Security measures for remote working fall short as corporate networks are left open to hackers
Since May 2006, there has been a significant eight per cent increase in the percentage of organisations that support mobile working for more than half of their staff, according to an annual security survey conducted by SafeNet, Inc. a global leader in information security.
The number of organisations which support remote working for more than 50 per cent of their employee base has risen to 26 per cent, from 18 per cent last year. The same survey showed that 61 per cent of the 1,200 senior IT and security professionals surveyed are still relying on passwords to protect their corporate networks.
Two-factor authentication has long been considered a more secure solution than just password protection. However, just 15 per cent of survey respondents said they used tokens to secure remote access of mobile workers while only eight and three per cent respectively used smart cards and/or biometric solutions.
An increase of eight per cent of the mobile workforce really is significant, but as this could translate to hundreds of thousands of staff working outside the office firewall, said Gary Clark, VP EMEA, SafeNet. However, organisations trying to reap the benefits of mobile working without adopting implementing adequate security technology and processes to protect the network are sitting on a security time bomb.
According to Clark, Passwords have not been sufficient security for a few years now they are too easily compromised. Employing layers of security, such as tokens and smart cards and granular authorisation where network access is dependent on the worker¹s location and position is critical.
In the same survey, almost a third of respondents admitted that unauthorised access to information systems by outsiders is their primary security concern.
As organisations de-centralise, the amount of sensitive business information floating outside the firewall will only continue to rise. This poses significant security threats for businesses, causing more stress for the IT director, as well as senior management, said Clark.
Mobile working and security do not have to be mutually exclusive or even a trade-off, Clark concluded. Organisations need to adapt their security measures along with their working practices, to include more flexible forms of working that allow authorised people in and keep unauthorised people out.