With current events in the world, it seems likely that working from home may become a necessity rather than a luxury. That raises a question – How do you work from home and maintain your network security in the small business world?
CLARK is here with the information you need to keep your network secure while you take care of the most important things in this world, your health and that of your family!
Before we jump into the complexities of remote access, let’s take a moment to state that there are quite a few options out there, but they’re not created equal. Allowing a remote access connection into a business is like punching a hole in network security that could leave you open you to attack. A properly configured remote access solution will insure that only those who should have access to your network do have access to it.
Remote Access and Security
Between long hours, crazy workloads, and the threat of global pandemics, remote access to your work can literally be a lifesaver. When referring to remote access we mean access your work desktop, applications, data, and even printers from your home computer.
A little research will reveal a whole lot of options for remote access. The problem is that a lot of people stop after only a little research, and that’s where the troubles begin. At the Enterprise level, everyone’s talking about security. Where at one time it was only the Chief Information Officer and their network admins worried about security, it’s now discussed at virtually all levels and in boardroom meetings. No one wants to be the next big company in the news reporting a breach.
What does that have to do with small business?
Hackers are opportunists. They want the biggest payoff for the least amount of work. With big business locking everything down, small businesses are now the lucrative targets. It’s more important than ever before for small business owners to follow this lead and make network security a high priority, especially when looking at remote access options. Don’t stop with just a little research, dig deeper or contact your IT Service Provider. There are plenty of affordable remote access options out there, though they are not always secure out of the box.
VPN, RDP, Virtual Network Services! Oh My!
The first thing we need to do is look at the primary options for remote access.
Virtual Private Network (VPN) is a term most people have heard. Unfortunately, what they’ve heard is that in order to be secure, they need one, with little or no further information. For many people, the concept of a VPN can be intimidating. That leads to asking for help, often from people who don’t really understand all the configuration options, which can compromise it’s security. VPN services are advertised everywhere as one size fits all solutions, but that couldn’t be further from the truth.
This is one of those times to heed that old axiom: you get what you pay for.
From a previous blog, we know that a Firewall is like having a secure perimeter around your business with a guard who monitors and controls information as it enters and exits. Sticking with our analogy, the VPN is a tunnel that goes through the Firewall, with it’s own guards on either end. This is the reason a VPN needs to be configured correctly, if those guards aren’t trained properly, they won’t know not to let the bad guys in.
The training the guards receive is called Network Protocols. There are three common network protocols used with a VPN:
- IPSec (IP Security) – this is the standard, and currently most secure, protocol used between two communication points. If configured properly with two factor authentication and timeouts for automatic logoff, this protocol falls under HIPAA compliance.
- PPTP (Point-to-Point Tunneling Protocol) – this is an antiquated and insecure protocol for connecting to VPNs that was used back in the days of Windows 95. Unfortunately, it is a method of connection that people who don’t really know what they are doing still utilize because it’s fast and is already built into many platforms. Of course, none of that does you any good if the bad guys get in.
- L2TP (Layer Two Tunneling Protocol) – commonly used by internet service providers to provide a simple VPN to their customers, this protocol is an extension of the PPTP protocols, offering greater security, but on its own doesn’t encrypt the connections. Additional products are required to make this protocol HIPAA compliant.
With different protocols and configuration methods, proper configuration is imperative when it comes to VPNs.
Remote Desktop Protocol (RDP) is a protocol with which many Microsoft users are familiar. It’s been around a long time and is used to remotely access a Windows computer from other Windows computers, mobile devices, and Macs with software built into professional versions of the operating system. While these connections are encrypted, they are not HIPAA compliant out of the box, requiring additional configuration. In addition, user rights must be properly set and if the network is not secure, RDP can be exploited to steal identities, log-in credentials, or install and launch ransomware.
Once again, its imperative for these types of connections to be properly configured, and it is most effective when paired with a VPN.
Virtual Network Services are software driven networks or portals that are deployed into the cloud. For a short sentence, the previous one can carry a lot of confusion. When we talked about The Cloud in a previous blog, we talked about virtualization and how the cloud is really just a remote computer that runs programs and stores information in a way that makes it feel like your own computer. That is the basic concept behind these Virtual Network Services.
It’s a single product solution to being able to access work from home. Although these are secure, they do have to be properly configured to work with your Firewall and utilize two factor authentication and timeouts for automatic logoff, to fall under HIPAA compliance.
First and foremost, we are not recommending any type of overreaction to world events – social media takes care of that very effectively. When things like this happen, small business owners will naturally want to be prepared. Having an option to allow employees to work from home can be a great way to reduce the impact these events have on your business, but going into it blind can be detrimental to your network security.
The information provided here is to help you to make an informed decision. We STRONGLY recommend that you contact your IT Service Provider to assist with implementing a secure remote access solution that is scaled to your business needs and costs.
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades I’ve worked as a technician, trainer, technical writer, and manager with small businesses, enterprise level organizations, and government, picking up a lot of skills on my journey. In addition, I’m an author, having published multiple works available online and in print.