Secure remote working - Administrators Guide

Issue link: https://insight.claranet.co.uk/i/1228710

Contents of this Issue


Page 2 of 6

Claranet Cyber Security | Quick read checklist for Secure Remote Working Permitted devices Ideally, access to corporate resources should only be accessible via trusted devices. Usually these devices are provided by your IT department and therefore the security of said devices should be known and trusted. This may prove problematic during the current COVID-19 crises, consider yhe use of Virtual Desktop Infrastructure (VDI) solutions which can give organisations some additional control (e.g Citrix, Terminal Services, AWS WorkSpaces) where less trusted devices need to be used. Authentication Strong authentication is critical to a remote access solution. The solution may not be protected from the untrusted public Internet using Firewalls and other security devices; therefore, it is important that the authentication mechanisms and remote access solutions are robust enough to protect against password bruteforce attempts. Multi-Factor Authentication should be deployed as a further defence against bruteforce attempts and to provide further assurance that the user authenticating is the intended user due to the MFA mechanism deployed. Authorisation Users should only be given access to systems and data that they have business need to access for that user to perform their job function. A properly configured and secure remote access solution should provide the user with the same access as if he/she was on the Internal network. User access controls It is important that the remote access solution can provide enough granularity to help restrict user access to data and systems. Incorrectly configured remote access solutions can give wider access to remote users either through misconfiguration or because of a lack of functionality within the solution. Device encryption Where permitted devices may come into contact with confidential information or personally identified information (PII), these devices MUST employ strong disk encryption to protect the data. This can prove to be problematic for BYOD, which may be less important where VDI solutions are deployed if these environments are configured to ensure information is not saved to the host machine. Data storage Organisations have a duty of care to protect corporate data, credit card data, and customer data, especially PII. The most effective way to achieve this is to limit access and limit storage locations of the data. By limiting storage locations, organisations can deploy security mechanisms and access control techniques to help protect data from unauthorised access, modification and deletion. As organisations start to

Articles in this issue

view archives of eBooks - Secure remote working - Administrators Guide