Those pesky mobile users.
They are all too often the bane of security folks everywhere as they regularly seem to be system 0 for malware infections, tend to be administrative users on their systems more frequently, can go months (or years) at a time between office visits and of course, can never be without their systems as no laptop = no productivity and since many times they are the ones who sell the goods and provide the services that provide for our (or at least my) paycheck ...
So how to let them do what they need to do while making sure their system is secure as is the corporate network they VPN into?
Unless you have great policies including enforceable HR policies that make users accountable for thier actions, and a defense in depth approach that ensures AV and patches are up to date and checked before connecting to the network, renamed administrative accounts, proper file system permissions etc... you are at some level at the mercy of the action(s) of your users.
If you find yourself short a few policies and technical controls, user education becomes key.
Message #1 - With great power comes great responsibility. Sure, it's kind of corny and maybe being a local admin on your own system isn't great power but you get the idea. Educating your mobile users as to what is acceptable and allowed (policy or no policy) can bring a big return on a small investment assuming they actually do as you request.
because ...
Message #2 - Just because you can, doesn't necessarily mean that you should. Yes mister user, I know you're an admin on your machine. Yes I understand you're experiencing poor performance but that doesn't mean you should uninstall your AV software, install every spyware remover, registry cleaner and any other widget guaranteed on some web page somewhere to do what you want. For the record, you can format your hard drive. I wouldn't suggest it though.)
Of course many of us are mobile users and we would never do anything insecure, right?
So what are your tips and tricks for keeping your mobile workforce working and not bringing down the rest of the network? If you have any good stories surrounding mobile users, send them in as well and we'll publish the best ones changing the names as needed to protect the innocent -and- the guilty.
-Christopher Carboni
More...
Breakout Champion!
Linear Mode
