Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Letting employees work at home and in coffee shops, trains, or anywhere else with Internet access cuts costs and increases productivity, but it also poses significant security risks. Many computer security experts say companies don’t do nearly enough to reduce the chance that an employee will lose data or intellectual property while outside the office.

Many organizations protect their networks with firewalls that restrict access to particular resources, a step akin to putting a lock on a door. Many also have virtual private networks (VPNs) that encrypt data traveling from the corporate networks to remote employees. But just how effective this is depends on how access to the VPN is granted; given that basic passwords can be guessed or “phished” out of employees, it’s safer to add an additional step.

For some organizations, that step involves hardware tokens—small devices that generate one-time passwords every so often—or software equivalents. (Recent hacking attacks on token provider RSA, which led to a follow-up hack on Lockheed Martin, do not appear to have permanently undermined the underlying cryptographic technology used in RSA’s tokens.) When used correctly, VPNs with strong authentication procedures are difficult to hack, even over public Wi-Fi networks where eavesdroppers otherwise sniff out traffic easily.

But securing data requires more than setting up firewalls and VPNs. Although “social engineering” attacks, in which a victim is tricked or forced into giving up passwords or other sensitive information, are not unique to telecommuters, the scams can be harder to pull off in the face of the organizational security an office offers, says Steven Chan, a research fellow and chief software architect with MIT’s engineering systems division. To approach an employee who handles sensitive information, “you can pretend that you’re a bike courier or FedEx guy, but you still have to get past the security guard, receptionist, and so on,” Chan says. People who work alone are more vulnerable.

2 comments. Share your thoughts »

Credit: Ed Yourdon

Tagged: Business, Business Impact, hacking, Securing Data

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me