It’s no secret that more than ever, employees struggle to maintain a healthy work-life balance – even when they’re on vacation. Some people can’t help themselves but check work emails while running their toes through the sand.
Who will scorn them for being a duteous worker? No one, but the company’s IT team because this “super-employee” is accessing accounts and information on an unpatched and vulnerable device from a remote location. So why can’t IT teams take a chill pill when it comes to summer vacation network security?
Unpatched and unmanaged (usually personal) devices provide hackers with a gateway to the corporate network, as well as the possibility of accessing files, accounts and more. Even when an employee is innocently checking their email from the beach, access over free or unsecure Wi-Fi networks creates the possibility for hackers to clone accounts, thereby gaining access to sensitive company information.
Access from remote locations put organisations at risk by increasing their exposure to foreign cyber attacks. That’s why it’s important for IT teams to verify that their corporate endpoints are patched with the latest OS version, anti-virus updates, and are encrypted before their employees travel. In addition, it’s important to ensure, as much as possible, that work isn’t conducted on personal devices, no matter the emergency.
Another reason that summer vacations worry IT teams is that employees often decide to take their corporate devices with them. Out of a desire to stay in the know, or keep their Inbox in check, employees may plug into their device while away from the office, which puts information under threat, especially if secure access policies aren’t in place.
For instance, if an employee decides to charge their company smartphone at an airport charging port, they may be putting emails, files, and passwords directly in the hands of hackers.
That’s why IT teams should work to ensure that secure on and off-boarding security policies are in place, controlling access to all areas of the enterprise network, so that even if an employee isn’t aware of the risk, hackers will be denied access, no matter the circumstances.
Finally, another aspect of summer travel that concerns IT team are those employees who fully understand the need to disconnect from their work devices on vacation. While such devices might seem like less of a threat than those being accessed at the beach or on an airplane, these “neglected” company devices are vulnerable because they aren’t being actively updated for missing patches; they are idly waiting for a hacker to infect them with malware, ransomware or worse.
Known as ‘passive attacks’, hackers monitor the system for open ports and vulnerabilities, such as missing patch updates, and take action. Hackers thereby attain access to valuable information on the system they want to attack, and wait patiently for the employee to return to work in time to send them a phishing email. While this may seem like a far-out scenario, these kinds attacks are unfortunately quite common.
Therefore, it’s a good idea to have a network access control solution in place that will allow for remote patch, anti-virus and OS updates, or to remote disconnection of unpatched devices from the network.
The bottom line is that summer vacations are the opposite of a walk-in-the-park for IT teams. Whether dealing with employees who can’t seem to disconnect, or those whom are overly willing to do so, cyber security risks are abound in the summer months.
To effectively answer these risks, IT teams should have robust access controls in place to make sure that their network security policies are being upheld – no matter the device, location or timing.
With secure on and off-boarding systems in place, as well as complete visibility into network endpoints, IT teams can depart on their own summer vacations knowing that endpoints are patched, vulnerabilities are taken care of, and that their network is secure.
Sourced by Ofer Amitai, CEO, Portnox
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here