Indications are that remote working was able to reduce the financial impact for those companies that have enabled it, but very few small and medium businesses have the budget or technical ability to implement and manage secure virtual private networks (VPNs) with sophisticated network access control.
Remote working - how risky is it and what can small businesses do to enable it securely?
Remember looking out of the window and being greeted with a blanket of snow? The very hint of no school and a day in the snow is every kid's dream. This attitude changed one day, and the only thought was the impending journey into work because a day out of the office is surely unthinkable. For many organisations, the feeling of an enforced day out of the office is translated into a day of inactivity. Without the technology to pick up e-mail, access information, or even change face to face meetings into conference calls, the merest hint of snow could have CEOs clambering for the keys to the snow plough.
So what stops an organisation joining the 21st century? Invariably cost and lack of knowledge. To enable remote working the first step is always recognising the need. Extending the perimeter for an organisation is a bold step, and one which needs to be considered carefully. Employees may well demand the ability to pick up e-mail from anywhere, but such a move must be based on careful evaluation between risks and benefits, not solely demand.
However, a move like this is not a binary decision. There are varying degrees of remote working, ranging from webmail, to access to all files, and everything else in-between. Technology requirements will of course be dependent on the level of access required. Although the cost may be lower than initially thought. For example, many SOHO (Small Office, Home Office) firewalls have remote connectivity features enabled either by default or via licence activation. Equally, web mail is also available as a default feature in many popular mail systems.
Of course, just because it is there does not mean a tick in the box is all that is needed. Extending the perimeter does have its risks, and appropriate security controls must be applied to mitigate/reduce these risks. These decisions involve authentication considerations, access times, locking down endpoints, etc. This may be seen as step too far for many small businesses, but as expected there are companies to plug such a gap. Consultancies exist that focus purely on small businesses. Admittedly, many of these offer the whole technical support package (including remote helpdesks), but part of their offering may include security advice. Their charge-out rates are tailored for small organisations, as are the systems they recommend.
So the next time the weather girl predicts a cold weather front, all organisations, no matter the size, can ensure they are not left out in the cold.
Raj Samani is vice-president of communications at ISSA UK
Read more advice from the Computer Weekly Security Think Tank >>
This was first published in March 2009