Canadian Security Magazine

Features Opinion
Help protect your remote workers and their data

While most businesses typically take a lot of care in securing the technology within their corporate network, many are not adequately protected against the security threats that remote and mobile workers introduce.


April 14, 2009
By Ben Sapiro

Topics

Remote workers spend a substantial amount of hours away from the
corporate network — working from home, remote offices, or on-the-go,
while mobile workers tend to live on the road. They use both wireline
and wireless communications channels that do not have the same security
protections as the corporate network, and are more likely to expose the
corporate network to a variety of security risks when connected.

These breaches are extremely costly. A 2008 Rotman/Telus joint study on
Canadian IT security practices found business suffered an annual
average loss of $293,750 as a result of security breaches. For
government organizations, that figure jumps to $321,429, while publicly
traded companies saw an average annual loss of $637,500. The survey
indicates that viruses and worms are still the most significant of
security incidents (62 per cent of respondents) faced by Canadian
companies with theft of mobile devices and laptop coming in second (34
per cent of respondents). Without putting adequate security solutions
in place, businesses with remote workers can expect to see
significantly higher losses.

The following are some steps businesses can take to help overcome the
common security threats businesses with remote workers often face:

Lost or Stolen Devices
More and more, enterprises are equipping mobile-working staff with
wireless devices to increase productivity away from the office. Mobile
devices can carry a significant amount of confidential data in a much
smaller and more portable package than laptops or PCs. Unfortunately,
they are more easily misplaced or stolen — exposing the data they carry
to unauthorised viewing. Many mobile devices, including BlackBerry
smartphones and other PDAs, have an array of features that mitigate
security threats when a device is lost or stolen. These features range
from simple solutions such as password protection to over-the-air
capabilities, which enable IT administrators to wirelessly lock-down or
wipe data from devices. For systems that do not support remote locking
or wiping, full disk encryption technology allows corporations to
protect the confidential data on laptops in the event that they go
missing.

Advertisment

Gaps in the Network
The first step is to make the unmanaged networks used by remote and
mobile workers part of the corporate network and reduce the risk of
viruses, unauthorized access and data loss.

Businesses can equip mobile and remote workers with extended mobile
virtual private network (VPN) solutions that use high-speed mobile
networks (such as EVDO) to connect their laptops directly to the
corporate network, rather than routing through the Internet or other
untrusted networks.

Viral Attacks
Remote workers who use the unmanaged or public networks expose the
corporate IT network to more harmful viruses and other security threats
than employees working within a centralized, secure office. One of the
most common infection vectors is laptops. Often these systems are not
running the latest virus protection and can become infected while
outside the corporate environment. Once connected, they act as patient
zero.

Network Access Control and VPN solutions with policy-based compliance
checking can help businesses ensure that the remote systems accessing
the corporate network do not enable viruses and unpatched
vulnerabilities gain access to the corporate network via a remote
worker’s compromised system.

Solutions such as SSL VPN enable remote workers to easily connect to
the network from any location and any system in a secure manner. SSL
VPN technology provides more fine-grained access control in that only
the business application itself is exposed rather than the entire
corporate network.

Giving people the flexibility to work wherever they want is an
effective way to help businesses become more productive and responsive.
But achieving this level of flexibility should not come at the cost of
security. Businesses can apply the lessons learned in securing their
corporate network perimeter and extend that protection to their remote
workforce. Doing so will help them avoid the serious risks that come
with exposing their network to external access while allowing users to
remain productive in a secure manner.  Benchmark and compare your IT
security practices with the Canadian IT Security assessment.

Ben Sapiro is National Practice Leader for Telus Security Solutions.


Print this page

Related



Leave a Reply

Your email address will not be published. Required fields are marked *

*