Some of the decisions by IT and security professionals are innovative, secure and even cutting-edge, while others are downright cringe-worthy and laden with potential risk. One security decision I’ve seen is allowing the installation of your organization’s virtual private network (VPN) software on an employee’s home computer for remote access. While some security professionals may think of this as an acceptable practice, this policy is high risk with an undesirable attack vector when permitting access into your environment.