As telecommuters race to their home machines, eagerly requiring constant access to the firm’s network, we become more concerned about maintaining network security.  In most firms, telecommuters are attorneys, laptop road warriors, paralegals and administrative staff desirous of accessing firm resources while away from the office.  We have to offer home access to our home users, but we need to maintain network security.

How do we scrutinize the telecommuters’ computers and gain control over them?  Are they using firewalls?  Are their wireless networks secure?  Do their computers have antivirus software installed?  Is the software properly installed and receiving the current virus definition files?  Are their computers shut down when they are not being used?  How secure are their passwords?  The questions seem endless.

We need to embrace these external computers and realize they are a part of our network.  Are firms staffed to support the telecommuter workforce?  By creating a telecommuter policy we can take a step forward to improve network security.

Secure the Internal Network
First and foremost is our own network security.  Are in-house servers and desktops running properly configured antivirus software, scanning for viruses and automatically updating new virus definition files?  Are firewalls properly configured, protecting our network from unwanted internal and external traffic?  Are we protecting our users from content-based threats like spyware, worms, intrusions, inappropriate Web content, etc.?  Are we applying the latest Microsoft patches on our desktops and servers?  Once these issues have been addressed, we can feel more confident about the security barrier protecting our networks from outside threats, including the telecommuter.

Enforce Firm Standards at Home
One way of forcing users to abide by the firm’s software standards would be to use Quarantine Mode included in the Windows Server 2003 Toolkit.  Besides placing a certificate authenticating a home user’s machine, it can be used to deny a user access to the corporate network if current virus patterns are not installed.  Further, if a machine does not have any virus software, Quarantine Mode can be configured to push the software to the client machine so it can later connect.

Second, we want the telecommuters’ computers to have the same standards as any other computer on our network.  The ideal solution would be for the firm to have direct control over a home user’s computer by letting your IT staff configure them.  However, this is an impossible feat for most firms without hiring more IT staff.  If firms did have control, they could enforce higher security standards forcing the home computer to a secure operating system.  For instance, Windows 2000 and XP versions are more secure than previous Windows versions.  However, it is difficult setting stringent hardware standards unless the firm owns and configures the computer.

By creating a telecommuter or home computer policy, firms can standardize and improve upon network security and simplify the guess work for the IT department.  At minimum, the firm’s policy should include the following:

Antivirus Software Standards (current antivirus definition files and correctly configured antivirus software)

Firewall Standards (software or hardware)

Dial-in and VPN Policies

Microsoft Critical Updates

Wireless Local Area Network (WLAN)

Remote Use

Computing Standards

Passwords

An Ounce of Prevention
The most important part of a telecommuter policy is education.  Users cannot understand the risks they are imposing on the network unless they know what threats exist and how to prevent them.  A lot can be gained by providing telecommuters a security forum from an industry professional to put “teeth” in your telecommuter policy.  Although it may take some time to create a telecommuter policy and provide the supporting documentation, it is well worth the investment to secure your network.

About our author . . .

Vijay Kaushik is the Founder/President of inetsupport, inc., a leading provider of technology consulting and implementation services for law firms, developer of inettime, a Web-based time and attendance solution written in .NET.  Vijay has spent the last 20 years working with law firm automation and technology.  He can be reached at vijayk@inetsupport.com.