Remote and mobile working is becoming a necessity for many organisations – providing access to office systems and enabling business processes from remote locations.
Remote access relies on using the internet – a public service – to operate, so it is vital that your method of access is secure at all times.
There are many ways to connect a remote computer, such as a laptop, home computer or mobile device, to the company network. Each has its own security challenges.
- Virtual private network (VPN).
- Remote email access.
- Windows Remote Desktop.
- Third party remote desktop tools such as Citrix, PCAnywhere or GotoMyPC.
- Eavesdropping – as information travels over the public internet.
- Unauthorised access.
Safe Remote & Mobile Working
The size of your organisation, the nature of its business and the complexity of tasks and access involved whilst remote and mobile working will determine how to set up and use remote and mobile working. If you are a small company whose employees need only occasional access to files, it can be quite simple to set up effective and safe remote working. For larger organisations with multiple remote workers requiring access to customer relationship management (CRM) systems, for example, it is probably better to engage a professional IT partner or employ an in-house specialist.
- A VPN is a secure communications link between office and remote workers. It is essentially an extension of the secure office network, using a secure channel within the public internet to connect.
- For other remote connection methods including browser-based applications, make sure that the link is securely encrypted as follows:
- There should be a padlock symbol in the browser window frame, that appears when you attempt to log in or register. Be sure that the padlock is not on the page itself.
- The web address should begin with ‘https://’. The ‘s’ stands for ‘secure’.
- Ensure that you have a secure network, including an effective firewall to keep out unwanted connections.
- Restrict unauthorised physical and electronic access to your firewall, VPN router, administrator accounts and servers.
- Ensure that all users have strong passwords, do not share them with anyone else or store them where they can be accessed.
- Consider using biometric security such as fingerprint scanners and/or token-based authentication.
- Make sure that employees who have remote access to do store their login details on their computer or other device.
- Instruct employees not to store sensitive company information on remote computers.
- Instruct employees to log out when they have completed their session.
- Do not include a ‘remember me on this computer’ feature.
- Delete remote access privileges once they are not needed. For example, do not let anyone who has left the organisation retain access to your network.
Protect Your Network
- Review firewall and other server logs to monitor remote access. Watch for unusual activity.
- Ensure that the system is regularly tested for vulnerabilities (known as ‘penetration testing’) and any loopholes closed.
- Ensure that you keep your firewall and VPN software up to date to protect against evolving threats.
- Many remote desktop programs rely on installing a client program on an office computer. This creates a tunnel through the firewall. Do not allow employees to do this on their own initiative. Control which programs are used and how they are installed.
- Control access to critical information.