Lack of Security TrainingBy Kevin Fogarty | Posted 2008-04-02 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
A deep sense of insecurity is holding corporate
Almost 80 percent of the organizations polled by CompTIA allowed remote access to their networks, but only a third did any security training for those workers.
“A lot of them just assume you know what you’re doing if you use a computer all day, but that’s not really the case,” Ostrowski says. “Most of the security issues have to do with lost laptops, passwords sticky-noted to the top of screens–the kinds of things that are easily avoidable with a little training.”
Most companies don’t even have detailed policies about what kind of behavior is acceptable, CDW’s Ghanbarzadeh says.
“When a company gives a user a laptop, do they know the dos and don’ts of what they can do when they’re connected to the network?” he says. “Is it OK to access Yahoo Mail if I’m at home? Is it OK to browse the Internet if it’s not going through a corporate network? Without those policies, the user doesn’t know, and inadvertently could become infected and bring something in to the network with them.”
Fewer than half of the organizations surveyed use endpoint security solutions that secure both the laptop and the network separately, Ghanbarzadeh says.
The issue is more than just one that can be solved by adding another security product, though, Ostrowski says.
“People are saying they’re having a hard time finding the employees they want, and people with family considerations are interested in the ability to telecommute, or work flexible hours, or whatever,” he says.
Three out of four small businesses CompTIA polled last fall have at least one person working from home in any given week, and 90 percent reported having at least one employee traveling.
As housing prices have risen and it has gotten harder for employers to buy and sell the houses of workers transferred cross-country, more companies have opened up to the idea of having even mid-level managers live in one city and “work” in another, according to Chuck Pappalardo, managing director of Silicon Valley-based recruiter Trilogy Search.
“This is becoming expandable and retractable as people progress,” Pappalardo said. “You might start in a certain place where you can telecommute; then, as you move up the organization, there will be experience and roles that will require [your] presence.”
What is becoming a larger issue is the frequency with which even senior-level managers become responsible for business units or other operations in several cities, states or countries.
Even more than road-warrior travel schedules for senior execs, that management model will put pressure on both a company’s IT and its culture to accommodate new definitions of presence.
“The historical definition of a telecommuter was someone who didn’t report to the office every day,” Pappalardo says. “Now we’re getting global managers in all sorts of locations different from their primary offices. It will probably become decreasingly odd to have a group of Americans in the
“This is going to be a massive adjustment,” he says.
So far, most corporations haven’t made great progress on it, though, Ostrowski says.
“The desire to be mobile and get access to all the data and applications you get in your office is understandable; if you’re a salesman on the road, you want to be able to get the information you need,” Ostrowski says. “It’s just that, culturally and in terms of IT, we haven’t really prepared for the possibility that the security measures you get dialing in from the Motel 6 might not be as robust as you have from inside your office."