Not necessarily, say users, providers
It's becoming increasingly common for companies to outsource their customer service departments to China or India, and for local employees to work from home, connected through a BlackBerry or their laptops.
But could all this use of corporate networks to transmit sensitive data mean serious trouble for companies?
A recent AEP Networks report indicated that executives seem to think so: 91 per cent of the 381 U.K. and North American IT executives surveyed said they think that factors such as remote working and outsourcing could mean a bigger risk of sensitive data being exposed, 89 per cent said there is a greater threat of malicious content such as viruses, and 85 per cent said there is an increased possibility of hacking.
However, 94 per cent of respondents said they already allow or had plans for remote working, with 97 per cent agreeing that today's networks are more accessible to a variety of internal and external users and devices than five years ago.
"On the one hand, IT is rightly under pressure to open the network door to partners, suppliers and customers to improve efficiency and enhance business processes," stated AEP Networks chief operating officer Reginald Best. "On the flip side, they're sweating over how to prevent unauthorized access, protect company information and deflect malicious attacks."
So, does this mean we're likely to see more security breaches like that of Winners parent company TJX Companies Inc.? Not necessarily, say users and providers of remote IT workers – if you're careful, of course.
Remote management can have many benefits, so long as one measures the risks and puts security controls in place, said Phil Weaver, CEO of remote network management services provider NUVO Networks.
"There is much more use of remote workers today because it's hard to get a collection of skills in one place, and there's always the question of how to afford it ... with remote management, you get a more affordable solution or higher-quality, broader service and the right skill set, and you can focus on other critical things in the business," he said. "There's very few things you can't do remotely ... you can now be sitting in India and remotely go into someone's desktop, backup their configurations, update files, patches and upgrades, change passwords."
In fact, besides having the added benefit of being able to take advantage of the skills of a person who is in a different locale, remote working today is much like working in an office – including the human element risk, which can occur whether your IT worker is sitting right next to you or is communicating with you via computer in Mumbai.
"You can lock all your doors, but it takes only one person to wedge the door open for security to be compromised," noted Pat Cottrell, Nortel IT security manager.
A tenth of all full-time Nortel employees work away from the office, with much higher numbers for part-time staff, and all of Nortel's IT workers have the capability to work from home, Ms. Cottrell said. However, although the security risks are still a concern for Nortel, they're manageable.
"Our IT workers are working in a very secure fashion with an encrypted tunnel connecting from home workstations to the Nortel network, so they can do things like handle highly confidential material, change their passwords or perform full system administration without fear of exposure," Ms. Cottrell said.
Another key to protecting security is limiting access for unsecured devices, although that doesn't mean those tools can't be used at all, something which makes the job of self-labelled "nomadic worker" Tony Rybcynski, Nortel's director of enterprise strategic technologies, a lot easier while still secure.
"While the BlackBerry is prescribed because it's fully supported, I have an older Windows CE device, and someone else might have an iPhone, so we have different levels of privileges for each different type of device," he said. "So when (I) come along with (my) funny device, I probably won't get access to the accounting system, but a BlackBerry can get full access."
Even the federal government uses remote workers, albeit in a more closely controlled setting, ensuring that teleworkers are only using ministry-provided devices and are given individual security certificates that expire after a given time, according to Normand Duchesne, who manages IT security for the Department of Fisheries and Oceans. But again, he agrees that the key is educating the end user to be aware of security issues.
"The measure with which you'll get the most bang for your buck is IT security awareness and training employees, because they are the first in line and their behaviour can put you at risk," he said. "You want to communicate the risks to them and not wait for a significant event before adopting those best practices."
At the end of the day, however, it would seem that the benefits of remote working outweigh the dangers, and it's simply a matter of prudently managing and evaluating those risks.
"We're going to see a lot of remote working both in management of IT and in typical jobs because of the flexibility in terms of staffing, cost, and . . . resources," said NUVO's Mr. Weaver.
"And whether workers are onsite or remote, there are just as many issues for both. It gets back to how you handle it and the controls you put in place, and those are just as important locally as remotely."
Tips to protect against security leaks when working remotely:
Do not discuss private, confidential or restricted information in a public place. You never know who may be listening to your call.
Protect access to your PC at home: put the screen lock on even if you will be away for only a short time. You might be unpleasantly surprised by what a member of your household or guest could do with this access.
If you will be away from your home for a significant amount of time ensure that your work computer is well secured. Recent news reports about stolen laptops containing confidential information have cause significant embarrassment to corporations and government departments.
Destroy any media and shred any work-related papers before discarding from your home office. "Dumpster diving" is a very successful tactic for information theft.
Protect your portable equipment: do not leave it out in the car overnight; do not leave it visible in your vehicle while on errands; never leave it unattended.
Use triple anti-threat protection: personal firewall; antivirus software with up-to-date definitions; and up-to-date system patches. This will keep you safe from most threats. Note, however, that nothing can really protect you if you "open the door" to bad guys by opening unsafe e-mail attachments or clicking on links in e-mails pretending to be from your bank or other service provider.
Wireless access at home is very handy, but make sure you turn on encryption on your wireless router and use a secure key. That way it will be very difficult for someone to "borrow" your signal, or capture your traffic. That way it will be very difficult for someone to "borrow" your signal, or capture your traffic.
If you are using a USB key or other media to transport confidential information, ensure it is encrypted in case it is lost, stolen, or just misplaced.
While connected to your corporate network, do not connect to non-work related sites on the internet. Many web sites have been compromised, some putting adware and spyware on your systems, many doing much worse. It's not just adult and gaming sites anymore, it's popular sports, wellness, and hobby sites that tend not to be managed by security-aware site administrators.
Source: Pat Cottrell, Nortel IT security manager
* To print this page, click on the "Printer Friendly Version" link above. When the new
window opens, right-click with your mouse in the new window and select "Print".
