Manage Learn to apply best practices and optimize your operations.

What's the best way to secure VPN access for teleworkers?

The U.S. Postal Service suspended teleworking following a recent breach. Expert Kevin Beaver explains why teleworkers aren't always to blame in the event of a breach and explores methods for secure VPN access.

The U.S. Postal Service recently suspended teleworking after a reported breach, yet I think there's an argument to be made that VPN connections are by and large very secure. In the event of an internal network breach, in what scenarios would there be a legitimate case to disallow VPN use for a period of time?

I believe VPN and related remote access technologies are great for connecting teleworkers. That said, secure VPN access is usually not the problem in these types of breaches. Instead, it's the broad lack of visibility and control that network and security admins and analysts have related to their networks.

For example, organizations with networks that fall victim to these attacks often have a shortcoming in one of three areas:

  • Knowing what information (and users) are where
  • Understanding the risks
  • Doing something about it

If they weren't forced to, many organizations would go indefinitely without ever performing an information risk assessment. You can't secure what you don't acknowledge. It's easier to ignore the underlying basic security principles than to seek them out because once you've uncovered the issues, you have to do something about them or you'll be called out on your oversights by a savvy incident responder or lawyer. The "doing something about it" part involves people not having the proper technologies to prevent or at least detect such breaches, including:

You can have all the security policies, procedures and standards you want around secure VPN access and teleworkers. However, unless and until you have a means to enforce everything through these types of technical controls, you're going to remain at risk.

Government agencies such as the USPS should be familiar with the concept of "trust but verify", but obviously they're losing the battle.

Just do the best you can; the more insight and information the better. Otherwise, you're blindly trusting that all is well on the network and it's often not.

Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)

Next Steps

Get pointed advice on encouraging safe teleworker wireless LAN use

This was last published in June 2015

Dig Deeper on Secure remote access