Securing Teleworkers is at the top of the to do list for many organizations. President Obama signed a bill aimed to significantly boost teleworking by federal employees. There are lots of business benefits from teleworking however permitting remote access to internal resources increases risk. Here are some tips to consider when securing your teleworkers.
The most common method for Securing Teleworkers is using a Virtual Private Network (VPN). The concept is establishing an encrypted tunnel between remote endpoints and the internal network so endpoints are serviced like an internal resource. Leading vendors utilize endpoint agents or web-based VPN portals that control what can be accessed. Best practice is to adjust the level of access based on how users authenticate, data being accessed and network they are connecting from. Strong solutions auto establish VPN connections outside the cooperate network and scan endpoints for key loggers prior to permitting access.
A popular enhancement to Securing Teleworkers through a VPN is Network Access Control (NAC) technology. NAC verifies who is accessing the network, captures information about the devices and distributes access based on policy. NAC is like airport security verifying people’s identity and risk level BEFORE permitted access to the plane. Best practice is to increase policy requirements as you increase access rights. For example, permit employees if they are using cooperate laptops with a specific version of antivirus while limit contractors with any version of antivirus. Automating remediation for teleworkers who don’t meet policy is key to reducing NAC trouble tickets.
Another recommended solution for securing teleworkers is filtering all VPN traffic through a Content Filter. Content Filters enforce web usage policies such as denying adult websites or tracking hours wasted on social networks. Research shows users involved with popular social media games like Farmville spend hours each day that may take place during business hours if not tracked. Leading Content Filters also offer security features to protect users from malicious websites that aim to breach the internal network through compromised workstations.
A popular alternative to using VPN solutions for Securing Teleworkers is adopting a virtual desktop infrastructure (VDI). Data is kept on the protected network and accessed through a server-client model. The security benefit is clients never directly access the inside network so risk of infection is reduced. A common obstacle for virtual desktop infrastructures is user demands for direct access to data. Permitting direct access could jeopardize VDI benefits unless proper access control and data security transfer methods such as encryption are enforced.
Other options to consider for securing teleworkers are Data Loss Prevention (DLP), host security applications, encryption, and patch management solutions. Best practice recommends DLP for endpoints, email, network and servers that have access to sensitive data. Encrypting sensitive data can add a lot of value as long access rights are enforced. Hardening endpoints with features like disabling wireless when physically connected, limiting USB access to approved devices, forcing sensitive data through encrypted channels and updating endpoints without user intervention is important. The best way to manage security features like these is to limit remote access to corporate issued devices. It’s also a good idea to have all teleworkers sign an agreement specifying your telework policies prior to permitting remote access.
There are many solutions for Securing Teleworkers so it’s important to understand your business operations before selecting a technology. Rushing into a technology could expose your organization to unnecessary risk or an unreliable solution.