Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized...

ITBriefcase.net Membership!

ITBriefcase.net Membership!

Tweet Register as an ITBriefcase.net member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

Remote Employees & Their Workplace

February 1, 2017 No Comments

Featured article by Tom DeSot, CIO of Digital Defense, Inc.

In today’s business world, it is very common for employers to allow employees to work from home or co-working spaces.  While this practice allows for increased flexibility in work hours and duties, it introduces a plethora of new security challenges that many organizations fail to recognize and address.  This failure can introduce security vulnerabilities into the workplace, even though the work may be being done hundreds or even thousands of miles away.

Threat 1:  Shared Computing

Unless the employer is going to provide a laptop or workstation that the tele-worker can utilize, they will more than likely use their own home computer or laptop to fulfill on their job duties.  This becomes a problem in that a home computer is typically shared by many family members who may configure the computer or install software that places employer data at risk.  As an example, what if one of the children in the household installs what they think is an innocent game on the family computer without knowing that the software contains keylogging malware which captures all the keystrokes that the employee is entering while doing their work.  Because of this activity, passwords and other sensitive data may be siphoned off the computer and sent elsewhere where it can be used for data theft, identity theft, fraud, corporate espionage or worse.

The Solution:  Provide the teleworker their own corporate computer if at all possible to avoid the scenario described above.  Additionally, have the employee acknowledge the corporate policy that states that they are to be the only user of the computer and that sharing the computer with anyone, even another family member, is strictly prohibited.

Threat 2:  Eavesdropping

While eavesdropping may not be that much of an issue in the home office, it becomes a major issue when the tele-worker takes advantage of one of the many coworking spaces that have become popular.  Many of these coworking facilities do not have walled cubes, rather they have open tables where people typically sit across from or next to other people who they often do not know.  Now imagine that the employee needs to make a call to a key client and discuss something that normally would be considered sensitive (a pending lawsuit, healthcare information, or personally identifiable information).  It wouldn’t be much of a stretch to imagine that other people using the facility would be able to hear this information and potentially use it for nefarious activities such as identity theft.

The Solution:  If the employee must use a coworking facility, they should ensure that they go to a conference room or other more private location to discuss the matter at hand.  Better yet, they should only make these types of calls when they are in the office to ensure that the data is protected from prying ears.

Threat 3:  Hard Copy Data

While many companies worry about “soft” data such as what is stored on a computer, flash drive or other media container, they often tend to forget the hard copy data that the employee is working with.  As an example, if the employee needs to print out a report or other sensitive material either at home or a coworking facility, what happens to the information when they are done with it?  Many times it likely ends up in a trash receptacle leaving it vulnerable to theft.  Even at home it may be placed in the recycle bin that is emptied by city workers when recycling day comes.  What if some of the papers blow out of the recycle bin into the street.  Anyone can now pick these up and utilize whatever data is on the document for any number of purposes.

The Solution:  To ensure that hard copy data is protected, employees should be provided policies and procedures that educate them on the document sensitivity markings so that they understand how to properly dispose of hard copy information.  Additionally, employees who work from their home should be provided a crosscut shredder to destroy the information before it makes it into the recycle bin or trash.  If the employee is using a coworking facility they should make use of the shred bins that are typically available in these environments.  While this doesn’t provide 100 percent protection, it’s better than the document simply ending up in a public trash receptacle.

Threat 4:  Mobile Device Threats

When employees work from home or coworking facility they are typically provided mobile devices (laptop and tablet computers as well as smart phones) to make their jobs easier and more efficient.  These items, especially when utilized in a coworking facility are prime targets for theft.  Even when laptops are “chained” to the desk they are not immune to theft.  All it takes is wire cutters and the laptop is gone, along with the chain.  To make matters worse, many times these mobile devices are loaded with large amounts of data, some of it sensitive, that the attacker may want to gain access to. Some employees also share these devices with family members (ever see a child in the backseat playing games on a tablet) which leads potentially to the loading of apps that contain malware that the employee may not even realize is on the device.

The Solution:  First and foremost employees should be aware of policies and procedures that govern the use of mobile devices.  These materials should outline what is and isn’t allowed in the use of the devices and how they should be protected.  Secondly, they should typically be tied to some type of Mobile Device Management software package that allows corporate IT to remotely wipe the device if it is lost or stolen.  These solutions also can typically monitor what apps are installed on the device and can block the installation of these apps so that the device remain secure.

 

 

Leave a Reply

(required)

(required)


  • TOPICS

     APPLICATION INTEGRATION
     DATA and ANALYTICS 
     DIGITAL HEALTH
     SOCIAL BUSINESS
     MOBILE DATA
     DATA SECURITY
     DATA PRIVACY
     CLOUD DATA
     HR TECHNOLOGY

    • ADVERTISEMENT

    Gartner

    WomeninTech






    IT BRIEFCASE MEDIA PARTNERS
    Gartner

    IBC 365

    Gartner

    cloudexpo

    unicom

    tdwi

    World Congress

    Witi

    Broadgroup

    The Open Group

    gsmi

    tmforum