Even small organizations should have some sort of encrypted connection between laptops and the office server. Ideally, this would be some sort of VPN connection, either IPsec or SSL. Since you only have eight users -- a small network indeed -- even these traditional VPN products might be too costly and involved.
Even a simple IPsec network from Cisco Systems Inc., for example, would have to run through a dedicated server or router, which might be more than a company can spare. Even though SSL VPNs, like Citrix, are Web-based and require only a browser to access the network, there's still some overhead in configuring them on a network. Products like those from vendors Aventail and Juniper Networks Inc. will require the installation of additional hardware on a small network.
But there's still hope for the small user. One alternative is GoToMyPC, an online-based SSL VPN using Citrix technology. Another similar service, LogMeIn, uses a laptop's existing firewall and requires little additional configuration. It can also mesh with two-factor authentication like RSA Security's SecurID, a one-time password (OTP) token, for additional security. Both products offer corporate accounts for business users.
Another option to consider is SSL-Explorer from 3SP Ltd., which offers an SSL VPN that doesn't require dedicated hardware. It can be installed on existing hardware and, like LogMeIn, can work with two-factor authentication.
On the physical side, laptops should be locked at all times when out of the office. The DEFCON SCL cable lock from Targus is designed for laptops, and can loop around the leg of a table at any coffee shop or airport lounge.
Finally, use common sense when carrying laptops around. Put them in non-descript briefcases without company logos so they can't be easily identified, and keep them in your possession at all times.
Dig deeper on SSL and TLS VPN Security
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.