Mobile devices and IoT appliances are everywhere now (riding along in nearly everyone’s pockets), and if the device doesn’t have an embedded operating system it likely soon will. And of course these devices tag along with employees into the office. The problems this can present in a business environment are significant and, for a small company, the impact can be severe if they are connected to business production networks. Risks can be minimized when company owned equipment is secured and fully managed – but risks, even to managed computers, are magnified exponentially when unprotected devices are introduced. For this reason, any personal or non-managed devices should be isolated and segregated as much as possible on a “guest network”.
It’s also typical for a small business to issue laptops that stay with employees between home and office. Employees without existing home equipment may try to use these machines as a personal device in their off hours. This means they may bring the device back into the office after having picked up malware or other infections (like an organism returning to the pack with parasites from the wild, ready to infect the rest of the colony). A multi-layered security solution along with clear usage policies and employee awareness training helps mitigate these types of threats.
Browser Extensions are a newer threat that can be very dangerous and it is common place to see Chrome and Firefox instances with a dozen or more extensions. There have also been instances of legitimate extensions being hacked and used to distribute malware to unsuspecting users. iOS and Android apps are even more dangerous, as users don’t think twice before installing them (even ignoring warnings beforehand). The point of all of this – is that all of these are serious concerns that can circumvent an organization’s existing rules and policies and create an expensive game of “wack-a-mole”.
If you’re concerned about the effectiveness of your security stack and training, we can assess your environment and work with your staff to implement real world, practical security measures that don’t break the bank. Get in touch with us today!