Many, if not all of us, are required to work remotely. The ability to complete our work while on the go is essential to not conceding deals to our competitors. The need for sales and professional services resources to urgently access company data from outside the office is more prevalent than before, as is the need to ensure remote access is secure.
The most common method for establishing remote connections to the office is through the use of a virtual private network (VPN), which requires several best practices to maintain security. Considerations such as password complexity, which devices are allowed connections, how long a remote connection can be left idle and multilevel authentication are all important decision points.
Many organizations, either through their own due diligence or on the recommendations of a consultant, utilize SSL (Secure Socket Layer) VPNs, which provide remote access through a web browser without any special software needed on the employee’s device. When using SSL, VPN, mechanisms are deployed behind an organization’s firewall, which allow or block access to specific applications and segments of the network based upon a user’s permissions.
Generally, a user’s permissions are dictated by a company policy relegating people to specific data on the network that pertains to their job role. For example, an organization may want to limit their accounting department to financial data while blocking access to anything pertaining to human resources or operations, and vice versa.
As a result, SSL VPN provides segmented, granular access wherein users are relegated to silos of data and applications required to perform their job while also barring users from access to information that is not their concern — essentially, keeping the right hands in the right pots. Failure to incorporate access permissions based upon a user’s job role or level of seniority can jeopardize an organization’s network and privacy. Making sure the right people have access to the right information while working remotely greatly reduces an organization’s risks.
Ensuring all remote access is facilitated by a VPN is a best practice all organizations should adhere to. In the event you are unsure how employees currently access your network remotely, look into it sooner than later. Whether your information technology is administered by in-house employees or outsourced IT, you should be working with them to perform a risk assessment around remote connectivity.
Once an effective security policy is documented, ensure it becomes part of your company manual and employee-training regimen. While there is no limit to the amount of money we can throw at security, people will always be the biggest risk to your organization’s data. Proper training around the security policy and use of secure VPN connections goes a long way in mitigating unwanted access.
Tom Shanley is the director of professional services for IQ Systems, Inc.