Jump to content

 

 

Working from home


Recommended Posts

7 hours ago, Bill said:

I don’t assume that at all. All of that said, third world economic and industrial development will still fuel coal and oil demand for many years. 

So will first and second world,  there is no alternative,  the so called renewable energies are vastly more inefficient than the propaganda would have us all believe.  Nothing comes even close to hydrocarbon if your measuring bang for buck 

 

Everyone driving electric cars soon, ha ha ha, there is no infrastructure nor the surplus power to charge the batteries .

 

Its all fvcking fake

Link to post
Share on other sites

11 hours ago, Bill said:

How do you ensure IP security with employees working from home. I used to own a company designing high end engineered products and invested a lot of money ensuring CAD drawings etc could not be accessed or transmitted beyond my own servers, although God knows more than a few tried. That would be impossible withhome working.

It's not impossible.

 

Find a way to restrict network use on a staff machine.  Insist on encrypted data storage and transfer.

 

Maybe software solutions exist that allow you to work on IP without even downloading it.

Link to post
Share on other sites

4 minutes ago, ranger_syntax said:

It's not impossible.

 

Find a way to restrict network use on a staff machine.  Insist on encrypted data storage and transfer.

 

Maybe software solutions exist that allow you to work on IP without even downloading it.

It is impossible as far as I can see. Even in a controlled office situation it's next to impossible to plug all the holes. We restricted server access so that only designated company desktops could access files on the server, removed all hard drives and had all work performed on the server, locked all external USB ports and used tracer software to monitor who accessed which file and when, but couldn't fully prevent files being emailed - even though we could monitor all emails, locking the door after the horse has bolted isn't much of a consolation. Given that most sensitive theft is associated with the promise of another job elsewhere, the perpetrator isn't much worried about being caught. It happened to me twice, with times by using someone else's PC to email a bunch of files, both times by a senior employee with access to all of his team's machines. I guess we could have done more and other options are probably available today but God knows we spent enough on security and the idea of trying to control homeworkers to the same extent doesn't bear thinking about. 

Link to post
Share on other sites

30 minutes ago, Bill said:

It is impossible as far as I can see. Even in a controlled office situation it's next to impossible to plug all the holes. We restricted server access so that only designated company desktops could access files on the server, removed all hard drives and had all work performed on the server, locked all external USB ports and used tracer software to monitor who accessed which file and when, but couldn't fully prevent files being emailed - even though we could monitor all emails, locking the door after the horse has bolted isn't much of a consolation. Given that most sensitive theft is associated with the promise of another job elsewhere, the perpetrator isn't much worried about being caught. It happened to me twice, with times by using someone else's PC to email a bunch of files, both times by a senior employee with access to all of his team's machines. I guess we could have done more and other options are probably available today but God knows we spent enough on security and the idea of trying to control homeworkers to the same extent doesn't bear thinking about. 

My suggestions depend on trusted staff.  If your staff don't understand that attaching unencrypted files to an email is insecure then you have no chance.

 

Jobs with sensitive IP are in the minority though.  In many cases it probably is better just to bring them in to the office for that.  Freeing the other 99 percent of people from disgusting commutes is a big enough win.

Link to post
Share on other sites

25 minutes ago, ranger_syntax said:

My suggestions depend on trusted staff.  If your staff don't understand that attaching unencrypted files to an email is insecure then you have no chance.

 

Jobs with sensitive IP are in the minority though.  In many cases it probably is better just to bring them in to the office for that.  Freeing the other 99 percent of people from disgusting commutes is a big enough win.

I don't think you understand the issue. It's easy to protect against external attack. However, the vast majority of security threats come from within the organisation, not outside.

 

And if all staff were trustworthy there would be nothing to discuss. Experience shows they're not. The world is full of people trying to sell sensitive information to competitors in the hope of securing a suitable reward. I've seen several companies brought to their knees by this and when your business depends on your ability to create and protect innovation then simply hoping or assuming all staff are trustworthy is like playing Russian roulette. Hence the huge security challenge of home working

Link to post
Share on other sites

6 hours ago, Bill said:

I don't think you understand the issue. It's easy to protect against external attack. However, the vast majority of security threats come from within the organisation, not outside.

 

And if all staff were trustworthy there would be nothing to discuss. Experience shows they're not. The world is full of people trying to sell sensitive information to competitors in the hope of securing a suitable reward. I've seen several companies brought to their knees by this and when your business depends on your ability to create and protect innovation then simply hoping or assuming all staff are trustworthy is like playing Russian roulette. Hence the huge security challenge of home working

I understand well enough. 

