Mobile workers are using new technology to get access to all their work data from outside the office. Are VPNs and other tools giving the same level of access to criminals?
As the use of telecommuting and corporate laptops has increased, the use of Virtual Private Networks (VPNs) has mushroomed. The benefit of having access to centralized data is a major productivity boon to your employees. But, as experts note, it may open up your system wide up to data theft and malicious tampering.
Worst of all, the proliferation of Blackberries, iPhones and now tablet computers is starting to make the job of securing VPNs even harder.
The problem, according to security company NCP Engineering, can be minimized with the right steps. Most VPN software packages have controls that can make the hacker’s job much more difficult, The problem is that many companies’ VPN networks get set up and “left on auto-pilot,” even as the threat level changes.
To reduce the risk with VPNs, follow these steps reported by NCS at the Black Hat 2010 security conference in Las Vegas:
- Keep up with software updates: That includes updates on the host and on the remote users’ side. VPN companies keep refining security features in response to what’s out there, but that does no good if the updates aren’t installed in a timely way.
- Train: VPN can be plug-and-play, but security is enhanced when end users are instructed on best practices for passwords, and
- Use administrative tools: Most VPN software allows administrators to define exactly which remote devices can get access through the software (Same Origin Restriction), limiting the threats from outside. Also important is making sure the list of users is kept up to date, so that ex-employees don’t have access to the VPN.