Extending Corporate OPSEC to Those Working From Home

Raise your hand if you don’t allow your employees to work remotely. No one? Absent those whose position makes remote work impractical, companies that don’t allow their employees remote access to their email, calendars, and other applications are as rare as the albino rhino.

We recently covered the need to address the security aspects of remote workers, from the context of ensuring the remote worker is technologically protected in the same manner in which they would be if they were sitting in the corner office on the 2nd floor of their corporate headquarters.

These technological solutions work and work well, providing the user understands why the security is in place and that they are truly the first and last line of defense. They must also be aware of the fact that if their presence within the corporate infrastructure is compromised or usurped, the entirety of the corporate defenses will now be dealing with the threat from the inside out.

How Might This Occur?

When an employee starts work with a company they (ideally) receive a plethora of briefings and online, on-demand mandatory training sessions to ensure all the boxes for compliance and security are checked. Indeed, a test may be given at the end for which the user must score a passing grade, or take the test over.

The goal is retention of the knowledge – the reality is the new employee is racing through the materials so they can get to what matters most to them and their family – new position requirements/responsibilities, reporting chain, health benefits, direct deposit in place, etc.

As one who has worked remotely for the past 12 years and is lost inside an office, the ability to work remotely is a personal requirement. For many companies it is a necessity. The ability to (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Christopher Burgess. Read the original post at: Cylance Blog

Christopher Burgess

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

christopher-burgess has 21 posts and counting.See all posts by christopher-burgess