Awareness
4 Telecommuting Security Mistakes
A look at some common security no-nos committed frequently by mobile workers, and tips on how to stop them
By Joan Goodchild, Senior Editor
"I have entered environments where children's games were installed on machines, instant messaging and more," said Jason Hall, president of Stuart Hall Technologies, an Ambler, Pennsylvania-based consultancy. "Something like this can be addressed with local security settings. A user should not be an "administrator" of their machine."
Employees should be clear that the work-issued device is for their use only. And, keep in mind, computers and mobile devices aren't the only place where friends and family can cause problems. DeFrangesco shared a story of a friend with a son in middle school.
"The son was working on a project on his home computer and needed to bring it to school the next day to finish it in class. The father told his son he could have the USB drive in his brief case."
Unfortunately, the son took the wrong USB drive and lost several important documents his father needed for work.
"I know many companies where using USB drives is acceptable and encouraged to the point where they even buy the drives for their employees to use," said DeFrangesco. "I do not recommend or encourage the use of these drives."
If a company does allow employees to use USB drives, make sure the drive has security built in. If the drive does not have security, encrypt the data yourself, said DeFrangesco.
Altering security settings to view Web sites that have been blocked by the company
Cisco in its survey of end users also found more than half have changed the security settings on their company-issued laptop to view restricted Web sites. Those polled said they did so because they wanted to visit it regardless of their company's policy. Another find: 35 percent said it is none of their company's business if they have changed the security settings on their computer.
"I have to admit I have been guilty of this many times," admits DeFrangesco." I do a lot of presentations and frequently need information or graphics for my slides, after gaining the proper permissions of course. However, when I find myself being blocked from a site, I often use a proxy to get around it. A proxy will act as a go between your computer and the site you want to connect to, fooling the filtering software from blocking you."
Both Hall and DeFrangesco point out that organizations can stop some of this activity by adjusting content filtering to block particular sites that allow the bypassing of a firewall or content filter. But, although IT is responsible for locking down these settings, the end-user still needs to be educated, said Hall.
telecommuting
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
