Page 14 - index
P. 14
Security Beyond the Cubicle:
Best Practices for Protecting the Home Office and Mobile Devices
by Aamir Lakhani, senior security strategist, Fortinet’s FortiGuard Labs
It’s Tuesday at 10 a.m.: Do you know where your employees are working?
With many jobs, the answer could be “anywhere.”
Work is no longer contained between the hours of 9 and 5 – and it’s no longer restricted to a
cubicle, desk or even a computer. Whether checking email on a mobile phone or reviewing a
presentation on a home computer in the evening, today’s worker is on the go. What that also
means is that company information is on the go – and that’s when executives and IT teams get
worried.
A Regus survey of about 44,000 workers worldwide found more than 84 percent of them had
used at least one tool to enable remote work in the past month.
It begs the question how, when and where are they accessing their remote work? Are they
using public Wi-Fi at a coffee shop? Or did they save files to a flash drive? This is the stuff that
keeps the security conscious up at night.
Protecting an enterprise’s vital information is increasingly a balancing act.
Employees want to be able to work remotely with the same tools as they would have at their
desk, but at the same time, network administrators need to ensure security around essential
company data and applications.
A holistic approach that focuses on endpoint security, as well as one that establishes clear
guidelines with employees, is needed. Let’s walk through some of the key steps enterprises
should take to walk this fine line.
1. Establish a clear policy
If employees don’t know what is and is not allowed (and/or recommended) in terms of remote
work, then they are more likely to innocently develop habits that could put information at risk.
An organization’s policy around remote access should be reviewed every year to ensure it stays
up to date with the latest trends in technology and communicated with employees regularly.
Offering guidance to employees will greatly reduce exposure.
Simple (but often overlooked) guidelines, like creating a strong, unique password and refraining
from using USB drives for company information, are a couple of examples. We’ll get into some
other recommended guidelines further on.
14 Cyber Warnings E-Magazine – August 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide