Symantec's September 2010 MessageLabs Intelligence report found that blocks of downloads are 5.4 times more likely to be triggered by mobile workers. Also, shopping and personals/dating websites are more frequently blocked for workers outside the office than for those who are in the office.
Surprisingly, blocks of adult/sexually explicit content were more likely to occur in the office. Also surprising, web-based malware accounted for only 1 in 1807 website blocks triggered for remote workers, compared to 1 in 322 for office-based workers.
Paul Wood, MessageLabs Intelligence senior analyst, explained that there were three classes of users examined in the report: "those that were office bound pretty much all the time, those who were on the road pretty much all the time, and those in between who were working in the office and maybe working sometimes from home or on the road.”
In an interview with Infosecurity, Wood said that once those in the latter group are out of the office, “they seemed to be let off the leash and tend to take advantage of that freedom by visiting websites they wouldn’t normally in the office.”
“The danger there is that if you don’t have technology in place to try and monitor the situation, implementing your security policy or acceptable use policy could be pretty much useless,” he said. “The training aspect is key…You can educate your workforce not only about the importance of having a policy but also to understand the risk of visiting websites and downloading malware that can then infect the corporate network.”
Wood noted that malware could come from legitimate, as well as “dodgy”, websites. “That is why it is important to have software to stop the malware as close to the source as possible before it hits the network...A malware infection could spread to other users throughout the entire organization."
“You have to address this problem in a holistic way because the time is long gone when an organization could keep its workers within the confines of physical boundaries. You will always have people on the road working at customer sites and other places. It is extremely important that you can apply the same policies in the office as well as on the road. As soon as people go through the door, they cannot be given the freedom to abuse those policies. So having the technology in place that enables you to do that is the first step. But you also have to ensure that you have addressed the fundamental problem itself – you need to communicate to your people what the policies are and why you have them in place. Training is really important in this area,” Wood stressed.
Other report findings include:
Spam: In September 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 91.9% (1 in 1.09 emails), a decrease of 0.3 percentage points since August.
Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was 1 in 218.7 emails (0.46%) in September, an increase of 0.15 percentage points since August. In September, 7.6% of email-borne malware contained links to malicious websites, a decrease of 13.6 percentage points since August.
Endpoint Threats: Analysis of the most frequently blocked malware for the last month revealed that the Sality.AE virus was the most prevalent. Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the internet.
Phishing: In September, phishing activity was 1 in 382.0 emails (0.26%), a decrease of 0.01 percentage points since August.
Web security: Analysis of web security activity shows that 33.6% of malicious domains blocked were new in September, a decrease of 0.7 percentage points since August. Additionally, 21.8% of all web-based malware blocked was new in September; an increase of 8.9 percentage points since last month. MessageLabs Intelligence also identified an average of 2997 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 10.8% since August.