July 1, 2008
Summer Is Here: Do You Know What Your Kids Are Doing With Your Laptop?
Employees may be bringing back more than sunburned noses from family vacations this summer. With an increasing number of corporate laptops also serving as the family computer, many employees are letting their children use the company computer to surf the Web, do email and instant messaging, and update their MySpace sites, cautioned Seattle-based Napera Networks today. This is particularly true during summer holidays, when employees try to maximize time with family while still staying in touch with work and remaining productive.
The big question is do IT departments know if laptops are safe when they are plugged back into the network after taking a summer holiday or working from home?
"Usually, the answer is, 'no,'" warned Todd Hooper, founder and CEO of Napera Networks, a Seattle-based network security company. "While security spending has reached an all time high and even small companies require anti-virus, anti-spyware and other solutions, most IT departments don't know the security state of computers on the corporate network."
It's not so hard to imagine a CEO accessing the network after his 15-year-old son has chatted with his Second Life mates on dad's laptop and accidently downloaded a virus at the same time. Or a finance manager who lets her daughter use the company laptop to download the latest tune onto her MP3 player and unknowingly allows a keystroke logging trojan onto the laptop as well.
To help combat this threat brought on by our mobile computing lifestyle, Napera Networks recommends that every IT department post the following memorandum and encourage their employees to follow these five simple steps to beating the network security summer time blues:
ATTENTION ALL EMPLOYEES WITH LAPTOPS 1. Know our security policies and adhere to them -- If you have never seen the rules required around security of your laptop, ask someone in IT or HR for a copy. -- Make sure your laptop complies with those polices. If you don't know how to check that, then ask your friendly IT staff to run a check for you. (we actually love stupid IT questions!) 2. Activate Internet controls -- Every Web browser includes options to increase the level of security when you are on the Internet and to implement controls on what Web sites users can visit. You can even require a password to be entered any time your children try to visit a Web site that you have not previously approved. -- While it may be a pain to keep entering your password every time you or someone in your family tries to go on a new Web site, it's worth it. Without these controls, your children could easily go on a dangerous Web site or accidentally allow a pop-up advertisement that presents a serious threat to your computer and your personal information. 3. Make sure your firewall and anti-virus solutions are turned on and up to date -- Every Windows and Macintosh computer has a built-in firewall to add protection. Make sure your children don't turn it off (yes, they know how to do that), and if they do, go to the 'security center' on your laptop and make sure the firewall feature is "on." -- With anti-malware solutions, we know it takes time to download signature updates, but if you don't, you can bet it will be the one time your system gets attacked by the latest worm or virus. -- If you do not have our standard anti-malware solution installed on your system, please ask IT for it NOW. -- It's also a good idea to make sure all your home systems have anti-malware running and updated. 4. Update your Operating System with the latest security updates -- While attacks against Windows and other operating systems have gone down, the operating system is still a popular attack front. -- Make sure you regularly download updates from Microsoft or Apple and that you take the time to complete the update. 5. Don't let children/non-employees use the corporate laptop -- Someone, especially children, left unattended on your corporate laptop can accidentally download a virus, a keystroke logger, and many other forms of malicious software that could literally bring down our entire network. -- While we realize that the company laptop may be the only one that goes on vacation with you this summer, and the children just must IM with their buddies back home every day and check out the latest changes on their friends' MySpace sites, please remember that the laptop is company property. Thank you, Your IT department
Napera Networks sees a clear trend among their customers, which are mostly small and medium-sized enterprises, to allow employees to have more flexible working hours and to telecommute to improve their work-life balance and save on transportation costs due to the spike in gas prices. However, with these new initiatives, companies are also seeing a dramatic increase in the number of employees who unknowingly or ignorantly endanger the security of a corporate network by not following basic security policies, such as keeping the operating system, anti-malware solution, and firewall updated or disabling them altogether. Many employees or their family members unknowingly download malicious software from email attachments or Web sites.
"Whether companies know it or not, it is more than likely they have multiple unhealthy computers connected to their network -- regardless of their existing security infrastructure," said Hooper. "We have not yet met an organization that didn't find at least one computer on their network that was out of compliance or presenting a direct threat to the network."
No matter how many security solutions, authentication schemes, and network firewalls a company has in place, if they don't have a way to check devices before they access the network, they run the risk of having a virus or other threat spread across the company. Napera encourages companies to install a network access control (NAC) solution, which performs a health assessment of all computers accessing the network, confirms user and computer identity, and then provides quarantine and remediation support. With network access control technology done right, only healthy and secure computers will be allowed on the network.
About Napera Networks
Napera Networks helps small and medium-sized enterprises succeed at network security. Napera offers a line of integrated network access control products and Web services that ensure only healthy computers and authorized users access the network. With Napera, IT professionals can confidently allow worker mobility, wireless networking, and guest Internet and printer access, while keeping the network safe and secure. Napera is the only network access control solution that is purpose-built for the SME but with enterprise-class performance and security. For more information, go to www.napera.com.
Media Contacts: Deanna Leung Buzz Builders for Napera Networks 206-915-0512 Email Contact Michele Mehl Buzz Builders for Napera Networks 425-205-9444 Email Contact
SOURCE: Napera Networks