What is Your Organization's Weakest Link?

January 28, 2013 by Alex Collins, IT Services Consultant

home-officeAll Covered knows that your organization is tech savvy-at the least, it has in place a secure perimeter that will deny network access to non-credentialed machines and users, it ensures that all patches and updates for operating systems and applications are always up-to-date, and it provides security awareness training to its staff on a regular basis.

Of course your organization does all of that, and more, but it still might not be enough. Unplanned catastrophic events like Superstorm Sandy and unremarkable, everyday events like telecommuting share in common one critical element that could be your organization's weakest link-remote access from a home office.

Remote access of business IT resources from home offices will always be a weak link for many organizations. Regardless of why your staff is working at home-by necessity or by choice-your staff will be using IT resources that are not under the physical control of your organization. This means that your organization must trust that its staff is capable of establishing secure remote offices; the best way to do that is to provide staff with training which focuses on creating secure home offices.

Secure home office networking 101

By IT security standards, creating a secure home office means more than installing a lock on the door of your guest room/man cave/home office. When IT security professionals discuss making a home office secure, what they are really discussing is creating a secure home network.

Any home network that is used for business purposes should include the following elements:

  • Secure connection to ISP provider- Internet service providers (ISPs) typically provide home users with cable modems which offer router and wireless capabilities; while this type of device will provide remote workers with access to the internet, it is not as secure as it should be. To ensure that home networks are secure, remote users should, in addition to the ISP provided modem, use personally owned firewalls or routers that will provide an additional level of security between the internet and the home network.

  • Secure wireless connectivity- Remote workers should use secure wireless networks if they do not connect directly to their personal firewalls. Older wireless routers use encryption solutions that can be easily hacked. To ensure that wireless networks are secure, wireless routers should be new enough to be protected with Wi-Fi Protected Access 2 (WPA2) encryption instead of the older WEP encryption.

  • Advanced router configurations- Regardless of whether the network is hardwired or wireless, advanced security features should be enabled. By using a filtering feature which allows only identified computing devices (based on MAC or hardware addresses) on the wireless home networks, your organization can ensure that only authorized users will access home networks which can connect to your organization's information systems

  • Limited administrative access- Home networks and the computing devices that will be used with them should be administered from only within the network. When configuring routers and other devices, the option that allows for external administrative account access should be deselected to prevent unauthorized users from attempting to access and modify networks.

  • Strong passwords- The same strong password requirements that are in place in your organization place of business should also be used in home offices. Strong passwords should be at least ten characters long and consist of complex character strings that contain letters, numbers, and special characters. Strong passwords should not be found in the dictionary or consist of special dates such as birth dates and anniversaries. Strong passwords should be used on all networked devices.

Learn more

When your remote workers create secure home networks, they are taking the first step toward ensuring that their home offices will not be the weakest link in your organizational IT chain. To learn more about how your organization can create secure remote offices, please read the follow-up articles that will be posted in the next several weeks. To learn more about remote offices that will support your organization, please contact the IT Support experts at All Covered at 866-446-1133.