Understand that security goes beyond the VPN
VPNs have become a staple tool for teleworkers looking to connect to corporate data. But there are severe limitations on what VPNs can do that make it hazardous to rely on as a sole security measure, Bozich warns.
"The VPN creates a secure point-to-point connection where data isn't susceptible to being intercepted," he says. "But it doesn't address issues of whether there is virus on your machine. Obviously, having a VPN is better than not having a VPN, but you should understand that it doesn't allow IT administrators to form a comprehensive set of policies around it."
Installing firewalls and antivirus software are the most obvious additions to having a VPN connection, Brown says. Another option, she says, is to access corporate data directly through a protected Web site that is configured SSL, which enables encryption of sensitive data over the Web.
"If you want to have enterprise data that can be accessed through the Web, you need to ensure that it's going through a secure site, and that's where you're getting into the SSL environment," she says. "You can go to a particular Web site, you log in, and it will establish an SSL connection, and just like an IPSec type of pipe, it would add the layer of security that you'd need."
But while having strong network and Web tools in place is a big piece of securing a WAN for teleworkers, having smart, informed workers who follow company policies is even more important. In other words, even the most advanced network security system will be no match for human failings. Brown says this means that companies will have to adopt strict policies on what sites teleworkers can and can't access and to make sure employees know not to open personal e-mails or any e-mails that look suspicious while connected to the enterprise WAN.
"The biggest issue with security has to do with simple stupidity," notes Chuck Wilsker, the CEO of the Telework Coalition. "When the VA lost all those records, for instance, it was because someone took out a hard drive that had sensitive data on it."