As bad as the situation is, it's likely worse for home workers, who don't have an IT department
               looking over their shoulder to ensure that they follow company policy.  Even if telecommuters
               use their own devices to get their personal e-mail, they may decide to forward a link from their
               personal device to a corporate one, the better to be able to look at a site they may think can
               help them with an assignment, or to open a document they believe is relevant to their work. If
               that link or document contains malware, however, it's just a hop, skip, and jump to the corporate
               network for that rogue exploit.



               Does that mean that telecommuting is a bad idea, at least from a cybersecurity point of view?
               Not necessarily; that same malware infection process could take place inside the office; after all,
               the statistics we cited on breaches and cybersecurity are for all organizations, which are mostly
               still office-centric. Blaming the telecommuters for the sorry state of cybersecurity is very short-
               sighted; what's needed is a solution that will work both in-office and at home. Here are some
               strategies that can be implemented both at the office, and at home offices:



                   1)  Policy clarity: A recent study by Dell indicates exactly that: 91% of business users  said
                       that productivity was harmed because of security measures  - meaning that many users
                       are likely to try and do an end-run around IT department rules if they feel too constricted
                       by the rules. But much of that, according to the study, is due to a lack of clarity on the
                       rules, and why they are in place; the study shows that over 60% of IT pros said that a
                       lack  of  “leadership  awareness”  was  the  greatest  barrier  to  delivering  a  context-aware
                       security  approach.  “Context-aware”  in  this  instance  means  knowing  exactly  how  to
                       connect to the corporate network, what to do, and what not to do. A good context-aware
                       security system will make clear to users which  protocol (like a specific browser or app)
                       to use to connect from within the network, and specify rules on where, what, and for how
                       long activity on the network can continue. With clear rules that are easy to understand,
                       employees  both  inside and  outside the  office  are more  likely  to follow  them,  ensuring
                       that the network remains safe.


                   2)  Superior supervision: Part of implementing rules is ensuring that they are followed, and
                       to  ensure  compliance,  IT  departments  should  be  installing  systems  that  monitor
                       compliance  but  are  not  intrusive.  As  mentioned,  company-wide  problems  could  result
                       from  the  actions  of  a  single  individual,  who  is  seeking  to  get  their  work  done  more
                       quickly  or  easily  –  a  temptation  which  might  be  even  greater  for  highly  productive
                       workers at home, who are hoping to knock off work early, once they finish their tasks.
                       Productivity is great, but not at the expense of security!








                   20    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.