Telecommuting and Enterprise Security
We've just released a free guide for businesses on securing remote workers.
Remote working, or working from home, is becoming increasingly popular as companies seek the economic benefits of moving some of its team out of the office, or having employees that are able to log on at home.
But, businesses could be exposing themselves to more risk by using remote workers if the process is not properly thought through and monitored.
Employees that work from home, even on an occasional basis, may do so from their personal computer, rather than a company provided system.
The family computer is highly unlikely to match the level of security found on the office systems, company data can be easily stored on the machine, and will stay there unless the employee knows how to purge the data from the system.
Other members of the household are likely to use the PC for their own purposes, such as file-sharing and gaming, which may break company guidelines and bring additional risk of infection.
In the guide, published last week, we advise businesses to carry out the following in order to minimise the risk involved in remote working:
1. Provide the remote worker with a company computer, making this the only way that the worker can connect to the company network.
2. Ensure that the approved computer is updated with the latest patches, anti-virus software and endpoint security.
3. If the employee does connect from a home computer, put policies in place to keep this computer updated with security software (maybe issue an endpoint security license to the user). Limit access to company files and the network, to minimize the threat of a breach.
4. Keep full control over what's installed on the approved computer, and how it is configured. Do not allow unauthorized software or applications to be used.
5. Only allow internet access via the VPN so that company policy on internet access can be enforced at the company's gateway.
6. Have strict guidelines in place to prevent others using the company computer (for example children of employees). Educate employees on the risks, and consequences of breaching security policy
7. Ensure that password protection is strong. For more information on passwords, see Network Box's guide to password security.
8. Encrypt data, particularly for workers ‘on the road' with laptops that may be stolen.
9. Limit risk by avoiding highly confidential data being transferred to the remote computer altogether, by using technology such as thin client (Terminal Services over VPN or third parties like Citrix) which process data on the server, without that data leaving the server.
Remote working may be a good economic move in times such as these, but failure to produce and enforce procedures designed to control the risk involved in remote working, undermines all of the stringent security measures the business has implemented internally and ultimately risks breaching the security of the entire network.