He waves to the office complex security guard at 6:13 a.m., rides the elevator to the second floor, and says hello to the secretary by name before popping into a nearby cubicle. After logging on with information gained earlier by posing as a help desk technician, he runs a program from his CD that scours your branch office network for various data files. He says goodbye to the security guard at 6:27, and you say goodbye to your corporate secrets at 6:30.

Several months later, you're deep in the middle of a well-planned hostile takeover.

The moral of the story is don't think you're immune just because you're running a corporate firewall. Nor are your teleworkers immune just because they appear to be small targets -- they may very well become the target choice in the near future. If you don't want your teleworkers to be the weak link in your corporate security plan, you must take several key steps.

Audits aren't just for accountants...

The best and least expensive approach to prevent your teleworkers, mobile warriors and branch offices from becoming the weak link in your corporate security plan is to conduct a thorough security audit.

First, list all the physical and logical points of entry and interception used by hackers and viruses. Second, map out how well a variety of security products and operating system tweaks address each of the points. Third, evaluate your options based on their initial cost, installation cost, cost of upgrades, and maintenance cost over the typical PC life cycle, arriving at a total life-cycle cost. Finally, choose the mix of products that secures all points of entry while minimizing total cost.

Back to basics

But before you spend a fortune on the latest technology, spend some effort enforcing the basic rules of security. Your expensive security system will quickly succumb if your teleworkers are letting family members log onto the corporate VPN or running unauthorized software. While it's easy to control the activities of your corporate users through scripts and policies, doing the same for your teleworkers is significantly more challenging.

Review the corporate security policy. Teleworkers have specific needs and concerns, which should be addressed separately. Due to their vulnerable position, they may not be able to have access to the same assets as those working inside the corporate firewall.

It's a good idea to outline the corporation's right to secure its assets -- some teleworkers can become rather possessive of the computer you provide them, simply because it's inside their home. Gently remind them that while the computer resides in their home, the corporation retains ownership. Ensure your teleworkers review and sign a copy of the policy.

Finally, educate your teleworkers. Impress upon them the consequences of downtime caused by not following the policy, and how it can affect the corporation as a whole, not to mention the teleworker's ability to do their job.

Separate and isolate

If your teleworker has a dedicated workstation, lock it down before it leaves the IT shop. Cloning a

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine