Remote Office Connections: Convenient, but not without risks.

More people than ever are working from home, on the road, or accessing their office PC from client sites and hotels. According to WorldatWork, occasional telework has risen dramatically in just the past several years. My experience with the financial services industry shows that more and more accountants are using remote access from client sites to transfer files, or access information back at the office. Some interesting and somewhat startling facts:

• The number of employee telecommuters in the United States increased 39%, from 12.4 million to 17.2 million, between 2006 and 2008.
• The sum of all teleworkers — employees, contractors and business owners — increased 43% from 2003 to 2008, reaching 33.7 million last year.
• Fewer people are teleworking full time; however, more people are working remotely at least once a month.
• The most common locations for remote work are home (87%), a customer’s place of business (41%) and car (37%). Restaurants and libraries are becoming less common locations for telecommuting.

In a previous submission to this newsletter I wrote about some parameters for setting up a remote office. In this article I want to focus on a specific type of threat that can put your business at risk during a remote access session. The threat can do damage even if you have followed all the proper guidelines such as setting up a VPN, creating a secure sharepoint portal, or an encrypted connection like Logmein. In all of these cases you still need to be aware of the security threat posed by keyloggers.

A keylogger is a piece of software that records every keystroke made on a computer. A hacker who installs a keylogger virus on your computer will be able to see everything you type on your machine -- which comes in handy when they want to steal passwords, credit card numbers, bank account numbers, or sensitive client data. (This is truly a business and compliance nightmare!!)

For years, cyber criminals have been installing keylogger viruses on easy-to-breach, publicly accessed machines, such as those used in libraries. But your worry as a remote user probably won't be whatever viruses are crawling all over a publicly used machine -- as statistics show, you're almost definitely using your own computer or a company-provided one for business work. So what you have to beware of is a whole new round of viruses that can be downloaded to your own PC.

Remember that Conficker worm that was supposed to strike on April Fool's Day, and ended up exploding about a week later? One of its most devastating payloads was a keylogger virus.

So to protect yourself from keyloggers stealing your passwords, don't ever use public computers for any procedure that requires a login -- that means everything from checking email to checking a bank balance. And before using your own computer, or when using a client computer to access your office, make sure the antivirus and antispyware definitions are up to date -- and that full system scans are run on a regular basis. (Many people halt system scans or just stop running them altogether because they take up so much processing power. The solution to this issue is to run them at night because they are essential.) Remember that the mere presence of Anti Virus and Anti Spyware software does not guarantee that a PC is clean, the software and the PC require regular and automated updates and maintenance.

Two Flavors of Network – How Do They Compare?

Different sizes and types of businesses need different types of networks. Do you know what kind is right for yours?

For small to mid-sized businesses, the big distinction is between peer-to-peer and client-server networks. In a peer-to-peer network, all machines are created equal; they each provide their own “resources” – meaning applications, computing power, and so on. If you take one machine out of the peer-to-peer network, the remaining machines can carry on as if nothing happened. A typical configuration might be two or three desktop computers, each connected to the Internet and to a common printer and fax machine. If two users need to share or exchange files, they’ll usually email them to each other or post them to a common Web portal.

In client-server network, the server acts as the primary provider of resources to the other machines. For example, a file server provides data files to the client machine whenever the client requests it. In order to access email, the client machine must “talk” to the email server, and so on. Client-server networks tend to offer a more secure environment than peer-to-peer networks because the server can better control access to resources. They also tend to be more conducive to collaboration, because clients can share resources from a single location rather than having to swap individual (and often duplicative) copies of data on a one-to-one basis. However, if a server fails, every client will lose access to the resources it provides; therefore, you’ll need a backup server or a failover strategy.

In short, a very small startup may need nothing more than a peer-to-peer network. But in order to scale well and make sure the company can grow in an orderly, organized fashion, you’re probably going to need a client-server network eventually.