Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Advisory Guide available for securing Home Workers' access to company IT resources

Network Box : 13 November, 2009  (Technical Article)
Managing vulnerabilities associated with connecting remote workers to central computer resources is the subject of the latest advisory guide published by Network Box
The growth of home or remote working can leave companies vulnerable to security threats if they don't take some simple steps to securing employees' computers. This is the warning from managed security company, Network Box, which gives advice to businesses on the issue in a new advisory guide, Securing Remote Workers.

Companies should be particularly vigilant with home workers, according to the guide. Often, home workers will be using a personal home computer (as opposed to a company-provided computer) that is unlikely to meet stringent corporate security standards.

Most often, home and remote users will connect to the company using a secure Virtual Private Network (VPN) so that data can travel securely from the server in the office to the remote workstation. But at the point it reaches the workstation, particularly if this is a home PC, it will be unencrypted and can be written to the hard disk or temporary files, where it will remain, unless carefully purged by the user. A home computer is likely to be used by someone else in the house, who is unlikely to stick to the employee's corporate security guidelines (on downloading file-sharing software, for example, or visiting websites that could be infected).

Network Box advises companies to take the following steps to ensure that they are protected from security breaches caused by remote workers:

1 Where possible, only allow home or remote workers to connect to the company network from a company controlled computer, not from a home computer

2 Put a system in place to update the approved computer with the latest patches, anti-virus software and endpoint security (particularly important if employees are connecting through open wireless networks, for example in hotels or airports)

3 If the employee does, for any reason, connect from a home computer, put policies in place to ensure this computer is up-to-date with security software (consider issuing an endpoint security license to the user), and limit access to company files and network, to minimise the threat of a breach

4 Keep full control over what's installed on the approved computer, and how it is configured. Do not allow unauthorised software or applications to be used on it

5 Ensure that the user cannot get onto the Internet using this computer unless connected through the VPN so that company policy on internet access can be enforced at the company's gateway. There is plenty of software available that will block access unless the VPN is on

6 Ensure that you have strict guidelines in place to prevent others using the company computer (for example children of employees). Educate employees on the risks, and consequences of breaching security policy

7 Ensure that password protection is strong, to minimise the risk of a hack (particularly when connecting through an open network).

8 Encrypt data, particularly for workers 'on the road' with laptops that may be stolen

9 Limit risk by avoiding highly confidential data being transferred to the remote computer altogether, by using technology such as thin client (Terminal Services over VPN or third parties like Citrix) which process data on the server, without that data leaving the server.

Simon Heron, Internet Security Analyst for Network Box says: "Companies may have the best security systems available internally, but if their remote workers are compromised, all that good work is undone. The onus is on the IT teams to make sure remote workers understand the importance of security and stick to corporate guidelines."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo