Story image

Public WiFi and BYOD a backdoor route for cyberattacks

03 Jun 2015

The roll out of open public WiFi may expose businesses and their employees to data breaches if businesses don’t protect it, according to BAE Systems Applied Intelligence. 

As Bring Your Own Device becomes more common in the workplace and businesses allow employees to use their own devices to connect to corporate networks, associated security risks to the enterprise are also increasing, the company says. 

Organisations that fail to protect themselves against these risks and secure their information may be putting company data into the hands of cyber criminals. 

“When users access unencrypted networks, attackers can easily hijack the session and not only gather all sorts of sensitive information, including passwords, but also potentially inject malicious code to compromise the device,” explains Rajiv Shah, general manager, Australia for BAE Systems.

“This makes everything on the device vulnerable – including any corporate data,” he says. “If an employee then connects a compromised device to the corporate network this can be a backdoor route to let a determined criminal mount an even wider-ranging attack.” 

BAE Systems Applied Intelligence suggests three steps for businesses to protect their corporate networks. The first being to implement and enforce a strong security policy.
 
Organisations should conduct a prioritised assessment of the risk that any mobile device, whether company-owned or BYOD, represents and develop a clear policy explaining how employees should use devices and setting out the security measures to protect information.

BAE Systems says properly thought-through security will provide benefits to employees without unnecessarily impacting on the use of their personal devices. 

The company says businesses must educate employees about the risks of using their own devices and prioritising convenience over security. “An obvious step would be education about the risks of using open, unencrypted Wi-Fi connections,” BAE Systems says. “This is one part of getting employees to care about security and understanding that they have an important role to play in keeping the organisation’s cyber security risk to a minimum.” 

The third step businesses should undertake is implementing appropriate security controls. 

“Traditional mobile device management solutions will go some way to protecting companies, but there is much more that businesses can do,” BAE Systems says. 

Businesses should install a multi-layered security model that includes device configuration and management, appropriate secure connection methods, on-network content filtering solutions, and ongoing monitoring of corporate networks. 

The company says an appropriately encrypted VPN service could be used on untrusted networks. This can be combined with a global, cloud-based security solution that can scan the content and source the destination address by using specialised detection methods which block security threats and unacceptable content. 

Adds Shah, “Companies need to consider appropriate security measures to protect against cyber criminals accessing their information and networks through activities staff may think are seemingly harmless.” 

Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.