Help protect your remote workers and their data
Written by Ben Sapiro Tuesday, 14 April 2009 10:18
While most businesses typically take a lot of care in securing the
technology within their corporate network, many are not adequately
protected against the security threats that remote and mobile workers
introduce.
Remote workers spend a substantial amount of hours away from the
corporate network — working from home, remote offices, or on-the-go,
while mobile workers tend to live on the road. They use both wireline
and wireless communications channels that do not have the same security
protections as the corporate network, and are more likely to expose the
corporate network to a variety of security risks when connected.
These breaches are extremely costly. A 2008 Rotman/Telus joint study on Canadian IT security practices found business suffered an annual average loss of $293,750 as a result of security breaches. For government organizations, that figure jumps to $321,429, while publicly traded companies saw an average annual loss of $637,500. The survey indicates that viruses and worms are still the most significant of security incidents (62 per cent of respondents) faced by Canadian companies with theft of mobile devices and laptop coming in second (34 per cent of respondents). Without putting adequate security solutions in place, businesses with remote workers can expect to see significantly higher losses.
The following are some steps businesses can take to help overcome the common security threats businesses with remote workers often face:
Lost or Stolen Devices
More and more, enterprises are equipping mobile-working staff with wireless devices to increase productivity away from the office. Mobile devices can carry a significant amount of confidential data in a much smaller and more portable package than laptops or PCs. Unfortunately, they are more easily misplaced or stolen — exposing the data they carry to unauthorised viewing. Many mobile devices, including BlackBerry smartphones and other PDAs, have an array of features that mitigate security threats when a device is lost or stolen. These features range from simple solutions such as password protection to over-the-air capabilities, which enable IT administrators to wirelessly lock-down or wipe data from devices. For systems that do not support remote locking or wiping, full disk encryption technology allows corporations to protect the confidential data on laptops in the event that they go missing.
Gaps in the Network
The first step is to make the unmanaged networks used by remote and mobile workers part of the corporate network and reduce the risk of viruses, unauthorized access and data loss.
Businesses can equip mobile and remote workers with extended mobile virtual private network (VPN) solutions that use high-speed mobile networks (such as EVDO) to connect their laptops directly to the corporate network, rather than routing through the Internet or other untrusted networks.
Viral Attacks
Remote workers who use the unmanaged or public networks expose the corporate IT network to more harmful viruses and other security threats than employees working within a centralized, secure office. One of the most common infection vectors is laptops. Often these systems are not running the latest virus protection and can become infected while outside the corporate environment. Once connected, they act as patient zero.
Network Access Control and VPN solutions with policy-based compliance checking can help businesses ensure that the remote systems accessing the corporate network do not enable viruses and unpatched vulnerabilities gain access to the corporate network via a remote worker’s compromised system.
Solutions such as SSL VPN enable remote workers to easily connect to the network from any location and any system in a secure manner. SSL VPN technology provides more fine-grained access control in that only the business application itself is exposed rather than the entire corporate network.
Giving people the flexibility to work wherever they want is an effective way to help businesses become more productive and responsive. But achieving this level of flexibility should not come at the cost of security. Businesses can apply the lessons learned in securing their corporate network perimeter and extend that protection to their remote workforce. Doing so will help them avoid the serious risks that come with exposing their network to external access while allowing users to remain productive in a secure manner. Benchmark and compare your IT security practices with the Canadian IT Security assessment.
Ben Sapiro is National Practice Leader for Telus Security Solutions.
Last modified on Tuesday, 14 April 2009 10:23
These breaches are extremely costly. A 2008 Rotman/Telus joint study on Canadian IT security practices found business suffered an annual average loss of $293,750 as a result of security breaches. For government organizations, that figure jumps to $321,429, while publicly traded companies saw an average annual loss of $637,500. The survey indicates that viruses and worms are still the most significant of security incidents (62 per cent of respondents) faced by Canadian companies with theft of mobile devices and laptop coming in second (34 per cent of respondents). Without putting adequate security solutions in place, businesses with remote workers can expect to see significantly higher losses.
The following are some steps businesses can take to help overcome the common security threats businesses with remote workers often face:
Lost or Stolen Devices
More and more, enterprises are equipping mobile-working staff with wireless devices to increase productivity away from the office. Mobile devices can carry a significant amount of confidential data in a much smaller and more portable package than laptops or PCs. Unfortunately, they are more easily misplaced or stolen — exposing the data they carry to unauthorised viewing. Many mobile devices, including BlackBerry smartphones and other PDAs, have an array of features that mitigate security threats when a device is lost or stolen. These features range from simple solutions such as password protection to over-the-air capabilities, which enable IT administrators to wirelessly lock-down or wipe data from devices. For systems that do not support remote locking or wiping, full disk encryption technology allows corporations to protect the confidential data on laptops in the event that they go missing.
Gaps in the Network
The first step is to make the unmanaged networks used by remote and mobile workers part of the corporate network and reduce the risk of viruses, unauthorized access and data loss.
Businesses can equip mobile and remote workers with extended mobile virtual private network (VPN) solutions that use high-speed mobile networks (such as EVDO) to connect their laptops directly to the corporate network, rather than routing through the Internet or other untrusted networks.
Viral Attacks
Remote workers who use the unmanaged or public networks expose the corporate IT network to more harmful viruses and other security threats than employees working within a centralized, secure office. One of the most common infection vectors is laptops. Often these systems are not running the latest virus protection and can become infected while outside the corporate environment. Once connected, they act as patient zero.
Network Access Control and VPN solutions with policy-based compliance checking can help businesses ensure that the remote systems accessing the corporate network do not enable viruses and unpatched vulnerabilities gain access to the corporate network via a remote worker’s compromised system.
Solutions such as SSL VPN enable remote workers to easily connect to the network from any location and any system in a secure manner. SSL VPN technology provides more fine-grained access control in that only the business application itself is exposed rather than the entire corporate network.
Giving people the flexibility to work wherever they want is an effective way to help businesses become more productive and responsive. But achieving this level of flexibility should not come at the cost of security. Businesses can apply the lessons learned in securing their corporate network perimeter and extend that protection to their remote workforce. Doing so will help them avoid the serious risks that come with exposing their network to external access while allowing users to remain productive in a secure manner. Benchmark and compare your IT security practices with the Canadian IT Security assessment.
Ben Sapiro is National Practice Leader for Telus Security Solutions.
Published in
Editorial
-
Sécurité Québec welcomes a new editor
Eric Cloutier outlines his plans for the next era of the French language security magazine for the Quebec market
2013
2012
