Story image

Aussie tech integrator says remote workers are a threat to corporate security

24 Apr 2018

Remote workers are adding to the risk of corporate security data breaches according to tech integrator RBC Group, particularly now that many businesses are now subject to mandatory breach reporting legislation.

RBC Group general manager Michael Manton says that any business with an annual turnover of more than $3 million must now disclose breaches to the Australian Information Commissioner and to customers if data has been compromised.

The company sites the 2018 HP Australia IT Security Study, which found that half of all 528 surveyed Australian small and medium businesses (SMBs) were not prepared for mandatory data breach reporting laws and they had not conducted and IT security risk assessments in the last 12 months.

Manton believes breaches are likely if employees connect to company networks through their personal devices.

"The real concern is the increasing number of people who are taking devices home or using them in public where the environment is less secure than a corporate office, or connecting to a corporate network using a personal device and unwittingly providing malware with access to the business network," he explains.

The survey found that 73% of surveyed SMBs allow staff to work from home; 53% allow them to work from public places.

More than half (59%) also say they don’t have a disposal policy for devices, which potentially exposes data stored on that device.

"The other issue is people think they only need to be on the lookout for hackers and malware, but there are dozens of different types of security breaches which can prove to be very costly to a business,” Manton continues.

He says businesses also overlook security threats resulting from unsecured endpoint devices. The survey found that 71% of data breaches originate from devices such as printers.

"I think a lot of businesses would be surprised to learn just how easy it is to gain access to data from a printer instead of via the computer network,” Manton says.

"Leaving a printer unsecured is a bit like locking the front door of your home but leaving the back door wide open - people can easily get in if they are seeking access.”

Manton also highlights the possibility of corporate espionage, which is a major problem in the United States. Organisations illegally get information about their competitors in order to win tenders.

“This kind of activity is something that everyone needs to be aware of in an increasingly global marketplace,” Manton says.

"Businesses really need to take more responsibility in terms of educating their workforce with regard to maintaining data security and ensuring that they audit the security of their entire network on a regular basis,” he concludes.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.