Modern technologies have opened a Pandora's box of issues for companies trying to keep control of their networks. It is not unusual for a typical employee to launch instant messaging, log onto Facebook and start sharing videos with friends and colleagues. Not only might members of staff log on to the network from their desks, they might also log on from home, or from their laptop at a WiFi hotspot in a coffee shop or at the airport.
While the ubiquity of the new internet is predominantly positive for businesses, boosting employee up-time and therefore productivity, it has opened up a can of worms in terms of security, and adhering to an ever-escalating number of compliance regulations is becoming an increasingly difficult challenge for organizations. By their ability to puncture holes in corporate defenses, these new technologies are like candy to a baby for cybercriminals, who are exploiting these vulnerabilities to infect networks with malware, spyware and Trojan horses for their financial gain.
Organisations' ongoing drive for more flexible working practices also has a major impact on the overall security of corporate networks. Now, networks need to be opened up to third parties, such as contractors, customers and consultants, but these guests may not use the same security applications as the host network and may not have applied the most recent software upgrades or patches. Moreover, full-time employees are frequently granted administration rights that enable them to use their computers from outside the office, but this can compromise security, as it requires that some critical security services are disabled.
Despite the risks involved in not keeping a tight rein on the comings and goings of network users, a surprising number of organisations have no enforcement mechanism in place to drive compliance or to report on results. This gap in corporate policy exposes the enterprise to a range of threats; not simply from malware and hack attacks, but also the loss or theft of intellectual property, and punishment from inadvertently flouting regulatory requirements.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.