With roughly 250,000 residents, Virginia’s Arlington County is one of the smallest in the country. The county government prides itself on creating a supportive, family atmosphere for its 3,500 employees, a few hundred of which work remotely. But when it comes to cyberthreats, Chief Information Security Officer David Jordan lays down some strict house rules.

“We work really hard to educate our employees . . . to make them feel responsible about the cybersecurity piece of their job,” says Jordan, whether those employees work in a government office, telecommute, or are out in the field issuing permits or inspecting fire codes with their laptop in hand. Jordan personally meets with every new hire during the training process to make individuals aware of Internet threats and the county’s security policies, outlining rules about Web and e-mail usage. Ongoing awareness-raising includes initiatives such as contributions from the IT department to the weekly employee newsletters about the latest e-mail scam or fraudulent Web site.

But when it comes to securing remote employees, it takes more than awareness. The county has layered a number of technologies in order to secure the endpoints, installing Symantec’s Client Security on government-issued computers that offers virus, spyware, and intrusion protection as well as personal firewall features. The computers are physically protected by Absolute Software’s Computrace – “the LoJack of computer hardware” says Jordan, which lets the county trace the location of a computer. In addition, the county secures network access with firewalls and uses SSL for authentication.

While Jordan believes these technologies combined create “a robust remote extension facility,” there’s more to be done, such as adding layers of protection to the information stored in the county’s databases. Such is the case with most organizations trying to secure their remote workers --there’s always room for improvement.

Click to see: Remote security

“A lot of organizations still believe that a security strategy is antivirus, and that simply doesn’t work anymore,” says Natalie Lambert, senior analyst at Forrester Research.

“Now attacks are nefarious, extracting corporate information, and there’s a lot of organized crime and going after competitors . . . attacks these days are very targeted.”