Laptops lead to lax security


9 Sep 2005

Using laptop computers outside a company network can be a critical security risk and could lead to virus infections such as the one that disrupted operations at high-profile media organisations last month, a security specialist has said.

Gary Newe, a security architect with the IT security provider Entropy, warned that problems occur when laptops are used outside of the company firewall but are connected to the network. “Laptops are a big, big problem. It’s a cultural thing: increasingly more people are working from home one day a week and they need to have exactly the same access to applications as if they were at their desk in the office.”

However, if these laptops don’t have adequate security systems installed, or if they are treated as though they are physically inside the network, then they open up a route for malicious code to make their way into a company’s systems, bypassing the usual security checks. “That’s how CNN and others got infected by Zotob,” said Newe, referring to the recent worm outbreak that affected several media organisations this summer. “All the worms that are coming in are through laptops because most people in a corporate environment are locked down.”

According to Newe, another major security problem for many businesses is spyware; programs that monitor the user’s behaviour and in some cases can record keystrokes. “Spyware has been flogged to death but it’s still a huge issue,” said Newe, who added that the source for bringing spyware into many organisations was unsecured laptops. “Spyware on a machine chews up network bandwidth and it’s also malicious as it could install bots to send spam.”

The spam problem is not as pronounced as it used to be, Newe believes. “There have been definite improvements. Vendors have started taking it a bit more seriously and putting proper, multiple layers of protection in against it,” he said.

Newe added that it’s not necessarily administrative or clerical workers who are the most likely offenders for IT security breaches. “People high up the chain are the worst,” he said. “You could have a managing director who’s not email savvy at all, the type who gets his secretary to type out emails for him.”

By Gordon Smith