September 23, 2010, 10:47 AM — Mobile workers trigger more security alerts when they leave the office than when they do at their desks, the latest Symantec MessageLabs Intelligence Report has suggested.
According to the company, the explanation for this disparity is simple: mobile workers visit riskier websites when travelling than they do in the more locked-down office environment.
After analysing users on the company's hosted email service, remote workers were 5.4 times more likely to trigger download alerts than their office equivalents, a pattern that followed for visits to shopping sites, search engines, and dating sites. Mobile workers also generated 1,807 blocks based on infringing policies compared to only 322 for office workers.
Oddly, explicit sites were more likely to be visited from the office, but that could be skewed by a small number of prolific users trying their luck.
"In general, more policy blocks overall are triggered by workers when they are out of the office, indicating rather intuitively that users are more compliant with usage policies when in the office," said MessageLabs' analyst, Paul Wood.
"More than one-third of workers that are both remote and desk-based trigger a greater number of policy blocks when they are out of the office perhaps taking the opportunity to visit a greater variety of websites than they would when at their desks."
The interesting implication is that mobile workers are more dangerous than either the wholly static worker or the fully remote ones; mobile workers move regularly between the two spheres and this can have give malware infection a way into otherwise well protected companies.
Worm infections such as Blaster in 2003 and Sasser a year later are often taken as examples of how infected laptop workers were able to spread infections within companies defending only at the perimeter.
Once propagating internally, worms can quickly overload mail servers from within, requiring them to be shut down. Oddly, the same issues is till hitting companies in 2010, as the recent 'Here you have' worm demonstrates, catching out IT departments willing to live with the assumption that the worm tactic was yesterday's threat.
On the face of it, hosted email - Symantec MessageLabs' business - has a major advantage here because it can block the spam messages that generated the attack 'in the cloud'. Server-side spam filtering can, in theory, also do the same, but if a single email does get through, containing it will be become exponentially more tricky on a single gateway.
Spam rates for the US during August-September were 92.1%, and 91.7 for the UK.