As more and more employees seek to stay engaged with their work life while out of the office, a plethora of new technologies are allowing them to stay connected constantly.
The advantages of staying connected are well known, empowering both employees and employers to boost both communication and productivity. The explosion of new free or low-cost Web services and mobile applications has provided technology users with seemingly limitless choices in how they access work information.
Unfortunately, the pitfalls of remote access are less well known. Remote access provides a potential way for unauthorized users to access your organization’s private resources unless technologies are well chosen and well secured, and employees are well trained on using them effectively.
If your organization has not implemented a remote access technology for employees who need (or demand) it, they may be one step ahead of you. Many highly publicized, free solutions exist for consumers to set up remote access to home computers. If your organization allows it, employees may be tempted to enable remote access to their work computers on their own.
What’s wrong with allowing employees to use free remote access services at work?
An assortment of Web-based technologies exists that allow individuals to have remote access to their home computers at little or no cost. Common examples include LogMeIn and Teamviewer.
For services like these, a user can download an application and install it on his or her computer. The computer establishes a connection to the company’s servers, and a convenient way to access the computer from any location on the Internet. The user can now log in essentially anywhere and access their computer remotely as if he/she were sitting in front of the keyboard.
These technologies are designed to be easy and convenient. However, they also make the protection of the computer a joint effort of the user and the service provider. The user is responsible for assuring the security of their username and (hopefully) complex password, and the remote access provider is responsible for assuring that their systems are safe and secure.
The problem happens when an employee decides on their own to give themselves remote access to a computer at an organization. If an organization does not restrict what software an employee can install on their work computer, the employee can download and install a free version of LogMeIn or Teamviewer at work, go home and access all the same file servers, business applications and technology resources that the business allows them to access from a designated network.
Now, instead of the security of a company’s computers being the firm’s responsibility, it is now also the responsibility of the company that an employee chose on his/her own to trust with company resources. How seriously do these companies take their security obligation? Below are excerpts from the terms and conditions of two popular remote access services:
|
(COMPANY NAME) AND ITS SUPPLIERS SHALL NOT BE LIABLE FOR ANY…DAMAGES INCLUDING, WITHOUT LIMITATION … LOSS OR DAMAGE TO INFORMATION OR DATA ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCTS. UNDER NO CIRCUMSTANCES, INCLUDING BUT NOT LIMITED TO NEGLIGENCE, SHALL … BE LIABLE FOR DAMAGES RESULTING FROM USE OF THE PRODUCTS…EVEN IF … OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
|
… IN NO EVENT SHALL ...BE LIABLE FOR ANY…DAMAGES WHATSOEVER…FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY …LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE PRODUCT… SOME STATES OR COUNTRIES DO NOT ALLOW SUCH LIMITATION AND THEREFORE THIS LIMITATION MAY NOT APPLY TO YOU.
NOTWITHSTANDING THE FOREGOING, THE MAXIMUM LIABILITY THAT … SHALL INCUR HEREUNDER SHALL BE LIMITED TO THE ACTUAL PRICE PAID BY YOU FOR THE PRODUCT*.
* For home users, it’s a free product.
|
Statements like these are typical for many Web-based services, and an organization may decide that the convenience and benefit of a low-cost remote access service outweigh any inherent risk. In fact, both LogMeIn and TeamViewer (for example) have commercial (paid) versions of their software that many organizations choose to use to provide remote access. However, this is a decision for the organization’s management team; not for each individual employee.
What’s the solution?
Employees are typically driven to implement new technology solutions on their own for good reason; they want to stay connected and engaged while away from their desks, and they want to do it in a way that is simple and convenient. Recommendations for addressing the issue of remote access include:
Implement a remote access policy for your organization
Not all employees need remote access to meet their job requirements. Develop and implement a remote access policy that addresses your organizations requirements for security while also providing employees with remote tools they need to fulfill work duties successfully.
Determine which employees need remote access to which systems
Prioritize which business applications require remote access, and work with both an organization’s management and technology teams to determine a remote access technology that meets both business requirements and functional needs
Provide user training
Most employees want to contribute to their organization’s success and protect its assets. Make sure to provide not only technical training to use remote access tools correctly, but also provide relevant security training to assure they know what organizational assets they are trying to protect, and why.
Edited by
Braden Becker
