their network, even though they may be permanently connected. The answer, however, is the same: irrespective of where the problem lies, smart network access control solutions can help organisations comprehensively enforce their security policies, ensuring that any non-compliant device, whoever it may belong to, is locked down and unable to jeopardise the network," Myroff says.
Further information about controlling network access can be found at: http://www.sophos.com/security/topic/nac.html.
A Podcast discussing NAC implementation and deployment is available to download from: http://www.sophos.com/security/podcasts/archive.html.
Share