Cloud technology and remote access raises new security issues for companies
Many New Zealand companies may be exposed to serious IT breaches because they fail to update their remote access systems after employees leave.
IT and telecommunications service integration company, Lume Ltd managing director Richard Cheesman says independent audits by his company have revealed a worrying frequency in the number of companies with this vulnerability.
“We find that many ex-employees and suppliers can still access the networks of companies – either via virtual private networks (VPN) or through the ‘cloud – long after their association has ended.
“Most New Zealand companies, being relatively small, don’t have dedicated IT governance or a policy and procedures manual that is kept up to date with fundamental changes in the business environment, including cloud and mobile technology.
“It’s not just technology. The way we are working is changing too, with more and more employees requiring secure remote access to a company’s network, whether its because they’re working from home or are on the road a lot.
He says updating remote access security protocols should be a part of a business policies and procedures manual and somebody within the company should be given direct responsibility for ensuring it happens.
“It is also likely, particularly with employees, that their mobile phones, tablet computers and even home PCs have automatic exchange access to company email. That access should be removed when they leave.
“In the past we had physical security. Now the ‘heart’ of a company’s operations are virtual, which brings with it a whole new way of having to think and act about these things.
“If we can’t see it or touch it, we tend to neglect it and this can be extremely dangerous.
“For example, what’s to prevent a disgruntled employee or supplier sending defamatory or nasty emails to all your customers? What’s to prevent them ordering supplies if you have a credit account (as) it’s easy to change the destination address?”
Cheeseman says Lume was established because of the growing gap in IT governance.
“Due to the growth of increasingly complex, cross platform technologies, the need for multiple suppliers and diverse IT and telecommunications platforms, more and more companyies are finding themselves bewildered and overwhelmed.
“Managed service integration means we take the role of an internal IT manager to manage the various technology functions of the company, because we have the necessary expertise to help companies make good strategic decisions about their technology. We carry out management and oversight of the whole IT and telecommunications environment.”