Having secure remote access is not convenient. To provide secure remote access, you must have a multi-faceted system in place with at least a two-level authentication method to allow users into your network and avoid giving access to unwanted users.
If you think about your network like a home, consider there are windows and doors in your home that allow you and others to enter and leave. You put locks on the openings in your home to control who enters and keep unwanted visitors from entering. Security on your network is based on that same simple principal. There are vulnerabilities in computer networks that must be “locked down” to control who has access to them. We find that many business owners are not aware of the vulnerabilities they may have in their network and computer systems because they don’t know enough about remote access or what their “doors and windows” are.
“In today’s environment, teenagers are able to hack into your computer system.”
Security and secure systems should be a deterrent for random people to hack into your network and computer systems. The more secure and inconvenient it is for someone to hack into your system, the more likely they will move on to the next system that is easier to get into.
Here are basic best practices for implementing secure remote access to your network and computer systems.
Remote User “Requirements”
- Use Business-Owned Devices – Remote workers using company-owned computer and mobile devices so you can dictate security policy on that computer is a major requirement. At no point should they be using their own computer, installing their own applications on it, or using it for personal reasons. As a business-owned computer, you have the right and ability to monitor the security and configuration of that unit. If it’s someone’s personal computer, you don’t have the right to do that.
- Encrypted Devices – All remote access computers and phones should be encrypted. Users must enter a password to enter the device. If the device gets lost, it should be configured so that it is automatically rendered useless.
- No Public WiFi – Remote users should use their own phone hotspot or MiFi devices to connect to the Internet. Users should not be using public WiFi. Your IT manager can configure these devices to ensure these hotspot applications are set up. Remote users should not use hotel or restaurant WiFi as these may not be secure.
- Encrypted Connections – Some level of security software should be in use (Virtual Private Network – VPN, or other) to ensure that the physical connection from remote to host is secure.
- Avoid Using Freeware or Shareware Solutions for Remote Access – Remote users should not use free versions of Team Viewer, VNC Viewer, etc. Opt instead to use the purchased versions of these applications, if necessary, and ensure your IT manager has control over how they are configured.
Best Practices for Business Owners
- Ensure you have remote access to this computer to apply security updates to it on a regular basis.
- Ensure that utilities set up so that you may remotely monitor these devices to ensure they are being used according to company IT security policies.
- If you’re concerned about employee productivity, software can be installed on the devices to track employee productivity.
- If you’re concerned about employees accessing social media, personal email, or other sites from company-owned devices, software can be installed that can filter content when remote users browse the Internet restricting their access to these areas.
Remote access is one component of your overall IT computing environment. Kenneally Technology Services can review your remote access capabilities to see what improvements are needed to ensure your systems and data remain secure. An IT security assessment will help you ensure your networks vulnerabilities are eliminated and “open doors” are locked down.
Posted on June 2, 2015 in IT Security, Remote Access
Q: What are some IT standard practices and procedures that we should implement when dealing with our field or remote employees?
A: Depending on the technology needs of your remote employees you should implement the following as standard security practices:
(a) You should have a plan in place where the technology in the field returns to the main corporate office on a regular basis for security and software updates; (b) Field computers should have local firewall software installed for browsing the Internet off-site (Windows firewall does not count!); (c) Limit or forbid use of public wireless networks (Use personal mobile hot-spots instead); (d) Eliminate and restrict actual data on the local computers (use remote application servers for running apps and storing data. Use the local computer as a “dumb-terminal”); (e) Make it policy that employees are using VPN (virtual private network) when accessing company servers and data remotely; and (f) If data must absolutely reside locally on the remote computers, use hard drive encryption built into the notebook’s base system or use third-party encryption software.
Q: Smartphones have become an increasingly large part of our field employee’s toolkit. What should I do to protect ourselves with regard to these computing devices?
A: (a) Make certain smartphones are owned by the company and used for the company business ONLY! (You cannot dictate IT policy on an employee’s personal phone); (b) Again, use local cellular data plan rather than public Wi-Fi access for accessing data and browsing the Internet for information; (c) Password protect and auto-lock your devices; (d) Use remote find and/or remote wipe capabilities of the smartphones if they are lost or stolen; and (e) Limit your use of document sharing/sync apps (Sugarsync, Box.net) and of course … iCloud! I95