No matter what the size of your IT department, chances are that you've been called upon to support one or more members of the growing phalanx of telecommuters. These "work at home" individuals range from full-time home office warriors to the overworked executive who tries to knock out a few e-mails between his shower and morning coffee. Let's face it --

Requires Free Membership to View

telecommuters are a reality and they're here to stay. Have you taken them into account when planning your security policy?

If you quickly answered "yes," take a moment and think again. If you answered affirmatively while thinking to yourself, "We have a $100K VPN and all of our telecommuters have client software installed on their systems," you're probably overconfident. A VPN is not enough. It's certainly the most expensive component of a telecommuting security arrangement, but you need to mind the basics as well. Remember that VPN clients have some degree of access to the corporate network. You certainly wouldn't want Bill CEO to connect to the VPN using Little Johnnie's computer which, by the way, was recently infected with a virus during Little Johnnie's P2P music swapping.

It is essential that you take steps to ensure that telecommuting computers are up to snuff from a security point of view. Let's take a look at a few options you have up your sleeve, ranging from the most drastic (and most expensive) to the absolute minimum effort:

  • Provide work-at-home users with company-owned computers that enforce corporate security policies and have appropriate software installed. This is the simplest solution from an administrative point of view, but it could also be costly. Consider a variation on this theme -- is it possible to provide telecommuters with a laptop that they can use both at home and in the office?

     

  • Provide telecommuters with security software and require that they use it on systems used to access corporate computing resources. This is definitely not as ideal as using corporate computers, but it's much less expensive. Don't forget to provide a virus definition file update subscription as well!

     

  • Ask telecommuters to sign an acknowledgement that they understand the importance of securing their home computer before granting them access to the VPN. If you simply don't have any money in the budget for the first two solutions, at the very least ensure that users understand their responsibilities regarding security of home computing systems.

Don't waste any more time! Get out there and implement a strong telecommuting security policy!

About the author
Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the About.com Guide to Databases.


This was first published in November 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.