Telecommuters Are Weak Link in Network Security Chain, Says WatchGuard Poll
One in four respondents believe remote workers present the biggest challenge to security in their organizations, according to a recent opinion poll conducted by WatchGuard Technologies, Inc., of its LiveSecurity Service users. Results of a related poll, also surveying the company's LiveSecurity Service Providers indicate why: 39 percent of respondents believe teleworkers are not security-savvy enough to protect themselves.
In addition, installing and configuring systems for remote access consumes a significant amount of time for network administrators. According to poll results, 40 percent of respondents spend more than five hours a week managing remote sites, with 23 percent averaging more than ten hours a week. Since 22 percent of poll respondents said that they lack the time to ensure teleworkers are adequately protected, this indicates that many security decisions are left to the teleworkers themselves. When asked to rate the security know-how of those telecommuters, the most common response was "poor."
Further, while companies may have strict security policies governing remote users, nearly a quarter (24 percent) of poll respondents admit they have no way of monitoring whether those guidelines are followed.
"Telecommuting is becoming increasingly common in the market today," said John Stuckey, vice president of marketing at WatchGuard. "Unlike road warriors who may dial in occasionally from various remote locations while on the move, teleworkers tend to stay connected for long periods at a time from a single place. This can give hackers more time or opportunity to infiltrate the telecommuter's system, and from there, access the corporate network. Securing the corporate network with a firewall but leaving teleworkers unprotected is a bit like putting a steel door on a straw hut."
"If teleworkers are using consumer-grade routers to access your corporate network through the Internet, you could be opening yourself to attack," explained Stuckey. "Many of these consumer-grade security devices use an approach called NAT, which attempts to disguise the whereabouts of the attached PC. This is the security equivalent of escaping an intruder by hiding in a cupboard. Unfortunately hackers are very good at hide and seek. Even if your teleworkers then use VPN software to access your network, since the device itself may be compromised, all you're doing is providing a safe on-ramp into your network. You need security at the perimeter and that requires a firewall/VPN device with stateful packet filtering capability at the endpoint."