The MSP Success Thought Leaders Program invites leaders
in the small business IT/MSP industry
to share their insights and advice with MSP Success readers.
Why does your computer network need a “bouncer”?
At popular nightclubs or music venues, the bouncer controls the rope line, letting in only those patrons who have tickets or VIP status. Similarly, a type of security software called application whitelisting only allows applications that have been vetted and approved to run on your or your clients’ computers.
You may be thinking, “I’ve been operating for years without a ‘bouncer’ – why do I need application whitelisting? After all, doesn’t restricting administrator rights stop unwanted software from running on my network?”
Limiting permissions does help keep people from accessing things they shouldn’t, but the security landscape has evolved over the years. Hackers have written their malicious software to run without being installed or without needing admin rights; it can still inflict a lot of damage on your network. If the malicious software runs with admin rights, it can do even more damage as it has access to more of the network than typical user permissions.
With application whitelisting, the “bouncer” checks software that is attempting to run. If it’s not on the approved list, it gets stopped.
“Wait,” you may say, “what if the software is legit – will it get blocked too?”
Yes, it will. In this case, you would check the request for the specific software and add it to the list. You can decide if it should run on just one computer or all of them.
Again, I know what you’re thinking: “This sounds like a pain. Why do I really need application whitelisting in my security stack?”
Here are just three reasons why you should add this service to your IT security:
- Pirated Software – At one of our manufacturing clients, an employee installed a pirated copy of SolidWorks on his machine. That employee thought it would save the company money, would help him do his job better and was a win all the way around – until the company received a cease-and-demand letter to remove the software and pay a fine. Of course, we had to track down the computer and remove the software. Application whitelisting would have prevented the issue from occurring in the first place.
- Freeware/Shareware – Free software is great! I’ve used lots of different freeware and shareware throughout my career in IT. However, the freeware your customer installed may no longer be supported, opening up potential vulnerabilities that could put their computer security at risk. You want to make sure that only legit, supported software that is regularly patched is being used on the network. In addition, sometimes malicious software is disguised as “freeware” or “shareware” to trick people into installing it, such as free image backgrounds or coupon/shopping savers. It’s best to vet any software before it gets installed to ensure that your client is protected.
- Malware – The purpose of malware is to cause some kind of issue, and it comes in many different forms. Ransomware, for instance, is software that encrypts your data and holds it hostage until you pay a fee to unlock it. Even if you do pay the ransomware, the cybercriminals could just release your data on the Internet. Wouldn’t that be fun? Would it be better to block it with whitelisting? Another form of malware is phishing e-mail. You receive an e-mail from a fake vendor, click on the link or attachment and it starts to do whatever it was attempting to do. With application whitelisting installed, that software gets blocked and nothing more happens, unless you gave away your password too.
According to Sophos’s State Of Ransomware Report, in 2022 the average ransomware payment was $812,380. Can you afford not to offer additional security for your clients?
Application whitelisting is an important security layer you should consider for yourself and your security stack. It will keep unwanted programs from running that could damage your own business or your clients’ businesses.
For more information about the author and his company, Braintek IT Services, visit Braintek.com.