Allowing workers to work from home and when traveling has become the norm for many companies. It brings convenience. It helps them be productive, and in most industries, it is just expected.
If you haven’t reviewed how you provide remote access in the last year or two, it may be time to take another look. There are certain inherent risks that come with accessing your network from a remote site, and the nefarious technologists known as hackers have gotten quite good at exploiting them.
Here are 9 things to consider as you evaluate remote access:
1. Encryption – Whatever device you use; whether tablet, laptop, Surface, or iPad; by nature of it being remote, it is many times more likely that it will be lost or stolen than other equipment. Without encryption, it is relatively easy for someone who has the device in their hands to access the hard drive and view the data, even if they don’t have the right login credentials. Encryption protects your data, and often gives you a “safe harbor” from fines, if you would have a data breach that exposed some sort of personal information from employees or clients.
2. Tracking – If you don’t do this policy by now, you may want to turn on device tracking. Apple, Surface and other Microsoft OS devices offer tracking applications that will help you locate your device wherever it might be. You can also purchase 3rd party MDM and tracking software. In the event of a theft or loss, this is invaluable and can even allow you to remotely wipe critical data.
3. Private VPN – You may be using a VPN to connect to your office. A VPN creates an encrypted tunnel that keeps a hacker from stealing information that is transmitted between sites. If you are using this type of connection, it may be time to upgrade it. The old PPTP VPN is growing insecure, and it is time to move to an IPSEC VPN or other proprietary platform that is less hackable.
4. VPN Service – Even if you don’t need to connect to your office network, a VPN is a good idea. A VPN service allows you to connect to a server that secures your data in motion so that it can’t be intercepted. This is the best way to make Public WiFi like at a coffee shop or hotel secure. Without a VPN Service, I would use extreme caution on public WiFi and would not access anything you want to remain secure. I have used CyberGhost and Nord VPN. Both have good solutions. Nord runs in the background without you hardly knowing it is there. CyberGhost allows many more options, but also presents more prompts and notices.
5. Remote Control Applications – If you are using LogMeIn or a program like it to allow employees to access their machines over the web, you should consider tightening things up. First, turn on 2-Factor-Authentication (2FA) to require a text code to finish the remote access. You should also ensure that passwords are very secure and are changed at a regular interval. In addition, I would strongly recommend auditing your LogMeIn to remove or disable any users that are not using it. This reduces the number of accounts a hacker could attempt to breach.
6. Public Shared Computers – Don’t. Just don’t. Never use a public computer to access your email, the office, and really just… don’t. I would not even place an order for lunch on a shared computer at a hotel or print center. You might as well put your credit card out on the dark web for sale. Your business policy should be that no employee will ever use one of these to access company resources.\
7. Personal Home Computers – These can be a source of trouble. Often the kids use these computers and contract some sort of infection, then when your team member VPN’s on to the office, you open the door for that infection to move through to the office network. If a home computer or device is used to access the office, it should be limited to the use of only your employee. They should agree to a policy requiring them to meet certain guidelines like having updated anti-virus and not sharing the computer.
8. Data Leak by Application – Create a policy to prohibit the use of any personal data sharing tool. Using a tool like DropBox, OneDrive, Box, or many others, can allow your data to quickly leave your network to a location whose security is unknown. If any of these tools are used, they should be supplied by you, controlled by you, and maintained by you. If there is not an absolute need for these tools, do not allow their use by policy and consider blocking them with rule based technology.
9. Education – I know I say this a lot, but the best way to prevent security issues is to train your team. Nobody wants to be the one who allows that new virus to lock the network. Today’s hackers are crafty. People are much more likely to be careful if they understand the “Why” behind the rule. Educate your team, and consider putting a cyber security training and testing program in place.
There are breaches going on every day. Most of you have probably experienced some form of hacking or fraud in the last year. When a criminal tries to enter a home, they don’t start by trying to cut a hole through your foundation or digging a tunnel through to the basement, they examine doors, windows and other entry points. Cyber Security is no different and remote access is one of these entry points. Let’s shore up our defense and not leave the door unlocked!