We don’t want to scare you, but if your people work remotely, you’re just one co-worker-tippy-tapping-on-their-keyboard away from a full-blown locker ransomware attack.
Oh look, we did want to scare you.
We’ll undo the psychological damage we caused by revealing, sans drumroll, some of the most useful remote access security best practices you should know, or at least think about knowing. It ain’t gonna be a wild ride, but it is gonna be the most amazing thing you read today. Unless you’re near the end of Dickens’ A Tale of Two Cities, in which case, you’ll need to hydrate because tears. Anyways…
Remote Access Security Best Practices Can Be Divided Into Two Types
Remote access security is about two types of stuff:
- The people stuff: Your people are human, evidently, and that means they’re rushing, cutting corners, not interested in data security, or not informed. So a big part of best practice remote access security is about training, changing behaviors, making it easy to do the secure thing, and saving people from themselves.
- The stuff stuff: Remote access security is also about keeping your devices and systems secure to protect your people and data from the bad guys. That means configuring the IT infrastructure and topology that serves your remote workforce in order to reduce the risk of attack. You’ll be looking at narrowing or eliminating attack vectors by closing up gaps and putting defense layers in place. Clever you!
First, We Need to Talk About Mobile Device Management
We need to talk about mobile device management (MDM) because this is the Fairy Godperson of remote access security best practice. This is The Enabler. With MDM, you’ll be able to a) serve up a groaning buffet of security protocols and b) not have an aneurism doing it. It’s the basis of sound remote device management.
Second, We Need to Talk About Security Policies
Having a standardized security policy is a big fat remote access security best practice because it dictates how you’ll manage your fleet, data, and people; it keeps you consistent. It’s just science, and also a part of your IT governance and Information Management Security System. It makes you ask questions like what apps and websites can staff access? At what stage of AWOL do we wipe data from a device? Who’s responsible for spare devices? How should we punish a team member who fails a phishing test for the 3,432nd time? Your security policy clarifies how you act in certain situations and outlines your expected levels and types of remote access security.
Best Practice 1: Physical Security
So, your Head of Engineering Miko and her roving engineering team have been let loose state-wide to fix your customers’ thingummies/whatsits/doobries, and now a whole ton of their laptops and tablets have been stolen/lost/jammed in a Slushy machine. What now? MDM allows you to deploy some juicy remote access security best practices in case of an emergency.
Tracking
If a device is reported lost or misplaced, it’s easy to track it down from your MDM dashboard. It’ll give you 24/7 real-time location information.
Remote Locking
If a device is at risk, the data doesn’t have to be. Remote locking, erm, locks the device, which creates a wall between that data and an unauthorized person. Relax, you can unlock again if it’s a false alarm.
Remote Wiping
This gives you the power to reduce the risk of unauthorized access to zero simply by performing the data vanishing trick, through the medium of remote wiping. Bye-bye, data! Of course, backing up your data is another remote access security best practice.
Geofencing
This is one of our favorite best practices, because how exciting is it to build real territories (from a few meters to worldwide) and then create automated alerts should a device stray from that territory? Oh, the power.
Spares Management
Spares management is the ugly sibling of remote access security because it’s not sexy. But it is a best practice. You need to keep control of those dusty spare devices because access control is a thing. Do you have a system for this? Yes you do, because MDM is your IT asset register and will tell you where your devices are, when they were used last, and whether you need to store them or shoot them.
Best Practice 2: System Security
This is the fun part. You get to configure your IT ecosystem to close those gaps, reduce human error, and enforce good people behavior.
Automated Encryption
When data is traveling in the ether between devices, file and disk encryption is what keeps it safe from those basement hackers. Yes, your people can manually encrypt data before sending it, but who in the heck actually does that? Automation is key. Like the magic it is, it’ll turn your data into gibberish while it’s traveling and then back into data for its authorized recipient.
Enforced Updates
Cybercriminals drool over exploiting the weaknesses inherent in outdated operating systems and software. If your fleet is flaunting a selection of ancient OS, it’ll be less able to withstand the ever-evolving cyber attacks that are flung at it by all the droolers. Worry not, because your MDM will flag up devices with OS version that are so-last-year-darling and push the latest update. Bonus! You can also enforce the use of passcodes and strong passwords.
Secure Offboarding
Heck, everyone and their donkey knows about secure onboarding, but secure offboarding is the sad, forgotten best practice that’s often left to cry in a corner. Cloud accounts left open are insecure. When someone leaves, it’s best practice to close their account, de-provision their device, revoke access to corporate data, physically take control of their device, and pretend they never even existed.
DNS and URL Filtering
These two beauties are best practices that work while you’re sleeping at your desk. They both control how your people access (or don’t access) the web. With these, you can block webpages (URL filtering) or whole domains (DNS filtering), and, because they’re automated and use AI, you don’t have to manually block iffy sites or research the latest malicious pop-ups. DNS filtering is especially useful for blocking ransomware.
We Are Just Getting Started–There Are Loads More Remote Access Best Practices
This is just a selection of delicious remote access security best practices. If we listed all of them out, our copywriter would charge us a whole lot more. If you’d like your business to get all best-practiced for a super-secure fleet that’ll have your compliance person weeping happy tears, give us a call. We’re waiting.
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Call us now–chatting about IT support and cybersecurity is our favorite thing to do!