Unmanaged Devices – The Big Threat

Enterprises, like citadels, fortify their networks and data with sturdy firewalls, vigilant guards in the form of agents on endpoints, and advanced defense systems like cloud and IoT security. However, there is one vulnerability that prevails – enemy infiltrators disguised as allies: Unmanaged devices which belong to third parties like contractors, partners, or freelancers. 

Just as you cannot ask a friendly visitor to surrender their weapons at the castle gate, you cannot get contractors to install intrusive agents on their devices due to privacy and performance concerns. Furthermore, in today’s remote work era and widespread use of personal devices, these unmanaged devices are like a ticking time bomb.

Web browsers serve as the primary interface between users (82% of breaches involve the human element), an organization, and the internet, rendering web pages, executing scripts, and storing sensitive information like passwords, cookies, and credit card details. With rising attacks and breaches, the security of web browsers is a crucial concern for organizations.

Browser security is fast becoming a critical aspect of a comprehensive cybersecurity strategy. In this article, we will explore the importance of browser security, the threats that organizations face, and how they can manage unmanaged devices to ensure the security of their network.

Web-borne security threats

As web browsers come to be the main interface between users and internet applications thanks to the rise of SaaS solutions, those web applications are an open door to many threats such as data loss and malicious file upload, since often, there is no endpoint security on third-party devices to mitigate the risks. A major threat, according to Verizon Data Breach Report 2022, has been phishing attacks, which saw a 74% increase in attempts sent per second in the last year. 

Five Common challenges and questions to ask yourself when allowing access to web applications from an unmanaged device.

• How do I manage access to these web applications? 
• Do I have protection in place for my data? Can users download sensitive information to their personal computers? 
• Can the user upload malicious files or other types of content to my organization’s web applications?
• Do I have visibility into the usage of data? Can data be copied, pasted, or printed outside of the web application?
• How to mitigate those threats

As a security executive, you have two potential options to mitigate BYOD risks: 

Strongly limit the accessibility of those unmanaged devices to your network and applications with inflexible policies and impose a restricted VPN (Virtual Private Network). This solution offers limited visibility and control to your security team as the devices remain unmanaged but with limited risk exposure.

Another option is to enable a web browsing security extension installed at the browser level. This solution is not invasive and allows security teams to manage policies for web page, web application access, file downloads/uploads, and protect against sensitive data leakage among others. It offers IT security teams visibility into threats to mitigate them before a breach occurs.

In short, web browser security is crucial for modern cybersecurity and businesses must secure their web browsers to protect against threats, sensitive information leaks, and maintain their reputation. This includes implementing security policies and using security software, especially due to the rise of remote work and use of personal devices in the workplace.

(About the authors: Antoine Korulski has proven experience with agile frameworks in developing complex technology solutions and executing go-to-market strategies while Adi Goldshtein Harel works with cross-functional stakeholders to optimize product delivery and minimize time to market. Both work as Product Managers at Checkpoint Software. The opinions expressed in this article are their personal ones and the publication may or may not agree with it.)