Awareness

4 Telecommuting Security Mistakes

A look at some common security no-nos committed frequently by mobile workers, and tips on how to stop them

By Joan Goodchild, Senior Editor

March 25, 2009 — CSO —

According to figures released recently by the Nemertes Research Group, an Illinois-based research advisory firm, as many as 71 percent of U.S. companies offer full-time or part-time telecommuting to employees. Despite the large number of employees who work out of office, another recent study from The Center for Democracy and Technology found many continue to sideline the issue of telecommuting security in favor of more urgent needs. (For more on telecommuting risks see: Telecommuting Poses Privacy, Security Risks)

Whether it is employees who travel frequently for their job or staff that work out of a home office full or part-time, their mobility poses serious security risks to your organization. CSO spoke with two security strategists about common mistakes employees often make while telecommuting, and asked for advice on how to put a damper on them.

Careless use of Wi-Fi and accessing unsecured networks
In research released late last year, Cisco polled more than 1,000 end users in 10 countries and found 12 percent of people who work out of the office regularly connect to a neighbor's wireless network when working at home. Another study from Accenture found one in seven Americans admit to "borrowing" Wi-Fi from an unsecured connection

"Today, this is very easy to do," said Ralph DeFrangesco, a computer science professor at Drexel University and consultant who helps companies assess and develop security programs. "You are sitting in a Starbucks or a Borders with your laptop and you need access to the Internet. You open your laptop and connect to the first unsecured network you find."

Firewalls will provide some protection against some malicious wireless intruders, but risks certainly still exist, said DeFrangesco, who recommends companies tell employees to limit their time on an unsecured network and use encryption, like PGP, whenever possible.

"What people don't realize is that hackers sit on these networks, or set up their own, and put password sniffers on them to capture passwords," he said. "I have had many friends that have noticed funny things with their personal e-mail and work accounts after connecting to an unsecured network."

Another thing to consider: In addition to the obvious risks this poses to an organization's sensitive data, it is also potentially illegal.

"The law is very vague here, but you could be committing fraud depending on the network," said DeFrangesco.

Letting family and friends use work-issued devices
It is a fairly common scene: An employee brings a laptop home and later that evening, that person's son or daughter wants to use the device to surf the Web. But can you trust that what they are viewing and downloading is safe?