Businesses need to rethink how they are protecting sensitive company information that is transmitted between remote employees in the wake of the mobile workforce.
According to Palo Alto Networks, organisations’ mobile workforces don’t have the same level of protection as most core business IT systems.
This has resulted in increased attention from hackers.
“When employees leave the building, the IT team loses visibility into the state of that employees’ online traffic,” the company says. “This makes it much harder to actively identify and prevent malicious exploits, malware, or malicious websites from compromising mobile devices and their remote network connection.”
If a portable device, such as a notebook computer, is compromised and infected with malware while an employee is out of the office, it can be potentially be controlled by an attacker when it is back in the office, Palo Alto Networks warns. “This effectively opens the door for the hacker to gain remote control of internal systems.”
Security teams have typically approached the issue of mobile security as a matter of remote access and secure connectivity, providing the mobile workforce with a virtual private network (VPN) client to connect to internal business systems with some level of protection.
While VPNs let remote workers access the corporate network relatively safely, not all of them provide the level of protection needed to guard against all of today’s latest threats, some of which can reach the end user whether or not a VPN connection is in place, the company says..
“The typical VPN appliance lacks the ability to inspect traffic or understand its content,” says
Sean Duca, CSO of Asia Pacific at Palo Alto Networks.
“This means it could potentially become a conduit for threats both to and from the corporate network.”
Duca says connectivity without security is too dangerous in today’s threat landscape.
“As well as VPNs, companies should implement security solutions that give them visibility into the traffic going to and from remote devices,” he says.
“This way, threats can be spotted before they become a problem, no matter where they come from.
“Remote users are an extension to organisations’ internal systems, we need to protect them as much as we protect our internal systems because they are the last line of defence when they are remote,” Duca adds.