Menu
Why IT security is needed beyond NZ office walls…

Why IT security is needed beyond NZ office walls…

Mobile devices are as essential to our lives and work as Ritchie McCaw is to the All Blacks in a World Cup final, that is practically a given.

Mobile devices are as essential to our lives and work as Ritchie McCaw is to the All Blacks in a World Cup final, that is practically a given.

Laptops, for example, allow people to go online, access work resources, solve issues remotely, and do any task they would normally do at their desk almost anywhere on the planet.

Hardly ground-breaking stuff maybe, but the problem Kiwi enterprises have with laptops, according to Emmanuel Carabott, Security Research Manager, GFI Software, is that securing these devices can be a bit of a headache.

While an organisation might have a very good patch management and vulnerability assessment policy, Carabott believes such policies may be difficult to enforce on devices like laptops because they may not be connected to the network when assessments are made.

“Laptops are great when you’re on the move but most people find workstations more comfortable to use,” adds Carabott, speaking to Computerworld New Zealand.

“This means that unless they need to transfer data from their laptop to the office network, that laptop might not be connected to the network for quite some time – missing out on important vulnerability assessments and critical patch updates.”

According to Carabott, who boasts specialist expertise within enterprise security, laptops are a great target for malicious attackers, with a stack of increasingly sophisticated methods used to thwart security policies.

“What do I mean?” asks Carabott, “like a lot of people with a job that requires us to be available at all times in case of emergencies, and regardless of where we are, I will always try to connect to any open access point to get Internet access.

“How many times have you been at an airport or in a hotel and have not tried to connect to a wireless access point? I’d say the majority will say ‘never’.

“Even if there are no emergencies we still feel we need to be proactive and be ready. Work apart, we still want to be connected: to stay up to date on what is happening, to communicate with family, co-workers and friends, to check email, update our social media profiles or simply to pass the time.”

While Carabott is stating the absolute obvious, that’s exactly the point she’s trying to make.

“It’s also obvious to attackers that people are going to try and connect to open access points,” he adds, “that’s a nice target.

“If they can infect a company-owned laptop, they might hit the big jackpot. It’s not that hard to pull off; you don’t really need a kernel level module or a signed piece of malware to succeed.

“An attacker can mimic a genuine access point and once you’ve connected, redirect you to their malicious page. They can ask you to install a client to get access to the Internet or try to exploit a browser vulnerability and install malware without user intervention.

“It’s not unusual for hotel / airport access points to redirect us to a gateway webpage. Signed or not, most people will not question an agent installation request and this is why it’s the perfect way in for an attacker.”

Carabott believes it’s also a very good reason why work laptops should be properly secured and that they are checked for vulnerabilities and missing patches regularly.

Security professionals are aware of this, understanding that a good patch and vulnerability management solution will have functionality to manage devices that are not always connected to the network.

But these devices need to be protected and that should not stop at the office door, Carabott insists.

“An employee typing their credentials on a laptop with a key logger installed by someone on the other side of the world will bring your security efforts to nothing; the effect is just as bad as if it were a workstation in the building,” he warns.

“No VPN and no encryption can protect you against that breach.”

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags BYODmobilitysecurityenterpriseGFI Software

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments