Case Studies

Do You Know Where Your Employees Are?

IT managers are using a mix of hardware and software tools and targeted usage policies to keep tabs on remote workers.
This story appears in the September 2008 issue of BizTech Magazine.

Jason Prescott, CEO of JP Communications, is troubled but not surprised by the numbers: 38 percent of U.S. workers take documents out of the office each week on portable devices, and 23 percent use web-based e-mail to do so, according to a survey by security software maker McAfee. Prescott, after all, had to fire one of his sales reps for e-mailing pilfered customer contacts to his home computer.

What the sales rep either forgot or ignored, says Prescott, was a warning on his first day on the job that JP Communications uses security software that lets Prescott see every instant message, every e-mail and every file sent by or received on company computers. That includes the notebook computers some workers use on the road and at home and messages sent from personal e-mail accounts on company-owned systems.

“You don’t want to be Big Brother. But you want to protect your company and data,” says Prescott, whose San Marcos, Calif., company operates and other business-to-business websites. “We have had employees visit prohibited sites for hours upon hours. We’ve had parts of our database accessed by employees who did not have permission to do so. Without monitoring software, we would not have known that.”

Prescott insists he isn’t being heavy handed, and he’s not alone. Ninety-one percent of IT executives say there is a greater risk of sensitive data being leaked when networks are made accessible to remote and mobile workers, according to research by AEP Networks of Somerset, N.J.

That’s why small-business executives like Prescott have begun using a combination of powerful hardware and software tools and stringent employee policies to keep remote workers productive — and in line.

A typical mix includes software, such as RSA’s Endpoint, that monitors and blocks the movement of sensitive data from notebooks and desktops to mobile devices; and firewalls, such as Check Point Endpoint Security and Novell ZENworks Endpoint Security Management, that report on which websites remote users are attempting to access through the desktop firewall or VPN client.

The mix also includes software that blocks access to gambling, pornography and other prohibited websites, based either on the URL or the bandwidth consumed. Products in this category include Websense Security Suite and GFI WebMonitor.

“Controlling external websites visited by staff reduces risk, helps monitor usage where needed and helps provide automated controls to back up rules of use or acceptable-use guidelines,” says Barry Lewis, owner of Cerberus ISC, a data security consultancy in Toronto.

Fabiana Gower, the director of IT for Martin, Fletcher & Associates, a medical staffing firm based in Irving, Texas, swears by her three-layered security mix.

The first layer is network management and monitoring software from Lumension Security that prevents unauthorized devices — whether they use Wi-Fi, USB, Firewire or Bluetooth — from connecting to the corporate network. The second layer is a firewall from WatchGuard Technologies that limits web access, creates a VPN, and reports on which websites remote users are attempting to access. A third layer is Microsoft Active Directory, which controls which users in one domain are allowed to access resources in another domain. So far, so good, says Gower: “We haven’t had any unauthorized users access our network,” she says.

Throughout the year, as many as 50 of Martin, Fletcher’s 200 employees visit hundreds of hospitals equipped with either a notebook or tablet PC capable of tapping into the company’s database of hospital administrators, physicians and other healthcare workers. Each device is monitored. In addition, a handful of these workers now use Treo smartphones. For now, Gower has blocked the handhelds from accessing the company network altogether.

Protection Policies

Any effort to keep close tabs on remote workers requires very specific usage polices. Start by notifying your employees, explaining to them what online behavior is expected and what is forbidden, says Darren Scully, director of information technology at Brent Coon & Associates, a Beaumont, Texas, law firm.

“Your policies and process should be the same whether that user is in the office or in the middle of an airport,” says Scully. “Prepare your firm, your clients and your users the same way you prepare your kids before they walk out the door for the first day of school: Educate them. Advise them of the equipment, the ramifications of the use of the equipment as well as what the guidelines are.”

Scully says before Brent Coon instituted its current guidelines, employees paid little heed to data security warnings. “Before I changed my thinking, we had notebooks left in airports, lost, stolen, broken beyond repair as well as one user who threw it away in a dumpster out of anger. I’ve seen it all.” Now, when employees are issued any portable device, they must fill out a form, acknowledging their responsibility for the device and its content. “Your data is more secure because the user guards it.

JP Communications’s Prescott agrees with such up-front policies. “We have strict confidentiality and data-protection clauses in our employee contract and in the company handbook. It’s all spelled out on the first day of employment,” he says.

But most of the time the threat of being caught — and the technology to back up that threat — is usually deterrence enough to stop the most egregious PC-related behavior, says Prescott.

Sign up for our e-newsletter


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.