Indications are that remote working was able to reduce
the financial impact for those companies that have enabled it, but
very few small and medium businesses have the budget or technical
ability to implement and manage secure virtual private networks
(VPNs) with sophisticated network access control.
Remote working - how risky is it and what can small
businesses do to enable it securely?
Remember looking out of the window and being greeted with a
blanket of snow? The very hint of no school and a day in the snow
is every kid's dream. This attitude changed one day, and the only
thought was the impending journey into work because a day out of
the office is surely unthinkable. For many organisations, the
feeling of an enforced day out of the office is translated into a
day of inactivity. Without the technology to pick up e-mail, access
information, or even change face to face meetings into conference
calls, the merest hint of snow could have CEOs clambering for the
keys to the snow plough.
So what stops an organisation joining the 21st century?
Invariably cost and lack of knowledge. To enable
remote working the first step is always recognising the need.
Extending the perimeter for an organisation is a bold step, and
one which needs to be considered carefully. Employees may well
demand the ability to pick up e-mail from anywhere, but such a move
must be based on careful evaluation between risks and benefits, not
solely demand.
However, a move like this is not a binary decision. There are
varying degrees of remote working, ranging from webmail, to access
to all files, and everything else in-between. Technology
requirements will of course be dependent on the level of access
required. Although the cost may be lower than initially thought.
For example, many SOHO (Small Office, Home Office) firewalls have
remote connectivity features enabled either by default or via
licence activation. Equally, web mail is also available as a
default feature in many popular mail systems.
Of course, just because it is there does not mean a tick in the
box is all that is needed. Extending the perimeter does have its
risks, and appropriate security controls must be applied to
mitigate/reduce these risks. These decisions involve authentication
considerations, access times, locking down endpoints, etc. This may
be seen as step too far for many small businesses, but as expected
there are companies to plug such a gap. Consultancies exist that
focus purely on small businesses. Admittedly, many of these offer
the whole technical support package (including remote helpdesks),
but part of their offering may include security advice. Their
charge-out rates are tailored for small organisations, as are the
systems they recommend.
So the next time the weather girl predicts a cold weather front,
all organisations, no matter the size, can ensure they are not left
out in the cold.
Raj Samani is vice-president of communications at ISSA
UK
Read more advice from
the Computer Weekly Security Think Tank >>