Re: Tele-Commuting Risks

[HITESH PATEL <hitesh50 () yahoo com>]

It really depends how you allow your remote employees to access your network.

If you allow remote employees to connect their personal systems (via VPN) then risk is much higher and could be 
unmanagable. It also depends how that VPN is configured/implemented. Employees personal systems might be infected and 
hence it becomes threat to your company when connected to your network.

If you allow your remote employees to connect the VM hosted on your network (via RDP) then you will have full control 
on the system, and risk can be controlled/managable. It also depends how that RDP connection is configured

-HP



----- Original Message ----
From: John <tornado579 () gmail com>
To: security-basics () securityfocus com
Sent: Friday, January 2, 2009 2:26:01 AM
Subject: Tele-Commuting Risks

Hi All,



Our company is planning to introduce Tele Commuting facilities for all the
employees. Some of the employees work on sensitive information like SSN,
Credit Cards etc. 

Our company also regularly undergoes ISO 27001 and SAS 70 audits.



I have the following questions:



Risks Involved in Tele Commuting? 


How to prevent information leakage while telecommuting especially when it
comes to PII? 


Audit and Compliance issues related to Tele Commuting? 




If you have any good web resources or suggestions it will be helpful. 



Thanks in advance.