Despite widespread adoption, many businesses are not fully prepared for the security risks that inherently accompany mobile working.
The 2006 Information Security Breaches Survey from Pricewaterhouse-Coopers/DTI showed that a quarter of UK businesses were not protected against spyware; around 20% of wireless networks were unprotected; and only 1% were armed with a comprehensive approach for identity management.
Many UK businesses are already behind in achieving compliance with the industry security standard for payment card data. This comprehensive standard is intended to help organisations proactively protect customer account data and applies to any company processing, storing or transmitting credit card numbers.
Having a mobile workforce is a further complication, as organisations still need to prove that their network integrity is secure. In an ideal world, what’s needed is banking-grade security, but this can be costly for SMEs and mid-market companies that lack the in-house resource to implement it.
As more businesses realise the consequences of poor network security, hackers are changing the way they infiltrate the corporate network. This has resulted in a change in the security landscape with threats coming from new locations and bypassing traditional defences.
Virtual private networks (VPNs) are one of the most common methods for teleworkers to access a corporate network. However, many users are unaware of the potential risks that VPNs pose. VPN traffic is carried over public infrastructure , which relies upon tunnelling for security. Although they are often seen as the most secure way for remote workers to keep information safe, they may, in fact, be creating unintentional back doors for hackers. In today’s changing IT landscape, VPNs should not be the only measure implemented to protect the corporate network.
Ideally, mobile workers want to log in remotely to the network, replicating all of the access privileges found on their office LAN (local area network). However, strong perimeters and password systems are not adequate measures when it comes to remote security, and can be easily bypassed with password-cracking software.
Remote security
The challenge is to replicate the levels of security found on the LAN to the home office and mobile worker environment. This would extend the boundary of the corporate network to the end-user device, and would counteract any emerging threats coming from new locations.
Combining traditional defences such as a managed firewall, intrusion
detection, anti-virus software and remote worker authorisation will help restore
privacy to the
teleworker environment.
One of the main challenges with remote workers is the lack of control that IT managers and directors have over their machines and what they are accessing. Businesses need to regain this control by implementing a layered approach to security and extending security perimeters.
This sounds expensive, but there are technologies available that are not prohibitively expensive and that are already demonstrating compelling return on investment calculations. For companies with fewer than a thousand users, the cost of implementing two-factor authentication, combined with SSL encryption, plus other security features, can be cut by 20% to 30%.
As the service providers control access to the public internet, it is only they who can offer the capabilities for extending the security perimeter of a corporate network and the industry is currently challenging ISPs to provide this enhanced security.
Secure network
Make sure your network infrastructure:
• extends the corporate security perimeter to the teleworker at a network level
• reduces the risk of identity theft, malware, botnets and so on
• doesn't allow teleworkers to open networks to malicious attacks
• only transits the public internet when absolutely necessary
• reduces the internal business cost by providing solutions on a SaaS (software as a service) model
• complies with legislation, such as the Data Protection Act
• unlocks the potential of mobile working
Angus Peacey is head of product marketing at Pipex Business
For more information go to www.berr.gov.uk/files/file28344.pdf
reader comments