In our last post on teleworking, we discussed how remote working is gaining momentum and becoming more widespread. If a company implements, or is planning to implement, teleworking policies, there are a series of steps to take in order to address security implications.
Creating a Secure Teleworking Program
Prior to establishing teleworking policies, organizations must address information security issues by first defining requirements for both employees and employers. To ensure the security of teleworking, the following aspects should be considered:
1. The employer must determine whether to issue a company-owned device or allow employees to use a personal device for remote working. If the employer provides a computer, the employer can control what is installed and which activities are allowed or prohibited (such as instant messaging).
2. The teleworking policy should state what software is required for the employee to work remotely and what software types are forbidden on the computer.
3. If the network connections are secured incorrectly, sensitive corporate data can be intercepted during the data transmission between the home and the office network. To mitigate this risk, a virtual private network (VPN) is the best practice for securing communication to the organization’s internal network. When connected to the organization’s network, all transmissions should be encrypted, both coming from and going to the corporate network.
4. f the remote worker accesses the organization’s network from home, the organization should consider implementing a two-step authentication method- using two of the three commonly available authentication techniques (knowledge-based, object-based and ID-based). For instance, using a password and a security token is a good defense mechanism, as it forces an attacker to steal both the password and the physical token to gain access.
5. The operating system and all applications should be kept up-to-date. By regularly updating the device’s operating system with the latest patches and other software fixes, attackers cannot take advantage of software flaws that would otherwise be utilized to facilitate a hack.
6. The teleworking policy must describe what security features must be installed and maintained on the computer. Anti-adware/anti-spyware software, antivirus software and firewalls are just some of best practice security features.
7. Employees should be trained on security procedures.
8. The policy should explain to whom the user will report in case of suspicious activity on the computer. Support personnel should be ready to advise employees on how to configure the computer and the employee’s home networks for utmost security.
In today’s work environment, teleworking is increasingly being discussed as organizations analyze remote workforce options. VPNs create new possibilities that allow people to work from home and connect seamlessly and securely to the organization for which they work. By taking the necessary defensive measures and enforcing a secure teleworking environment, security risks can be minimized.
If you are looking for a reliable teleworking solution, we recommend you to have a look at HOB RD VPN, the comprehensive Secure Remote Access Suite “Made in Germany”. When using HOB RD VPN, companies benefit from SSL-encrypted connections, modern authentication methods and a maximum of usability. More information on HOB RD VPN can be found on our website: www.hobsoft.com
You must be registered in order to write comments. To register as a new user click here.
If you're already registered, please leave a comment here