Remote Employees and IT Security
Q: What are some IT standard practices and procedures that we should implement when dealing with our field or remote employees?
A: Depending on the technology needs of your remote employees you should implement the following as standard security practices:
(a) You should have a plan in place where the technology in the field returns to the main corporate office on a regular basis for security and software updates; (b) Field computers should have local firewall software installed for browsing the Internet off-site (Windows firewall does not count!); (c) Limit or forbid use of public wireless networks (Use personal mobile hot-spots instead); (d) Eliminate and restrict actual data on the local computers (use remote application servers for running apps and storing data. Use the local computer as a “dumb-terminal”); (e) Make it policy that employees are using VPN (virtual private network) when accessing company servers and data remotely; and (f) If data must absolutely reside locally on the remote computers, use hard drive encryption built into the notebook’s base system or use third-party encryption software.
Q: Smartphones have become an increasingly large part of our field employee’s toolkit. What should I do to protect ourselves with regard to these computing devices?
A: (a) Make certain smartphones are owned by the company and used for the company business ONLY! (You cannot dictate IT policy on an employee’s personal phone); (b) Again, use local cellular data plan rather than public Wi-Fi access for accessing data and browsing the Internet for information; (c) Password protect and auto-lock your devices; (d) Use remote find and/or remote wipe capabilities of the smartphones if they are lost or stolen; and (e) Limit your use of document sharing/sync apps (Sugarsync, Box.net) and of course … iCloud! I95