 

You're original contention is that it is impossible to secure your IP when staff are working remotely.  It's not.

 

You've mentioned that the biggest problem is what staff actually do with data and I've already agreed.

Link to post
Share on other sites

3 hours ago, ranger_syntax said:

I understand well enough. 

 

You're original contention is that it is impossible to secure your IP when staff are working remotely.  It's not.

 

You've mentioned that the biggest problem is what staff actually do with data and I've already agreed.

You don't show that you understand so it's difficult to judge. But let's substitute impossible with not practically possible, so that we stay out of the realms of fantasy.

 

If we agree that the problem is what staff do with the data (well of course it is) and you still say that security is possible in a home working context then I'd love to see what the basis is for this. If it's new IT technology since I last addressed security then I'd like to learn. If it's something I could have done but my IT advisors overlooked then I'd appreciate the insight. But as much as anything I'd like it pass it on to a some small businesses I mentor. So spill the beans please.

Edited by Bill
Link to post
Share on other sites

  • 3 weeks later...
On ‎21‎/‎06‎/‎2021 at 16:09, gaspard said:

So will first and second world,  there is no alternative,  the so called renewable energies are vastly more inefficient than the propaganda would have us all believe.  Nothing comes even close to hydrocarbon if your measuring bang for buck 

 

Everyone driving electric cars soon, ha ha ha, there is no infrastructure nor the surplus power to charge the batteries .

 

Its all fvcking fake

We insure all the major energy companies - at our AGM in 2019 renewables was the theme and we had a SVP of investor relations for Eni (the Italian behemoth) present about how Eni would be carbon neutral by 2025, spending $10 billion in doing so.

 

A question that came up was about electric vehicles..... and that question was how many would it take to get the world carbon neutral.  At that point the response was pretty much "300 million EV's, but that won't be the issue.  The issue will be that there isn't a power grid anywhere in the world that will be able to support such a significant increase in power supply - every grid would fail and there would be mass power outages".  Electric energy still needs to be powered too, that's what many don't realise.  They think that a shift to electric vehicles solves the problems but it doesn't because electric also needs to be powered itself.

 

You are spot on - it is all nothing more than soundbites right now.

Link to post
Share on other sites

1 hour ago, craig said:

We insure all the major energy companies - at our AGM in 2019 renewables was the theme and we had a SVP of investor relations for Eni (the Italian behemoth) present about how Eni would be carbon neutral by 2025, spending $10 billion in doing so.

 

A question that came up was about electric vehicles..... and that question was how many would it take to get the world carbon neutral.  At that point the response was pretty much "300 million EV's, but that won't be the issue.  The issue will be that there isn't a power grid anywhere in the world that will be able to support such a significant increase in power supply - every grid would fail and there would be mass power outages".  Electric energy still needs to be powered too, that's what many don't realise.  They think that a shift to electric vehicles solves the problems but it doesn't because electric also needs to be powered itself.

 

You are spot on - it is all nothing more than soundbites right now.

EV’s have become an emblem of self-delusion. They’d be as well digging up the roads and banning driving altogether. 

Link to post
Share on other sites

On 21/06/2021 at 23:48, Bill said:

I don't think you understand the issue. It's easy to protect against external attack. However, the vast majority of security threats come from within the organisation, not outside.

 

And if all staff were trustworthy there would be nothing to discuss. Experience shows they're not. The world is full of people trying to sell sensitive information to competitors in the hope of securing a suitable reward. I've seen several companies brought to their knees by this and when your business depends on your ability to create and protect innovation then simply hoping or assuming all staff are trustworthy is like playing Russian roulette. Hence the huge security challenge of home working

I’d like to put your second sentence to the test, but you’re right - the vast majority of the breaches are usually the mixture of the two. Spear phishing is horribly easy. In terms of working from home and trusting users entirely it’s impossible, like everything in infosec is - it’s risk management, breach is inevitable - but I have seen it done quite well. No external drives, no unreviewed e-mail to external addresses, no privnote, access to file sharing sites etc, subnet separation, proper access management. MFA, VPN. Intelligent firewall at the VPN level. Defence in depth. The important thing is just trust based role access. You’re not going to outsmart someone with infosec experience who is used to data exfiltration but you should mop up the majority if you do it properly. 

Edited by bmck
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.