Access data or internet services outside of company security can be important in many business scenarios. Often management personnel or staff from different departments such as sales conduct their activities outside the company.
Request an offerBenefits
The possibility that employees can access the resources of the company represents an increase both of productivity and of financial earnings, eliminating the need to travel to the headquarters of the company. There is another advantage to this practice, and that is a gain in image and brand. In order to benefit from all these advantages, the access to secured information should be configured by a specialist to properly asses all security risks.
Risks
Anyone accessing data from outside the company should be careful about security. Today, most hotels, cafes, restaurants or airports offer the ability to connect to the internet via a wireless connection. The same network can easily connect a bad intentional person who, without being a specialist, can intercept the communication and can thus find passwords for access to the company's resources.
Communications outside the company must be encrypted so that they can not be used in case of interception. The risks to which a person accessing data from outside the company is exposed are interception of communications and the possibility that data access to company resources may reach bad intent. Besides the theft of data, they can be altered or, worse, deleted by the attacker, which can cause very large financial losses or even suspension of activity.
Solutions
Find out more
There are many communication protocols that send information in clear text. An example of this is the communications protocol for e-mail, POP3, or the ftp file transfer protocol. Communications between the mobile device and the resources inside the company can be done in a secure way using a VPN (Virtual Private Network) connection.
There are several types of VPNs offering different degrees of security:
- IP security (IPsec)
- Secure Sockets Layer / Layer Security (SSL/TLS)
- Layer 2 Tunneling Protocol, version 3 (L2TPv3)
Using a VPN connection to access information inside your business is generally done using a VPN client that is installed on devices that access the company's resources and a VPN server. The VPN server can be Cisco hardware, Fortigate hardware, and / or a Microsoft, Linux / Unix server. Secure Hyper Text Transfer Protocol (https) is used to secure a communication to a web server.
Our Recommendation
Journaling policies on access to information inside the company need to be evaluated and, in most cases, reviewed. Each company must pay special attention to foreign people's access to internal information, so that any risk is eliminated.