Flexible, Safe And Secure?
by Martin Allen - MD of Pointsec - Monday, 15 August 2005.
The recent publication of the authoritative Acas and DTI sponsored workplace employment relations survey (WERS) 2004, highlighted the fact that the number of workplaces offering staff the opportunity to work flexibly has almost doubled in the last six years and the trend is being boosted by government legislation.

There is a growing realisation among employers that ‘productive work’ and ‘access to corporate systems’ does not equate to ‘physical presence in the office’ and there is a better way of working that addresses some of the issues of achieving a work/life balance.

The world is opening up, as the ‘workplace’ is redefined from being a common static location, which everyone travels to every day, to the ‘place where staff can work productively without making un-necessary journeys’.

The spread of Broadband, Wifi, etc. means that employees can now access the same information in a remote location as they could historically at an office desk.

Reports can be written, email dealt with, databases updated and consulted, etc. even while the employee sits at home, in their car, or even in a park or hotel in a foreign country and often more productively as they are without the distractions of an open plan office.

However, there is a ‘price’ to pay for all this flexibility and not just in monthly payments to ISPs or buying new portables for everyone. That price is vigilance and security.

Lack of either will lead to someone saying something along the lines of: “Everything was fine until _____.”

The first issue of flexible working starts as soon as staff leave the office to visit a client, or go home carrying any device that can store valuable or sensitive information including notebook computers, PDAs, Smartphones, USB tokens and CDs. It follows the basic rule of life that ‘anything being carried will, sometime during its life, be:
  • Dropped
  • Temporarily misplaced
  • Left behind
  • Stolen
A risk analysis will quickly identify that it is preventing unauthorised people using the portable ICT equipment to gain access to corporate networks and the actual data itself that are the critical things we have to protect, not the actual equipment, which get cheaper to replace every week. This should be written into the “Security Policy” so that everyone is aware of what information and equipment is allowed in the teleworking environment.

So we must ensure that users take certain mandatory actions including:
  • backing up their data on a regular basis.
  • implementing on-board security features and installing additional password access to corporate data & communication programmes (pre-supplied security on hardware can be got around, so additional measures are required).
  • encrypting the data.
  • Network security should also include a VPN (corp firewall), Personal firewall, Antivirus/anti-spyware.
To ensure users follow these mandatory requirements we must make the whole process both transparent and easy to use. It is worth investing in the best encryption software that does not affect the performance of the device and therefore does the user will not be encouraged to try and circumvent the access control or encryption on their device.

Transparency can be achieved by only allowing ‘certified’ equipment to be used to access the corporate system(s). Certification is achieved by the IT section ensuring that both password and encryption software are installed and running and cannot be by-passed by the user.

They can also install sub-routines that ensure data is backed-up automatically to a remote location at set intervals.

This makes the processes both mandatory and transparent, as the user does not have to decide what should, or should not be encrypted, or backed-up and is therefore adhered to as in the security policy.

Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //