Many companies today allow employees to work from home. Typically, the employee uses their own computer to connect to the businesses Virtual Private Network (VPN), Drop Box, Office 365 or other cloud-based software. The company trusts the security implemented on their network and in the cloud to safeguard their data. However, the business doesn’t do anything to check on or safeguard the employee’s home computer. All the corporate data is encrypted and safe in the cloud, right?
If the employee’s computer gets compromised and malware finds its way onto the machine there are several ways the malware can gain access to the corporate data. Malware can be programmed to take screen shots and send the screen shots to a criminal control center in the sky where the images can be analyzed for usable data. Usable data could be anything that is presented on the employee’s screen. The malware can also track and record all mouse clicks and keyboard entries so that usernames and passwords can be sent to the criminal control center. Combine this with the criminal’s ability to inventory the employee’s computer software, and the criminals now have the software, login screens and credentials they need to penetrate the company’s security.
If you are going to allow your employees to remotely access your company’s data, the best option is to be sure they are using a computer provided by the company that can have the latest and greatest cyber defenses. Allowing employees to use their home computers, especially if the computers are shared with their children, is a risky proposition even if they don’t have direct access to the company’s data.
There’s also the issue of employees leaving the organization. What happens if an employee leaves or is otherwise let go, but they used their personal computer to remotely access the network? Since it’s their personal property, there’s little you can do unless you have certain provisions in place. Company-provided laptops can be configured with the same levels of security as your on-premise computers. Plus, if an employee leaves, the computer can (must) be returned, ensuring that no company data remains in their hands.