As the Bring Your Own Device trend continues to grow we are seeing that many people using their smartphones at work are blurring the lines between professional and personal use, which is creating an 'always-on' trend. This change in culture means that now more than ever people find themselves logging on and checking emails and working from home, or even abroad.
Apart from the fact that people need to take time off to recharge their batteries, so to speak, they also should be switching off their devices; not only to have some respite from work, but also because they could inadvertently be opening up their organisations to threat and vulnerabilities. As more people access the corporate network from home and abroad, IT teams need to make the necessary provisions to ensure that the employee has the correct level of access and phone protection.
This means that IT departments are faced with the daunting task of making changes to the network in order to ensure employees are able to securely access documents, emails and communicate with colleagues when they are abroad. All of these changes to the network have the potential to open up vulnerabilities that could allow malicious activity, as well as this; employees could be connecting to unsecured and unauthorised WiFi networks.
Neglected policies leave you vulnerable
Having said that, if firewall policies are correctly set up and configured then this will only allow authorised access to company networks, the problem is when the employee returns to work. Once they have returned, applications that were temporarily allowed need to be revoked. For smaller companies with a limited number of mobile employees this shouldn't be too difficult, but for larger orgnisations this can become an almost insurmountable task.
Most of the time the review of allowed services is neglected. Of course, we are not talking about blocking an employee's access to emails, but it is easy for a security administrator who is adding rules to provide access to a critical part of the network. According to Gartner, 95 per cent of all firewall breaches will be caused by human error or misconfiguration and this is only going to be amplified as employees work from home or abroad. It is essential to audit the rules before they are pushed, which requires that the enterprise documents and implements security baseline policies.
Not all attacks are Advanced Persistent Threats. Enterprises should adopt in-depth security protection tools to detect and stop APTs, but the vast majority of attacks can be blocked with restricted security policy and access control on the enterprise's perimeter security. When configured correctly, firewalls can block attacks and can stop cyber criminals from leveraging applications for malicious use, both internally and externally.
Many organisations do make some provisions to allow employees to work from home in the first place, but it is vitally important that following the summer holiday season that organisations carry out a full audit of firewall policies. This will not only identify unused rules that can slow down traffic, but can identify too permissive rules, access to forbidden zones, compliance and areas where attackers can leverage access to systems that may not be patched. Organisations need to not only ensure that employees are able to access applications and files, but also to ensure that applications and systems are not left accessible to non-staff.
Audit and assess
Conducting an audit of firewall rules and policies can allow IT departments to see exactly what access their employees have, as well as identify potential gaps in security, thus allowing them to plug these holes and ensure the corporate network remains secure. The audit will not only identify these rules, but can check the complexity and openness of the rules, which can also help to speed up traffic and reduce bandwidth consumption.
In order to remain proactive and ensure that the corporate network is fully protected, organisations should also conduct real-time analysis of access to their networks. As employees connect from home and abroad, IT departments need to see what is being accessed, who has access and what they are doing. Understanding what is happening on your network at any given moment can help to identify abnormal activity, enabling IT departments to immediately spot any problems, as and when they occur.
By conducting audits and real-time assessments of network access, organisations can ensure that they remain secure, while allowing employees the access they need, without compromising productivity.
By Bernard Zelmans, general manager EMEA for FireMon