Remote Working & Security
In the wake of Covid-19 forcing people to work from home, CT is urging customers to ensure remote access is secure and correctly implemented.
A challenge employers now face is maintaining security whilst their teams are working remotely. People accessing work files from home or a mobile device can present risks that threaten your business. At a time when potentially all staff will be working from home, it is more important than ever that your network is not inadvertently opened up to security risks.
If you have a cloud or Remote Desktop solution in place we are encouraging all customers to ensure they retain the basic IT principles, in particular ‘access control’ and ‘data back-up’.
We are seeing a lot of social media activity advising that for remote access you can simply enable VPN. If you do this without the correct planning, there is a critical risk of leaving your network open to external attack and failing to provide the necessary functionality your end users need to work effectively.
It is important to consider:
- Two Factor Authentication
- VPN Encryption
- Is your connectivity capable of handling all or a large proportion of your staff connecting remotely?
- Are your staff going to be using a personal device to access your network via the VPN? If that device isn’t correctly protected and it is given access into your network you could be creating further security issues
- VPN access mean that end users can potentially drag and drop files onto the device, which could be a personal device, thus comprising data control
- We are also seeing the use of off the shelf solutions to access PCs remotely. If you have chosen this route, be aware that your network may also be opened to security risks. If it is simple for your end users to gain access it may be simple for unwanted third parties to also access your network and we are expecting an increase in cyber-crime.
Cloud solutions such as Microsoft 365 are built to facilitate working from any location on different types of device, but we highly recommend the use of multi-factor authentication (MFA), Microsoft’s single-sign on (SSO) and that you have automatic encryption of data to ensure access is controlled and your organisation remains in control of its data.
You also must ensure that your cloud solution, such as Office 365, is backed-up. Most cloud providers work on a shared responsibility model, meaning they take responsibility for the infrastructure but the responsibility for the data remains with YOU. Most will have a data retention policy but will not backup your data. We can provide you with a fully managed service immediately with comprehensive back-up for your entire Office 365 suite.
In conclusion there are a number of different options available for remote working but they need to be right for your business and it is vital that your fundamental IT principles are retained.
Key considerations are:
- The devices being used
- Connectivity capabilities
- The functionality your end users require
- Data Backup
If you need help or guidance on the most suitable option for your organisation, please contact your account manager today.