Best practices for securing telecommuters' PCs

* Ignoring the security and connectivity needs of mobile workers can put an entire network at risk

Is the exorbitant price of gasoline leading to an increase in telecommuting at your company? This will have a dramatic impact on IT as more people drag their laptops home or boot up the home PC to access office applications. Managing a PC that's not continuously connected to the corporate network can be a challenge. Follow these guidelines to make sure all the bases are covered.

Is the exorbitant price of gasoline leading to an increase in telecommuting at your company? It seems to be a phenomenon happening all across the country as workers struggle to cut commuting costs and companies look for ways to ease the pain for employees. Anecdotal stories suggest that more people are working from home at least occasionally in order to deal with the high cost of getting to the office.

But telecommuting isn’t just a temporary response to high fuel prices. In an OfficeTeam survey of 150 executives from some of America’s largest companies, 82% of the managers said they expect the number of employees who work remotely to increase in the next five years.

This will have a dramatic impact on IT as more people drag their laptops home or boot up the home PC to access office applications. Managing a PC that’s not continuously connected to the corporate network can be a challenge, but ignoring the security and connectivity needs of mobile workers can put an entire network at risk. All it takes is one PC with a virus to cause havoc.

Fiberlink Communications, a company that specializes in managing mobile and remote computers, offers up this list of best practices for the fleet of PCs that your colleagues are toting around with them. Some of the tips come from the National Institute of Science and Technology (NIST) “User’s Guide to Securing External Devices for Telework and Remote Access”, while others are compiled based on Fiberlink’s years of experience in managing mobile devices.

According to NIST, securing a mobile PC includes the following actions:

• Use a combination of security software, including antivirus (Compare antivirus products) and antispyware software, personal firewalls, spam and Web content filtering, and popup blocking, to stop most attacks, particularly malware.

• Restrict who can use the PC by having a separate standard user account for each person, assigning a password to each user account, using the standard user accounts for daily use, and protecting user sessions from unauthorized physical access.

• Ensure that updates are regularly applied to the operating system and primary applications, such as Web browsers, e-mail clients, instant messaging clients, and security software.

• Disable unneeded networking features on the PC and configure wireless networking securely.

• Configure primary applications to filter content and stop other activity that is likely to be malicious.

• Install and use only known and trusted software.

• Configure remote access software based on the organization’s requirements and recommendations.

• Maintain the PC’s security on an ongoing basis, such as changing passwords regularly and checking the status of security software periodically.

Calling these guidelines a “good start,” Fiberlink executives say companies that are serious about network security and data protection need to take extra measures. Here are their recommendations for mobile computing, including telecommuting:

• Build, implement and maintain policies and procedures that are enforced even when the device is off the corporate network.Patch and Vulnerability Management products) and enhance productivity. Turn off automatic updates that are not issued in accordance with corporate policy.

• Protect the data through automated techniques that include encryption, backup and authorization validation.

• Control hardware and software settings and configurations to prevent unauthorized or undesired changes or compromise.

• Provide a simple, secure connection to the Internet and to the corporate network regardless of location and connectivity medium.

• Deliver timely patches and other software updates to reduce vulnerabilities (Compare

• Isolate compromised or suspect mobile devices from the corporate network until the risk can be mitigated to prevent further harm to the business.

• Collect and analyze the appropriate log data from the mobile devices to be aware of their health and status.

Done right, most of these actions will be totally automated and imperceptible to the end user. It’s important not to affect user productivity, or the workers may try to circumvent the very protections that are put in place to safeguard their PCs and data.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10