" vpn Archives - LuxSci

Posts Tagged ‘vpn’

Remote Work & Its Cybersecurity Implications

Tuesday, June 4th, 2019

Remote work has become a hot topic in recent years, with the rise of digital nomads as well as those who just want to sleep in, skip traffic and avoid their bosses. The increased flexibility can be great for workers, while organizations can save on office costs and even boost employee morale.

Despite the potential benefits, remote work can complicate an organization’s cybersecurity. Instead of having everything centrally controlled in the office, businesses with remote workers also have to account for people accessing their resources in other locations over potentially insecure connections and equipment.

It’s not an insurmountable problem, and all it requires is some basic analysis, planning and policy, as well as a few simple security tools.

What Kind of Data Does the Employee Need to Access?

Before you dive into the technology requirements and write up a detailed policy framework, it’s important to perform an analysis to see what kind of access remote employees will need in the course of their work, and to determine whether they process any data that needs to be protected.

Some employees may not require any access to company systems and don’t need to deal with sensitive data. Others may need to log in to company tools and databases, while certain remote workers may need to deal with sensitive business data or ePHI. Each of these situations will require a different approach to maintain an appropriate security level within your organization.

Low-risk Employees

If it’s just a graphic designer updating your flyers or a similar type of low-risk work, you probably don’t need to worry too much. The graphic designer could directly email the drafts to hackers and it wouldn’t have any serious ramifications for your company (unless the hackers have some kind of absurd hatred for spam and target your business in an over-the-top revenge plot).

For employees that don’t access company systems or its data, you really don’t need to take any major security precautions. If the employees only deal with information that you could post on a billboard without repercussions, there’s no real point in developing special systems.

The only policy that you would need in place is to ensure that the rest of your employees keep their communications on a strict need-to-know basis with remote employees. While these remote workers don’t need any sensitive information in the course of their work, it’s important to prevent any gossipers from divulging company secrets.  It’s also important to segregate their computer systems from those of sensitive employees if and when they happen to be in the same location, so as to avoid the spread of malware.

If your organization already has secure systems in place, it may be worthwhile to use them with remote employees that fall into this category. It could prevent such rare slip ups at a low cost, since the infrastructure is already available.

Employees that Access Company Resources, Sensitive Data or ePHI

If remote workers need to access company systems, sensitive data or ePHI in the course of their work, then your organization will need to take a number of precautions to secure itself and the data.

Again, you first need to analyze what the employees actually need and come up with policies and technologies that allow them to safely use it, without opening up any doors to unauthorized parties.

This policy should include rudimentary security processes like enforcing strong passwords and requiring two-factor authentication.

Access Control

Follow the principle of least privilege and only allow employees to access what they strictly need in order to accomplish their tasks. Opening up all of your company’s systems and its data to employees only adds unnecessary risk.

Over time, an employee’s access needs may change. If this occurs, simply adjust their privileges as necessary, whether this involves increasing or decreasing them.

Secure Employee Devices

Ideally, companies should be supplying the devices that their employees use so that they have strict control over them. These devices should have full-disk encryption with remote wipe capabilities, firewalls and antivirus software at a minimum. Your organization should also have strict rules about what employees can and cannot use company devices for.

VPN Access

VPNs offer one of the best ways to safely allow remote access to company resources. They fully encrypt the pathway between an employee’s device and the company server, preventing outside access.

Monitor Your Remote Workers

As part of your organization’s overall security policy, it should be monitoring and taking logs whenever employees access company resources. Not only does this deter employees from acting inappropriately, but it also makes it much easier to find the culprit if the company has been breached.

Obviously, this policy should be extended to remote workers who access company systems and data, as well as internal employees.

Encrypt Everything

Sensitive data needs to be encrypted whenever it is being collected, processed, transmitted or stored. LuxSci offers a range of services that can help your organization keep this data safe, from our secure forms and hosting, to our HIPAA-compliant email.

Encrypting all of your organization’s sensitive data is a crucial part of keeping it safe when dealing with remote employees. Between this and the steps mentioned above, you can offer your employees the freedom of working from anywhere without putting your organization at risk.

What is really protected by SSL and TLS?

Saturday, April 8th, 2017

This question came in via Ask Erik:

Hi Erik,

I stumbled upon your blog while trying to learn a little about SSL/TLS in the context of client/server e-mail sessions, i.e. not web mail which I understand to be an HTTP session.  I am just an ordinary user with no special security needs but I find all this news about corporate and government surveillance to be troubling for both philosophical and practical reasons.  In any case my questions is quite simple.

My e-mail client, apple mail, and my e-mail service provider both support SSL so my e-mail exchanges between my computer and the server are encrypted.  I understand that I can’t control what happens with other e-mail servers.  What I am trying to understand is what does it mean to be encrypted?  When an e-mail leaves my computer how much of the message is encrypted?   Are the e-mail headers encrypted including the sender and recipient e-mail addresses.  I would assume so but nobody talks about the details.  What metadata trail does a user leave when using SSL/TLS.  Is it is as simple as the destination and sending IP address with everything else encrypted?  Reading Data and Goliath right now by Bruce Schneider which talks about a lot of this stuff but again doesn’t give quite enough detail.  At the end of the day I am trying to understand how much protection SSL really provides.

SSL (now TLS) protects data as it travels across the Internet. To understand in detail how SSL works, we recommend reading: How does Secure Socket Layer (SSL andTLS) work?  However, looking at how the protocol works can leave answers to some of these fundamental questions a little unclear.  Lets address them one by one.

SSL and TLS Security

Read the rest of this post »

Do you need a VPN for Secure Email in a Wireless Hotspot?

Tuesday, January 28th, 2014

LuxSci has been approached by many people asking for VPN (Virtual Private Network) services.  When we ask them why, they indicate that they use wireless hotspots (like at Starbucks and other public places) that are insecure and untrusted and they want to be sure that their email is secure and encrypted there.*

Note that even if the hotspot is password protected and “secure”, that does not mean that it is “trusted”.  The hot stop administrators or other users of that hotspot could still try to intercept your Internet traffic.  So, just because it is a “secure” hotspot with the little lock next to it and a password that you must enter, do not assume you are safe at all.

Read the rest of this post »

LUXSCI