Indepth: Secure Remote Working

Welcome to the P&L Advice & Guidance articles. You can return to the main site by either selecting the link below to read more articles or the P&L Logo for the home page.

Return to: Advice & Guidance / Indepth: Secure Remote Working

Secure Remote WorkingThe previous ITInsight article Remote Security is an excellent starting point and we would advise you to follow all the points in it. In this article we want to bring out some general security issues with remote working.

Have a password policy. All VPNs and remote connections should be password protected. For added protection, consider the following;

  • Force users to change it regularly, at least every 30 days.
  • Use a combination of numbers and letters. However, don't just have a name and then a number which gets added to every month (e.g. Peter1 becoming Peter13 after thirteen months), mix it up a bit. For example, remote could become r3m0t3. It's still easy to remember but harder for a criminal to work out. Make it case sensitive for even more security, e.g. R3m0Te.
  • Try to avoid the obvious. Passwords are often a combination of partner's or children's names, birthdays, football teams or players, celebrities, pets and holiday destinations. It won't take long for a criminal in a hotel bar to find out enough about you through a conversation to work out what your password could be.
  • Consider a RAS (Remote Access Service) key. This is a device that receives a new, random number every few seconds. The number must be keyed correctly to establish a connection and the device should be kept separate from the laptop, perhaps on a keying.

Consider access levels. You might want to think about what server facilities and directories you will allow to be accessed remotely. Don't give access to everything in case a laptop or connection are compromised. That would be like letting someone in through your front door and then allowing them to wander round the building with full access to all areas without first checking who they were.

Use secure connections. Where possible, use only business-grade, secure broadband connections. Criminals can gain access to your server via the remote connections so treat each incoming remote connection as a door into your company. You wouldn't leave the front door to your office unlocked at night and you should give your incoming connections the same attention.

As a public hotspot would not offer this level of security, you might want to think about whether you should use one at all, or at least consider the level of access granted to remote, non-home based connections.

Make sure laptops have security software that blocks access to it from wireless devices. If you were in a coffee shop hotspot, for example, it's possible that a criminal sat nearby could access your laptop using the same broadband connection that you were on, thereby gaining access to your server. WiFi blocking facilities prevent that from happening. It doesn't stop someone from looking over your shoulder though.

But it's not just the laptops and connections that need to be secure, your server should be secure too. Make sure it has the latest security features installed and is updated regularly. A good security system will provide downloads against the latest threats on a daily basis.

Think about using a device known as a UTM firewall which provides an extra layer of security between the outside world and your server.

Use an appropriate IP address setting. If you're using a laptop for broadband access you'll need a roaming profile or point-2-point. If your remote access is from your home computer, use a static IP address.

PIN numbers. Use PIN numbers with mobiles and PDAs and keep them locked when not in active use. This stops hackers accessing it remotely and also prevents usage if lost or stolen.