As we head into July and the holiday season gets into full swing, the thoughts of many of us will turn towards our summer holidays and what we will do to rest and relax for our well earned breaks.
But of course for most of us we won’t have the luxury of switching off completely while on vacation. In a recent survey which Cisco conducted, more than three quarters of those asked suggested they will be taking their work mobile device – smartphone, tablet, laptop – away with them. The same UK survey discovered 72 percent expect to spend up to one or two hours per day keeping up with what’s going on back in the office.
I actually believe the real figure might be far higher than this as it seems many of us simply cannot stand to not be connected 24/7 and feel we have to keep abreast of what is happening at work.
The challenge for the security teams in the companies where we work is that often we are less than careful about to which WiFi we connect our devices. The lure of a ‘Free WiFi’ sign is often enough to have business people whipping out their iPads as much as any teenage children they might have with them!
Indeed, the same survey recorded that 60 percent admitted that they did not check the security of a Wi-Fi network before connecting to it whilst on holiday or on business for that matter. That is despite 69 percent confirming that their employers had informed them about the risks associated with using devices remotely for work purposes.
Thus the security and people problem – we do these things, then when back in the office we readily connect back onto the corporate network unaware if there has been any compromise to our mobile devices while away.
In this era of increased mobility of employees, it is the security teams who often have to deal with the security implications.
Cyber criminals are well resourced and professional and recognise that employees are often a company’s weakest link so target them to gain access to the corporate network. They also know that our guard is often down when we are in a relaxed environment like on holiday and so they know that we might do things that we otherwise would not do normally to compromise our security.
Of course we do not deliberately set out to compromise our companies’ network security, but employees must learn to avoid using unsecured Wi-Fi networks, especially for work-related tasks, and ensuring that they adhere to their companies’ IT policies at all times.
Similarly businesses must realize that whatever their security policies say, and whatever endpoint security products they invest in, attackers will find the weakest link and so it’s not a matter of if they get attacked, but when and need to focus on setting their security accordingly. To enable them best to deal with this increased risk it is critical they have full visibility across their network in order to spot unusual activities or behavior and deal with it before it spreads to vital data and applications.
In the meantime, we all need to do our bit and help the security team by being careful about how we use our devices and if the WiFi is unsecure make sure we use a VPN or similar form of encryption to minimize the risk.