Problem solve Get help with specific problems with your technologies, process and projects.

Maintaining data security when the employee base goes remote

Mike Chapple reviews which security practices and policies need to be enforced when your employee base works entirely from home.

A reader recently wrote to network security expert Mike Chapple:
"I am a partial owner of a small graphics company. Our main customer base is made up of small businesses and independent grocery stores. My two partners and I are thinking about closing our office and working out of our individual homes. What security considerations should be made? I am particularly interested in the cost and materials needed to set up a VPN for a Macintosh environment. Our office machines are still running Mac OS 9."

Below, Chapple reviews which security practices and policies need to be enforced when your employee base works entirely from home.

My main concern after reading your question concerns data storage: where will your important company data reside? Chances are that you have a server running in your current office that stores your work product. Hopefully, that server is regularly backed up, and you're storing the backups in a secure offsite location.

If you close your office, where will you keep that server? Will it have the same physical security protections as it has now? You may wish to consider either placing your server in a collocation environment where a hosting organization provides a secure physical space for it. Use of a commercial file-hosting service could also be considered.

Second, think about how you will connect remote users to the server. You're on the right track thinking about using a virtual private network for this purpose. The simplest solution would be to purchase a firewall with built-in VPN capability; most firewalls on the market today offer this feature. Remote users can then connect to that VPN when they access the file server, ensuring that their connections are secure.

About the author:
Mike Chapple, CISA, CISSP, is an IT security professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.

Dig Deeper on Managing firewalls

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.