The number of businesses with employees that work at home has skyrocketed over the past few years, and each telecommuter has a unique set of support needs and desires. Most organizations give a handbook and kit to each user with reference information that can be used in the event of problems. But there are other things you might not think of that could be very helpful -- particularly from a security standpoint -- to give to your remote workers. Here are some suggestions:
A kit to combat spyware. The topic of spyware has become popular recently, and a lot of users may even ask you about your preferred procedures for keeping this malware off their machines. You should prepare a software-based kit, preferably on a small-sized USB thumb drive that the user can keep at his desk. The thumb drive could include AdAware, Spybot Search and Destroy or a licensed copy of your corporate spyware-prevention programs, along with a very obvious ReadMe file to guide users through downloading the latest signatures. This way, your remote users already have the necessary software at hand, and the less experienced ones require fewer minutes on the phone with your support people. And best of all, remote users who feel comfortable doing basic system cleaning can effectively remove spyware without tying up your help desk or their workday.
A guide to properly setting up the firewall on their perimeter device. Most remote users will probably have, or will be purchasing, a SOHO-oriented firewall/router device that connects their home networks (sometimes even a wireless network) with the broadband at their homes. Make sure they can configure it properly by providing them with a couple of pages, including screenshots, for the most common router models -- or the one you've standardized on if you have a lot of telecommuters. Help users secure the firewall and enable Wired Equivalent Privacy (WEP) if applicable. Make sure they open ports correctly if necessary and enable remote console access so you can help them if their router goes crazy. It happens. Don't forget that if corporate data resides at these users' houses, it's probably still your responsibility to make sure that that new leg of your network is secure as well.
Alternate actions for when the VPN goes down. Virtual private networks are by far the most common way that telecommuters bring themselves onto the corporate network to use the resources located therein. But what happens when the VPN doesn't work? (This happens fairly often to some of my colleagues.) Do your users simply twiddle their thumbs or go work in the yard for the day? Have some guidelines for how users can continue to be productive securely. Provide them with a URL so they can securely log onto your mail servers to send and receive e-mail. Teach them how to make a copy of their document folder when the VPN is working and how to regularly update that copy, so all isn't lost when they can't access the network versions of their documents and files. Help them maintain their productivity, and make sure that whatever alternate means these users are taking advantage of to connect to your premises are configured securely and appropriately hardened.
Help with running regular virus scans. Chances are that you've given remote workers access to your corporate copy of whatever antivirus software you're using. But you may not be able to include your remote users' nodes within the scope of the management features of your product. So write up a short, 5- to 6-step guide to updating virus signatures and performing a full system scan. Help your users schedule a reminder in their personal information management programs that prods them to run a scan. Make it easy for them -- you might even script a batch file or VBScript program to work with the locally installed copy of your AV client. But, in any case, document the process using clear, simple steps and include that page in your handbook.
A place for a complete hardware and software inventory. Consider licensing a copy of software like the Belarc Advisor to give you a list of product keys, installed software and a profile of hardware. This can be invaluable for troubleshooting and rebuilding a broken system.
A list of the standard stuff. Of course, don't forget to include help desk numbers, e-mail addresses, directions to the nearest computer repair shop, policies and procedures for your support infrastructure and the other common information users might need.
About the author: Jonathan Hassell is author of Hardening Windows (Apress LP) and is a SearchWindowsSecurity.com site expert. Hassell is a systems administrator and IT consultant residing in Raleigh, N.C., who has extensive experience in networking technologies and Internet connectivity. He runs his own Web-hosting business, Enable Hosting. His previous book, RADIUS (O'Reilly & Associates), is a guide to implementing the RADIUS authentication protocol and overall network security.