While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Do you use a virtual private network to access file servers and printers back in the office when you’re traveling or teleworking? Organizations routinely employ VPNs so employees can use information resources over whatever network connection is available. In general, VPNs should be used with both agency-issued and employee-provided devices to ensure secure access, but it can be a good idea to fire up the VPN more regularly. Here are some ideas:
This may seem like common sense, but unless you’re actually using public Wi-Fi to access office resources (as opposed to just checking email or browsing the web), you may not think to further encrypt the connection. But you should, especially when using an agency-issued notebook or device. The same goes for when you’re connecting via hotel-provided wireless access, conference center Wi-Fi or other public networks in corporate lobbies or offices. Snoops can eavesdrop on your wireless communications and ferret out passwords, for example, if the link isn’t adequately encrypted.
Related to securing public connections is the simple requirement to keep Internet activity private while away from the office, regardless of connection. Whether you’re researching a project online or performing a simple search, doing so over a VPN will help hide your IP address. This may seem unimportant until you’re using your agency notebook and start seeing ads for products and services related to certain search topics.
Teleworkers have increasingly sophisticated home networks, comprising multiple personal computers, an agency-issued system, media and print servers, and more. When mixing work and home resources — or just to maintain greater personal security — consider encrypting your home network via VPN. Microsoft Windows comes with its own VPN client that you can set up through a wizard to connect multiple Windows systems. Speaking of home networks, you should also use a VPN when you’re at the office or on the road and need to reach back home to access information, such as an important file or presentation you were reviewing on the weekend.
Do you need to reach out to a colleague using one of many consumer or enterprise Voice over IP clients? Consider establishing a VPN connection first. The overhead required to encrypt the call data may affect performance, but at least you can rest assured the call is more private than it would be without a VPN.
This may apply only to international travelers and media consumers. Despite the openness of the Internet, certain online companies and even governments block access to certain sites depending on where the request originates (a processing known as geoblocking). In some cases, a VPN can allow you to get around such restrictions.
The VPN client loaded on an agency-issued device should work for most of what you want a VPN to do. On personal devices, or to accomplish other VPN-enabling tasks (such as avoiding geoblocking), you may need to set up your own VPN connection using Windows or a third-party open-source tool. Or, you can subscribe to one of many VPN services. In the end, training yourself to use a VPN for any network connectivity outside the agency firewall, regardless of the computing client, is a good step toward greater mobile security.