Top 5 Security No-No's
Get Serious About Security
Implementing a telecommuting program can improve productivity, empower employees through enhanced flexibility and ultimately give a boost to your bottom line by lowering overhead and in-house energy consumption. But the effort can cause more trouble than benefit if you’re not careful about security. This means implementing company-wide policies that ensure employees are doing their part to protect sensitive data as well as integrating the right technology for complete protection.
The first step is to implement SSL VPN technology. While IPsec can give you some measure of security, SSL gives you secure portability, embedded certificate authentication, granular policy and access control capabilities, and enhanced security for a variety of access device types. It is compatible with all forms of authentication and offers a variety of encryption algorithms for the strongest network security available.
But SSL technology is just the beginning of the security effort, not the end. For complete system security, you need policies and enhanced technologies that protect sensitive data you’re not directly in control of.
Here are the top 5 security no-no's your company (and your employees) should avoid:
- Home WiFi Access - Do not allow employees use a WiFi access point unless they use WPA2 encryption with a strong password. A strong password consists of letters plus numbers or symbols that are unrelated to them. Avoid passwords that include employee names, addresses, birthdays, social security numbers, or any sequence of numbers and letters that can be tied back to them. It’s also imperative that they do not name their WiFi access point anything that would allow a passerby to identify it with their home, for example using their first or last name, or address identifier. For maximum security, restrict access to only the employee’s MAC address.
- Router-based VPN - Do not use a router-based IPsec connection, as this assumes that everything connected to that router is trusted when actually it may not be. Using a router means there’s no tracking of who or what is connecting to the network because each device or user doesn’t need to authenticate, they simply plug in. For example, the employee’s family could connect using their own PC or laptop and introduce a virus. Or they could connect using an unsecured WiFi access point and enable intruders to access the network.
- Client-based VPN - Do not use an IPsec or SSL client-based VPN for non-corporate owned and managed PCs. Again, this assumes that the PC is trusted when actually it is not. Instead, use a clientless SSL VPN, which spot checks the connecting PC to make sure it has up-to-date firewall and anti-virus software before allowing it to access the network.
- Public HotSpots - Do not allow employees to access sensitive applications or file directories when using public HotSpots, as these can easily be compromised. To be safe, use an SSL VPN to set a policy that restricts which applications and file directories users can access when they connect via any type of WiFi access.
- Data on Non-corporate Managed PCs – Do not allow employees to save sensitive company data to non-corporate managed PCs or laptops. This can be enforced using a clientless SSL VPN with Desktop Security. For maximum security, encrypt data on corporate managed laptops in case they are lost or stolen.
The first step in avoiding these security mistakes is to provide adequate training for your employees using the telecommuting program. Once they understand how to avoid risky behavior by using strong passwords, being smart when naming their home network and saving sensitive data to the network, you’ve blocked some of the easier targets for would-be hackers.
Simple technology updates can take care of the rest. If your IT department doesn’t have the in-house knowledge or resources to integrate these technology barriers, consider outsourcing this component to a managed service provider. You might be surprised to find out how inexpensively you can secure your telecommuting program using technology and expertise provided by industry specialists. When it comes to securing your sensitive data, a little know-how and common sense can go a long way.