Accessing the office while travelling can provide increased productivity and flexibility. However, it is important to ensure your equipment and connections are secure so that your network isn't vulnerable and your business information isn't exposed.
Securing remote access requires a degree of technical knowledge. If remote access is an important part of your business, and you transmit sensitive business information, it may be worth investing in specialist advice from a computer expert.
Secure your network
- Ensure that you have a secure network, including an effective firewall and security software installed to keep out unwanted connections.
- Ensure installation of remote access clients and other software is restricted to staff responsible for network security. They will control which programs are used and ensure they are installed correctly.
- If you allow staff to connect using personal equipment, including personal home computers, ensure they have up-to-date security software installed and are educated about the risks.
Secure your remote access
Before you implement remote access for your business, conduct a risk assessment. Identify risks and the controls needed to reduce risks to an acceptable level. You may also assess risk for individual staff, taking into account their specific circumstances, including where they will use the access (home or traveling, from a work or home PC) and if anyone else will be using the computer (including family members).
- Restrict access to the minimum services and functions necessary for staff to carry out their role.
- Ensure that all staff use strong passwords on their mobile devices.
- Make sure that staff using laptops do not set their computer to log-in automatically and that they don't store their password on their laptop.
- Use strong authentication that requires both a password and a token-based or two-factor authentication.
- Delete staff remote access privileges once they are not needed. For example, do not let someone who has left the company retain access to your network.
In order to protect sensitive information you may choose to restrict the type of data that can be accessed remotely. You should use Virtual Private Network (VPN) software which provides a high level of encryption to access your network remotely.
Review firewall and other server logs to monitor remote access and watch for unusual activity.