The only thing constant in the universe is change. Similarly, the only thing constant in business is change. Businesses are constantly moving, growing, and changing. These days, providing remote access has become more than just a "nice to have". For most businesses, it's become the defacto standard to be able to access your systems and work whenever and wherever you need to.
However, remote access isn’t without its issues and concerns. And as an LA based business, you’d do well to familiarize yourself with the best practices around secure remote access before simply rolling it out. Remote access increases the cybersecurity considerations exponentially and addressing them should be high on your to-do list when adding remote access capabilities to your workflow.
While setting up remote access isn’t all that difficult to do (technically), it does require some strategic thought before diving in. We've seen more than our fair share of what would amount to cyber-horror stories in terms of how (poorly) remote access is secured. Before you jump in, here are our recommended best practices when implementing it...
Establish Appropriate Security Protocols Early On
It's essential that you consider and review your security protocol before introducing remote access; what's the communication methodology? are you sure this is secure? and what's the approach to remote data storage? have you secured all the potential "data leakage" points?
Beyond just the functionality of remote access, have you set the standards addressing all failure points? Malware and firewalls must be kept updated - and this means from the remote connection side too!
It’s also essential to use strong passwords for everything. Think about drawing up a password policy to keep your users in line and recommend changing passwords at regular intervals.
You need to ensure that all access to your network is authenticated, while spyware and antivirus software protect your computing resources, what’s in place to protect and secure your proprietary information outside of the four walls of your office?
Do NOT Allow Remote Connections if You're Not Using a VPN
Step 1 in implementing security controls for remote access is to make sure your users are connecting via a VPN (a Virtual Private Network). This seems simple, but you'd be surprised how many new clients we pick up who aren't using a VPN and their old IT company simply opened ports on their firewalls to allow remote access. Your firewall should be locked down and you shouldn't be allowing anyone to connect to your network unsecured - no matter who it is or how much you think no one wants your data.
Secure Your Remote Connections Using Dual Factor Authentication
These days Dual Factor Authentication (or 2FA) should be a must if you want secure access to your network - even from your local desktops. That said, 2FA is a must if you're allowing users to access to any of your network resources remotely.
Think in Terms of Protecting Your Company's Assets (Rather Than Devices)
It can be tempting to set your security with your employees’ devices in mind, but you really need to be thinking about the information those devices will be accessing and the assets at the heart of your business. This will help you to formulate a security strategy and ensure that you’re protecting your most valuable property. If lost or stolen, devices can be replaced; but years’ worth of data, sensitive accounting or customer information, and proprietary intellectual property cannot. Let alone the impact to your business should you have a CCPA reportable data leakage incident.
Educate Your Staff
If you're to keep your network safe and ensure that your team is able to access your systems remotely without worry, it’s essential that you educate your staff on proper remote access etiquette. What are the potential pitfalls associated with remote access and why do your staff need be aware of them? Now is the time to monitor data access – not to catch staff, but rather to ensure that everyone is working together to prevent data leakage, fraud, or a cybersecurity incident.
As long as you take security seriously, it is possible to have flexible remote access without compromising efficiency or safety – it will need to work for and with your employees, after all. Education also makes sure that you stand out as the head of the network, retaining control over the system and being able to monitor how it’s being used. The most secure systems are those with someone having ownership over them, rather than dozens of conflicting interests all vying for their say; be that boss.
Make Sure Your Acceptable Use Policy Includes Remote Access
If you don't already have one, a change like implementing remote access is a great time to introduce an Acceptable Use Policy (AUP) so that all team members know the policies are when it comes to accessing your company's network resources remotely. The policy should outline things like:
- what devices can be connected
- what information can be accessed
- how to secure the platforms connecting remotely
- the overall operating procedures
- a strict disclosure detailing the penalties that can be expected if the policies aren’t followed
An AUP takes back control of your network resources to ensure safety and also looks after staff members so that those bringing their own devices can relax just a little bit more. With an AUP document, security breaches will be easier to identify and shut down. An AUP will limit access to who has information and will ensure that no unauthorized software is installed. It will also dictate which websites can and can’t be visited and the types of files that are eligible for download.
Document, Track, and Manage Who Has Remote Access
Ensure that you have a process in place granting remote access as well as revoking it and that this process is documented, tracked, and kept current at all times. Make sure you document this with signatures of the staff involved (both those getting access as well as those granting them).
Clearly, the ability to provide remote access for your staff will improve their productivity and the performance of your business. At the same time, it also needs a lot of planning, understanding, and control in order for it to work most efficiently as well as securely. Make sure you’ve done all your research and addressed all the risks prior to adding this great feature to your technology toolkit.
Do you currently offer remote access? How do you manage the process? Please share your thoughts in the Comment box below or shoot me an email if you'd like to chat about this in more detail.