Remote Access Best Practices To Protect Your Business

Craig Pollack | Dec 19, 2017

The only thing constant in the universe is change.  Similarly, business is constantly moving, growing, and changing. These days, providing remote access has become more than just a "nice to have". For most businesses, it's become the defacto standard to be able to access your systems and work whenever and wherever you need to.

However, remote access isn’t without its issues and concerns.  And as an LA based business, you’d do well to familiarize yourself with the best practices around remote access before rolling it out.  For example, remote access increases the security considerations exponentially and addressing this should be high on your to-do list if you’re considering adding remote access capabilities to your operations.

While, technically, remote access isn’t all that difficult to make happen.  It does require some strategic thought before diving in. So here are our recommended best practices when implementing it...

Establish Appropriate Security Protocols Early On

It's essential that you consider and review your security protocol before introducing remote access; how will you ensure that data remains safe? Have you looked into encryption? Malware and firewalls must be kept updated - and this means from the remote connection side! Also, it’s essential to use strong passwords for everything. Think about drawing up a password policy to keep your users in line and recommend changing passwords at regular intervals.

You need to ensure that all access to your network is authenticated, while spyware and antivirus software protect your computing resources, what’s in place to protect and secure your proprietary information outside of the walls of your office?

Do NOT Allow Remote Connections if You're Not Using a VPN

Step 1 in implementing security controls for remote access is to make sure your users are connecting via a VPN (a Virtual Private Network). This seems simple, but you'd be surprised how many new clients we pick up who have open ports on their firewalls to allow remote access.  Your firewall should be locked down and you shouldn't be allowing anyone to connect to your network unsecured - no matter who it is or how much you think no one wants your data.

Secure Your Remote Connections Using Dual Factor Authentication

These days Dual Factor Authentication is really a must if you really want to secure your network. Needless to say it's a must if you're allowing users to access your network remotely.  

Think in Terms of Protecting Your Company's Assets (Rather Than Devices)

It can be tempting to set your security with your employees’ devices in mind, but you really need to be thinking about the information those devices will be accessing and the assets at the heart of your business. This will help you to formulate a security strategy and ensure that you’re protecting your most valuable property. If lost or stolen, devices can be replaced. But years’ worth of data, sensitive accounting information, and proprietary intellectual property cannot.

Educate Your Staff

If you're to keep your network safe and ensure that your team is able to access your system without worry, it’s essential that you educate your staff on proper remote access etiquette. What are the potential pitfalls associated with remote access and why do your staff need be aware of them? Now is the time to monitor data access – not to catch staff, but rather to ensure that everyone is working together to prevent data leakage and fraud.

As long as you take security seriously, it is possible to operate a flexible remote access system without compromise to efficiency or safety – it will need to work for and with your employees, after all. Education also makes sure that you stand out as the head of the network, retaining control over the system and being able to monitor how it’s being used. The most secure systems are those with someone having ownership over them, rather than dozens of conflicting interests all vying for their say; be that boss.

Make Sure Your Acceptable Use Policy Includes Remote Access

If you don't already have one, a change like implementing remote access is a great time to introduce an AUP so that all team members know what the policies are when it comes to accessing your firm’s network resources remotely. The policy should outline what devices can be connected, what information can be accessed, how to secure the platforms connecting remotely, and the overall operating procedures, as well as a strict disclosure detailing the penalties that can be expected if the policies aren’t followed.

An AUP takes back control of the network to ensure safety and also looks after staff members so that those bringing their own devices can relax just a little bit more. With an AUP document, security breaches will be easier to identify and shut down. An AUP will limit access to who has information and will ensure that no unauthorized software is installed. It will also dictate which websites can and can’t be visited and the types of files that are eligible for download.

Document, Track, and Manage Who Has Remote Access

Ensure that you have a process in place granting remote access as well as revoking it and that this process is documented, tracked, and kept current at all times.  Make sure you document this with signatures of the staff involved (both those getting access as well as those granting them).

Clearly, the ability to provide remote access for your staff will improve their productivity and the performance of your business.  At the same time, it also needs a lot of planning, understanding, and control in order for it to work most efficiently.  Make sure you’ve done all your research and addressed all the risks prior to adding this great feature to your technology toolkit.

Do you currently offer remote access? How do you manage the process? Please share your thoughts in the Comment box below or shoot me an email if you'd like to chat about this in more detail.

Free Technology Review Call

Author

Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.

Comments