Employees need to work from home unexpectedly?
If you don’t normally permit home working. There are a few things you need to think about.
We are aware of the many other ways that this can be done, however we know small businesses have limited resources, limited IT support provision but not necessarily capability. So what is presented is are some of the common scenarios that we come across.
We can help you manage the risk given your resources.
Business owned devices
- Device Encrypted
- Firewall enabled on the router (block all in allow out by exception)
- Firewall enabled on the host (block all in allow out by exception)
- Always on VPN
- Up to date Operating system and applications
- Password to unlock device > 12 characters
- AV installed and up to date
- Password/2FA to access business email/applications
- USB storage disabled
- Auto lock
Their own device
- Firewall enabled on the router
- Up to date Operating system and Applications
- Password to unlock device > 12 characters
- AV installed and up to date
- Must not have remote access software installed
- Only access Cloud base business email/applications with Password/2FA
- Ensure web apps lock after a period of inactivity
There is only so much you can do on a device that is not owned by your business the above scenio is less that an ideal.
This method offer some protection in that some security controls are in place but allows the potential for others to remotely access it, as with all methods it must be a managed risk.
Their own device
- Firewall enabled on the router (block all in allow out by exception)
- Firewall enabled on the host
- Up to date Operating system and Applications
- Password to unlock device > 12 characters
- AV installed and up to date
- Password/2FA to access business email/applications
- VPN to remote desktop inside your business
- Ensure web apps lock after a period of inactivity
There is only so much you can do on a device that is not owned by your business.
This method offer some protection in that datas stay within the confines for your busines but exposes the potential for others to remotely access it, as with all methods it must be a managed risk.
Their own device
- Firewall enabled on the router (block all in allow out by exception)
- Firewall enabled on the host
- Up to date Operating system and Applications
- Password to unlock device > 12 characters
- AV installed and up to date
- Password/2FA to access business email/applications
- Remote desktop inside your business
- Ensure web apps lock after a period of inactivity
There is only so much you can do on a device that is not owned by your business.
This method offer some protection in that datas stay within the confines for your busines but exposes the potential for others to remotely access it, as with all methods it must be a managed risk.
Their own device
- Unknown firewall state
- Unknown Operating System updates and Applications status
- Unknow Password lengh or no password
- Unknown or no AV
- Remote support from an unknown location, installed following ‘Microsoft support’
- Passwords to your business acount sent via email, written down for all to see
- PC left on 24×7 used by anone who wants to use it
- Full access to the business and all files
Say bye-bye to your business as this is a game of Russian Roulette.
This makes the assumption that the employee will log into O365/GSuite or other type of Cloud based applications to do work, you will additionally need to consider Data Protection requirements.