Most MSP’s and IT Service Providers rely on their staff’s ability to access company resources while working remotely. It allows greater flexibility for your employee’s and empowers them to work from anywhere. They may need to work from home due to bad weather or illness, or perhaps they are travelling to a customer and need to connect back to the office while on site. More often than not, the connection is done via the employee’s personal Smartphone or tablet. Bring Your Own Device (BYOD) is encouraged, as it cuts down on hardware costs for the employer and it gives freedom to the employee to use their personal device that they always have with them.
Regardless of the type of device used to access your company assets remotely, there is a risk. Using public WiFi to connect to your resources is one of the biggest security risks, due to the insecure nature of WiFi. Public environments where someone with malicious intent can view on screen activity is also a risk. Even when on-site at one of your client’s locations in a private environment, using that untrusted computer at their location to connect back to the office is a potential risk.
When taking every precaution using a personal mobile device, such as connecting only over a 3g or 4g network and only ever using SSL, the mobile device itself can be the primary target and weakest link in your company’s security.
The problem is with the known security vulnerabilities on the device’s outdated OS.
According to the latest statistics from Gartner, Android now has a 72% market share of all mobile devices in Q3 of 2012. Of that, more than 50% of those Android devices are running on the Gingerbread OS (Android 2.3.6, last updated over a year ago). Now this represents a huge section of mobile users in the wild running an out of date and insecure OS. According to Kaspersky, Gingerbread is the most targeted version of Android for malware and Trojan SMS programs. Can you trust that your employees are updating their devices to the latest, most secure versions of the OS to avoid these vulnerabilities? For most Android users, Gingerbread is a dead end unless they buy new hardware, so upgrading isn’t an easy option.
The best practice is to use Two Factor Authentication for all remote access points to your business’s assets and those of your clients. This significantly reduces your risk. Even if that one time password is captured, due to lax security policies or vulnerabilities from an outdated employee mobile device, the credential can never be reused again to login to those assets.Take a look at what devices your staff is currently using to remain productive outside the office and ask yourself; is there a potential risk involved? The answer is most likely yes. In the age of BYOD the problem will only further persist. Protect your business assets with strong authentication to reduce your risk to an acceptable level. Spend less time worrying about your staff’s woefully out of date and insecure mobile devices and focus on the business at hand.