Published on July 14th, 2016 | by Rory Quann
You’ve Focused on the Perimeter, But What About Internal Threats?
Workforce mobility is still one of the biggest challenges that enterprises face today. With a large amount of field staff or sales people working in your organization, you may be exposed to internal security threats that you may not have taken into account.
Most enterprises have a staff that are on the road either selling products or services, or meeting with customers, or simply taking their devices with them on vacation. To minimize security breaches, companies will often publish a set of best practices to better inform their staff about connecting to unsecure access points, like open WiFi hotspots. Some of these best practices are below.
Use A VPN
A virtual private network (VPN) connection should be a requirement for remote workers when connecting to your corporate network through an unsecured access point, like a WiFi hotspot. That way, even if a hacker manages to deploy a man-in-the-middle type attack, most, if not all, of the traffic will be encrypted. Since most hackers aim for an easy target, they will likely not attempt to put any intercepted data through a lengthy decryption process. Using a VPN when traveling is a good method to prevent breaches from hitching a ride on a remote worker’s return to your corporate network.
Turn Off Sharing
When connecting to the internet in a public place, you should always ensure that local file sharing is turned off on your machine. In these types of unsecured networks, it is unlikely you want to share your data with anyone else connected to these networks. Staff using a Windows OS have the option to select the type of networks they connect to (for instance, is it a Home network or a Public network?), so it would be beneficial to ensure that they always select Public when connecting to public networks. You should also ensure that strong passwords are used for local administrative accounts, and where possible, remove C$ access to the Windows machine. These simple steps make it much easier to thwart easy hacks on Windows machines.
Staff using a MAC OS can take similar precautions by only connecting to public networks after turning off Airdrop on all their devices to ensure that they are not broadcasting their local information and data.
If You Don’t Need WiFi, Don’t Use It
If you are working offline and don’t need an active internet connection, consider turning off your WiFi. Even when you aren’t connected to a network, your computer’s WiFi is still transmitting. Hackers who want to use your data to commit corporate espionage will use social engineering to track where you have been. For example, they can easily find out if you checked in at Starbucks or if you posted a pic of a cheat week McDonald’s burger to Instagram.
This approach is known as the “Evil Twin.” An Evil Twin is the wireless version of a “phishing” scam: an attacker attempts to fool wireless users into connecting their laptops or cell phones to what looks like a legitimate access point. If a user connects, the hacker can launch a MitM to listen in on all internet traffic, or simply ask for credit card information in the standard pay-for-access deal.
One recent study found that over 56% of laptops were broadcasting the name of their trusted WiFi networks, and that 34% of them were willing to connect to highly insecure WiFi networks, which could turn out to be Evil Twins.
Back to the Corporate Network
These are just some of the basic requirements your staff should operate under when working remotely. However, these policies aren’t always followed because there isn’t a sense of urgency attributed to them. Sales people are under immense pressure to get that quote out to a customer; a support engineer needs to rapidly assist that customer with their debilitating system issues; or you are on vacation and you’ve had one too many cocktails but you really need to know right now who won the World Cup in 1994. The open and free WiFi network becomes an inviting access point for you to connect to.
For your security team to better protect the corporate network from potential intrusions, the first thing they should do is connect to your protected networks to check if malware has been installed on your machine. However, it’s very likely that a stealthy attack has slipped past your preventative measures and hidden itself on your network.
Due to a lack of visibility into the network, today it takes an average of 243 days to discover data breaches. During that time, a hacker could have made off with troves of your most valuable intellectual property. If data is leaving your network, wouldn’t you like to know about it sooner so you can quarantine that machine more quickly?
The best way to protect your network against advanced persistent threats is to wrap it in a layer of total visibility. That way even if a breach slips in unnoticed, it won’t be able to hide long. Where prevention alone fails, the ability to see exactly what’s going on in a network adds an extra measure of security that allows you to track down threats more quickly and easily remove a compromised device from the network.
Some might say it’s okay if the bad guys get in, you just don’t want to let them back out.