Tuesday, February 27, 2007

Security for the Shut-Ins

We're all security conscious these days -- there have never been more ways into vulnerable data systems and nobody wants their company to end up in the news for security breaches caused by some slipper-based dunderhead. Likewise, none of us wants to be that dunderhead.

Computer World has a good article today on the steps companies should take to make remote work as secure as possible. When practical, people should only work remotely on company-owned equipment -- for the full-time shut in like me, that means a company-configured desktop rig. Making a pool of properly virus scannered and otherwise locked down laptops available for the less frequent remote worker would also be a safer way to go about it. Least favorable: my family computer with goodness-knows what-all running on it. Well, my family computer happens to be very well-managed too, but I don't know what your kids are doing on yours!

Having policies and training is also key to keeping the real network protected from problems that could be introduced by remote workers. Policies on having data outside the firewall (generally a no-no) can be supported by having the remote PC act as a virtual machine connecting to a system inside the firewall so that all the heavy lifting is done on a safe, locked-down network.

This article also notes that one company makes it a policy to visit home offices to validate that their security policies are being adhered to. My remote work agreement notes that this is a possibility, but the distance between me and the Real Office means that such intervention is unlikely. Though I would certainly pass muster.

Allow me to add another security recommendation: basic physical security of the computers and any files taken off site is critical. Lock your office door and have a locking file cabinet for the materials you work with. Don't leave the laptop in the car (not even in the trunk). Close the blinds when you're not physically in your office so that peeping prowlers can't see the bewildering array of computer equipment in your office. These are simple, but important steps you can take to reduce the risk that your hard drive will fall into the wrong hands.

Here's the thing: even if your laptop is stolen by some indivdual who just wants to sell it for a fix, and who can't possibly begin to make use of the data that is stored therein, your employer is still going to have to deal with the repercussions of that data loss. It's a total nightmare.

Consider yourself warned.


zandria said...

I just saw your link on BlogHer, and I took some time to look through and read some of your past posts...very interesting! I'm currently trying to research a job that I would be able to do remotely, because I think the flexibility and ability to connect from anywhere would be the best fit for me. I'm jealous! :)

Zandria - Keep Up With Me
BlogHer blog

Stella Commute said...

Thanks for reading, Zandria. It's hard to get a job that starts out telecommuting -- most of the people I know who do this negotiate a remote working arrangement after being regular Real Office employees for a while. And naturally, nerdy jobs are the most suited to making this arrangement work. I don't need to be someplace specific to handle money, greet people who wander in off the street, or what have you. All my work flows in over the phone, email, and IM. If you browse around the site, I've got a lot of links to sample documents, negotiation tactics, and the like.

Good luck in getting out of the office and into the slippers!