Digital Worker Demands: The Risks
Most of Gen Y grew up in an era where the Internet is perceived as a basic need. They’re accustomed to having instant Web access and bring that expectation into the workplace. But in many work environments, there tends to be some hesitancy around giving users complete freedom, and a lot of that has to do with time wasted on surfing the Internet for personal use. With nearly 70% of people using social media at work multiple times a day, it’s a valid concern – but it’s just one. As we’ve come to learn through numerous, high profile cyber-attack incidents, the Internet ultimately creates a gateway for malware to enter an organization, putting sensitive information at risk.

IT security breaches are at their highest levels ever. McAfee Labs' threat report for the fourth quarter of 2013 found that nearly 300,000 global malware samples are uncovered each day (that’s around 200 per minute!). And unfortunately, malware’s point of entry often comes down to user behavior. The results of a recent experiment by McAfee revealed that 80% of workers fall for a phishing email at least 14% of the time.

The question to businesses, then, is whether – and to what extent – they should be administering greater control over employees’ Internet activity, at the expense of diminished productivity. But does there have to be a trade-off?

No. There are a number of security strategies that organizations can adopt to minimize malware’s destructive potential, in ways that don’t interfere with user productivity.

Privilege management
Adopting the principle of privilege management, for instance, limits the number of administrative privileges on a corporate system. Admin privileges are necessary for day-to-day tasks like downloading software, applications or updates from the Web. However, they introduce risk if downloads carry malware, which can then gain access to the user’s privileged account to spread across the network.

Instead of complete removal of admin accounts, least privilege management assigns privileges to applications instead of users, and elevates them only when needed. This means that users can log onto systems as a standard user and manage their own application downloads and updates as needed – without opening the organization up to exploit. In fact, an analysis of Microsoft’s Security Bulletins last year found that nearly all critical Microsoft vulnerabilities (92%) could have been mitigated by removing admin rights. 

Layering privilege management with other high-impact, proactive solutions, such as application whitelisting and patching, is an organization’s best bet at ensuring digital savvy workers have the online freedom they need, while preventing attacks. This kind of strategy has been encouraged by a number of security associations including the Council on Cybersecurity and the Australian Department of Defense.

Sandboxing
Even with solid security measures in place, advanced persistent threats can still slip through the cracks. If the latest patches aren't in place, vulnerabilities in Web browsers, Java and software such as Adobe Reader and Microsoft Office still exist, and can enter the corporate network as workers go about their daily tasks. By simply viewing a website or downloading a document, employees can introduce malicious code, even unknowingly.

Clearly, the Internet is a major gateway for malware to enter an organization, but prohibiting Internet use is simply not feasible when instant Web access is expected in modern workplaces. This is where sandboxing can have a significant impact, providing an additional safety net to catch Web-borne threats.

Sandboxing technology runs untrusted activity, including documents and browsers, in a contained environment, isolated from any sensitive and private data that might be held on the user’s account. It runs in the background, unbeknownst to the employee, so the Internet experience they’ve come to expect is not disrupted. Documents that are downloaded from the Web are automatically merged with the user’s profile, so they’re able to edit, save and print documents as usual, while the file remains protected in a safe container within the sandbox.

A Balance, Not a Trade-off
As today's malware and the cybercriminals behind them become more sophisticated, enterprises are recognizing that securing their systems is a top priority. Fortunately, there are sophisticated security defenses available to match today's threats – the challenge is finding one that doesn’t hinder user freedom, particularly for the tech-savvy, Gen-Yers that show high demand for Internet freedom and flexibility.

A layered approach to security that uses least privilege to complement existing patching, application control and antimalware tactics, with sandboxing as a final layer of defense, will help organizations round out an effective endpoint security strategy – one that is minimally invasive to users’ daily workflows, even empowering. 

---

Andrew Avanessian, EVP of Consultancy and Technology Services at Avecto, is an expert at helping organizations strike this balance between security and productivity, with solutions like sandboxing.