Even small organizations should have some sort of encrypted connection between laptops and the office server. Ideally, this would be some sort of VPN connection, either IPsec or SSL. Since you only have eight users -- a small network indeed -- even these traditional VPN products might be too costly and involved.
Even a simple IPsec network from Cisco Systems Inc., for example, would have to run through a dedicated server or router, which might be more than a company can spare. Even though SSL VPNs, like Citrix, are Web-based and require only a browser to access the network, there's still some overhead in configuring them on a network. Products like those from vendors Aventail and Juniper Networks Inc. will require the installation of additional hardware on a small network.
But there's still hope for the small user. One alternative is GoToMyPC, an online-based SSL VPN using Citrix technology. Another similar service, LogMeIn, uses a laptop's existing firewall and requires little additional configuration. It can also mesh with two-factor authentication like RSA Security's SecurID, a one-time password (OTP) token, for additional security. Both products offer corporate accounts for business users.
Another option to consider is SSL-Explorer from 3SP Ltd., which offers an SSL VPN that doesn't require dedicated hardware. It can be installed on existing hardware and, like LogMeIn, can work with two-factor authentication.
On the physical side, laptops should be locked at all times when out of the office. The DEFCON SCL cable lock from Targus is designed for laptops, and can loop around the leg of a table at any coffee shop or airport lounge.
Finally, use common sense when carrying laptops around. Put them in non-descript briefcases without company logos so they can't be easily identified, and keep them in your possession at all times.
This was first published in January 2008