We’ve just released a free guide for businesses on securing remote workers.

Remote working, or working from home, is becoming increasingly popular as companies seek the economic benefits of moving some of its team out of the office, or having employees that are able to log on at home.

But, businesses could be exposing themselves to more risk by using remote workers if the process is not properly thought through and monitored.

Employees that work from home, even on an occasional basis, may do so from their personal computer, rather than a company provided system.

The family computer is highly unlikely to match the level of security found on the office systems, company data can be easily stored on the machine, and will stay there unless the employee knows how to purge the data from the system.

Other members of the household are likely to use the PC for their own purposes, such as file-sharing and gaming, which may break company guidelines and bring additional risk of infection.

In the guide, published last week, we advise businesses to carry out the following in order to minimise the risk involved in remote working:

1.    Provide the remote worker with a company computer, making this the only way that the worker can connect to the company network.
2.    Ensure that the approved computer is updated with the latest patches, anti-virus software and endpoint security.
3.    If the employee does connect from a home computer, put policies in place to keep this computer updated with security software (maybe issue an endpoint security license to the user). Limit access to company files and the network, to minimize the threat of a breach.
4.    Keep full control over what’s installed on the approved computer, and how it is configured. Do not allow unauthorized software or applications to be used.
5.    Only allow internet access via the VPN so that company policy on internet access can be enforced at the company’s gateway.
6.    Have strict guidelines in place to prevent others using the company computer (for example children of employees). Educate employees on the risks, and consequences of breaching security policy
7.    Ensure that password protection is strong. For more information on passwords, see Network Box’s guide to password security.
8.    Encrypt data, particularly for workers ‘on the road’ with laptops that may be stolen.
9.    Limit risk by avoiding highly confidential data being transferred to the remote computer altogether, by using technology such as thin client (Terminal Services over VPN or third parties like Citrix) which process data on the server, without that data leaving the server.

Remote working may be a good economic move in times such as these, but failure to produce and enforce procedures designed to control the risk involved in remote working, undermines all of the stringent security measures the business has implemented internally and ultimately risks breaching the security of the entire network.

* * *

Stay Informed With ISR News Feeds and Email Alerts Here:

Simon Heron has over 19 years experience in the IT industry, including nine years experience in Internet security. During this time he has developed and designed technologies ranging from firewalls, anti-virus, LANs and WANs. Simon has an MSc (attained with Distinction) in Microprocessor Technology and Applications, and a BSc (Hons) in Naval Architecture and Shipbuilding and is a CISSP (Certified Information Systems Security Professional). Prior to Net Caboose, Simon co-founded Network Box Corporation (UK) Ltd and was Managing Director, finally merging this franchise with the parent company in 2006. Before Network Box, Simon joined the British Antarctic Survey (B.A.S.) as science project leader, and spent two Antarctic winters at the research station Halley in the Antarctic, developing and enhancing graphical technologies in the harshest of conditions. Simon also has a company called Net Caboose which deals with Identity and Access Management and is also development house.

Network Box Limited (NBL) is an international managed security services company, specialising in unified threat management (UTM). It continuously defends the networks of its customers using PUSH technology to instantaneously update protection, from 12 Security Operations Centres spread around the globe. NBL’s customers in Asia, Australia, North America and Europe include companies such as BMW, Nintendo and Toyota, as well as banks, utilities companies and government organisations.

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com