Menu
Why IT security is needed beyond NZ office walls…

Why IT security is needed beyond NZ office walls…

Mobile devices are as essential to our lives and work as Ritchie McCaw is to the All Blacks in a World Cup final, that is practically a given.

Mobile devices are as essential to our lives and work as Ritchie McCaw is to the All Blacks in a World Cup final, that is practically a given.

Laptops, for example, allow people to go online, access work resources, solve issues remotely, and do any task they would normally do at their desk almost anywhere on the planet.

Hardly ground-breaking stuff maybe, but the problem Kiwi enterprises have with laptops, according to Emmanuel Carabott, Security Research Manager, GFI Software, is that securing these devices can be a bit of a headache.

While an organisation might have a very good patch management and vulnerability assessment policy, Carabott believes such policies may be difficult to enforce on devices like laptops because they may not be connected to the network when assessments are made.

“Laptops are great when you’re on the move but most people find workstations more comfortable to use,” adds Carabott, speaking to Computerworld New Zealand.

“This means that unless they need to transfer data from their laptop to the office network, that laptop might not be connected to the network for quite some time – missing out on important vulnerability assessments and critical patch updates.”

According to Carabott, who boasts specialist expertise within enterprise security, laptops are a great target for malicious attackers, with a stack of increasingly sophisticated methods used to thwart security policies.

“What do I mean?” asks Carabott, “like a lot of people with a job that requires us to be available at all times in case of emergencies, and regardless of where we are, I will always try to connect to any open access point to get Internet access.

“How many times have you been at an airport or in a hotel and have not tried to connect to a wireless access point? I’d say the majority will say ‘never’.

“Even if there are no emergencies we still feel we need to be proactive and be ready. Work apart, we still want to be connected: to stay up to date on what is happening, to communicate with family, co-workers and friends, to check email, update our social media profiles or simply to pass the time.”

While Carabott is stating the absolute obvious, that’s exactly the point she’s trying to make.

“It’s also obvious to attackers that people are going to try and connect to open access points,” he adds, “that’s a nice target.

“If they can infect a company-owned laptop, they might hit the big jackpot. It’s not that hard to pull off; you don’t really need a kernel level module or a signed piece of malware to succeed.

“An attacker can mimic a genuine access point and once you’ve connected, redirect you to their malicious page. They can ask you to install a client to get access to the Internet or try to exploit a browser vulnerability and install malware without user intervention.

“It’s not unusual for hotel / airport access points to redirect us to a gateway webpage. Signed or not, most people will not question an agent installation request and this is why it’s the perfect way in for an attacker.”

Carabott believes it’s also a very good reason why work laptops should be properly secured and that they are checked for vulnerabilities and missing patches regularly.

Security professionals are aware of this, understanding that a good patch and vulnerability management solution will have functionality to manage devices that are not always connected to the network.

But these devices need to be protected and that should not stop at the office door, Carabott insists.

“An employee typing their credentials on a laptop with a key logger installed by someone on the other side of the world will bring your security efforts to nothing; the effect is just as bad as if it were a workstation in the building,” he warns.

“No VPN and no encryption can protect you against that breach.”


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags BYODenterpriseGFI Software

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments