Indications are that remote working was able to reduce
the financial impact for those companies that have enabled it, but
very few small and medium businesses have the budget or technical
ability to implement and manage secure virtual private networks
(VPNs) with sophisticated network access control.
Remote working - how risky is it and what can small
businesses do to enable it securely?
Remote working is commonplace in the corporate world, but many
small business have still to take advantage of a secure method to
permit their staff to connect back to the office when they are
working at home or travelling. Whilst there are low-cost,
adequately secure alternatives, small businesses are generally
unaware of the technology or the risks of a poor
implementation.
Tools such as Microsoft's Remote Desktop may be secure enough
for internal use, but are highly vulnerable to attack when used on
public networks. Outlook Web Access and Citrix offer other
alternatives for remote working, but may not be adequately secure
without additional protection such as a VPN.
A low-cost VPN system may provide the answer for smaller
organisations that do not routinely handle highly sensitive data. A
router-based VPN with a pre-shared key may be sufficient for a
small firm for remote workers with laptops, when combined with good
quality passphrases and other sensible controls on the remote
devices, plus sensible firewall rules at the office. It certainly
offers an additional layer of security compared with simply opening
Remote Desktop on to the internet.
If remote workers are given properly configured laptops - using
full disk encryption, a personal firewall and up-to-date anti-virus
- and are taught how to choose good quality passphrases, then the
remote end of the equation can be enabled without significant risk
and without a huge budget. Intelligent firewalling at the office
end of the VPN can provide appropriate defence, especially when
combined with a VPN endpoint accessible only by IP address (no DNS
entry).
Many small businesses will already have ADSL routers with a VPN
capability, and there are many low-cost models on the market if
they do not. Providing the business gets sound advice on a secure
configuration and avoids some of the basic pitfalls described in
this article, they can take advantage of broadband connectivity to
facilitate home working and remote access on the move.
Peter Wood is a member of the ISACA Conference Committee and
founder of First Base Technologies
Read more advice from the
Computer Weekly Security Think Tank >>