Whether you allow your users to work from home, from the airport, or from anywhere else –– there are some important security implications to consider.
Here are some basic tips:
• Issue company computers that you can control and ensure that operating systems and anti-virus signatures are up to date;
• Install an endpoint security solution;
• Allow connectivity only via a VPN, preferably an SSL type, but any is better than an open connection;
• Use a software that will not allow Internet connectivity when the VPN is not on;
• Educate users to the dangers they face, ensuring they do not share their computer with their family or leave it unattended;
• Do not allow the use of administrative accounts;
• Enforce the use of strong passwords;
• Encrypt the disks or the file system containing the confidential information; and
• Do not allow the use of public computers for any reason whatsoever.
I’ll elaborate on a few of these points. Whether your telecommuters are working from home or on the road, one way to protect potential data loss is to encrypt it, either the entire disk or only certain file systems. The second option gives you more flexibility and allows recovery of the data – if the encrypted data is on a separate logical disk – should the operating system become corrupted. Either one is a good solution to ensure that the data cannot be stolen.
You can also limit risks by avoiding having the data transferred to the remote computer altogether. This can be achieved by using thin-client technology. In brief, the application runs on the server, the data is processed on the server, and it never leaves the server. The data is usually kept in memory and is lost when the client computer is turned off. The files in the swap area will be quickly overwritten as well, so no trace of the data should be left on the client computer.
A strong password is essential to protect your data. This is particularly important for roaming users, since their computers are more likely to be stolen or somehow hacked into; an estimated 10% of all laptop computers are stolen at some point, and 97% of them are never recovered. There is a great aftermarket for stolen laptops, and even though the thieves’ usual motive is just to sell the computer – not access data – it’s just plain common sense to have a strong password, along with disk or data encryption. Passwords should also be changed every now and then, but try to strike a balance so that changing the password doesn’t become a weak point in the security chain.
All these rules and precautions should apply to your IT department and yourself. Implement the above suggestions, and the chances of telecommuters’ files being compromised will be remote.