Security Mistake #2: Ignoring Spyware and Critical Updates

Viruses are a problem in businesses today. For this reason, we have outlined security mistake #2 as a critical point. A firewall is necessary, but because both spyware and operating system Critical Updates are much newer problems, they are the biggest loop holes in VPN security today. Companies ignore these problems, because they normally lack the tools to manage them.

Why a company should pay attention to spyware and/or Critical Updates? VPN users only need to be connected for a few seconds to spread worms onto a network. This can leave your company vulnerable for days.

When end-users are on the VPN, spyware can capture corporate data, log a user's keystrokes and password, and intercept private e-mails or files. Marketscore is a classic spyware application example. It is installed covertly alongside peer-to-peer file sharing software. It targets SSL traffic, which by definition, is the important data companies strive to keep confidential (i.e. credit card numbers, phone numbers, etc). While users utilize their web-based SSL VPN, Marketscore hijacks the Internet Explorer certificate chain of authority. Then, the spyware redirects the SSL traffic to and from your corporate network through web proxy servers before being sent to the company's SSL VPN appliance. Sasser and Blaster were the worms that wreaked havoc on the Internet. All recent Internet worms spread through computers via the Internet that did not have the latest Microsoft Critical Updates installed for either Windows or for Microsoft Office. This is an astounding fact. If users had installed the latest Critical Updates from Microsoft, these worms would've had no impact to corporate networks. This illustrates the severity of keeping endpoints patched.

Many companies don't have the right solution in place. For Critical Updates, businesses need something that can automatically update any approved or unapproved PC with the latest spyware and Critical Updates. By instantly detecting the missing components and installing them automatically, end-users and corporate networks are protected. IT administrators should be able to tweak and fine-tune the endpoint security enforcement on a granular level. Perhaps, only requiring virus definition updates every few days (unless there's a high priority virus update) or require a spyware scan weekly instead of daily. These are options that should be variable on a per-user or per-group basis. Changes to the policies should be enforced instantly, not require the user to bring their computer back into the office for an update. The solution must be simple and invisible to the user. When a company sacrifices security as the cost for reducing helpdesk calls, it's obvious the VPN isn't getting the job done.