Request your FREE IT Review here:
“As we know remote working has dramatically increased in popularity and necessity in recent years. Companies have been challenged to rapidly meet the unexpected technological needs of a mobile workforce. But is your business still secure?
Cyber criminals are now targeting remote users as they know that many of the secure remote access controls are not in place. There has been an increase in bogus ‘phishing’ emails which once clicked can lead to devices becoming infected.
The rise in phishing emails have been observed in several countries not just the UK and can lead to monetary loss and a compromise of sensitive business data.”
Gareth Guest, Solutions4IT Security Expert
We can advise on best practice for remote desktop access to ensure your employees who are working remotely are using a security VPN or accessing state of the art cost effective Azure virtual desktops through Microsoft.
We can enable your remote workforce with a secure and structured approach that will give a productive seamless experience, while adhering to security best practice to safeguard your business.
Contact our team of experts at Solutions 4 IT today, we can provide a comprehensive network and security assessment and advise on the best course of action that is right for your business.
Remote Desktop Access (RDP) allows employees the ability to connect to another computer over a network connection. When combined with VPN authentication this provides a secure easily accessible solution for your remote workforce. The Remote Desktop protocol has been around since the days of Windows XP. When configured securely it’s a tried and tested method that works well with users that are using their own devices (BYOD). RDP lends itself to modern flexible working where users may want to access their desktop from another location, country or use for instance an Apple iPad.
Data Compliance and Remote Desktop – The General Data Protection Regulation (GDPR) needs to be considered when planning your remote desktop access policy. GDPR details what businesses can and cannot do with customer and user data, including the way it’s stored, transmitted, processed, and destroyed.
Below are some key points that will adhere to GDPR:
Create a Remote Working Policy that outlines the importance of protecting data and how this is accomplished and what procedures need to be followed.
Choose a secure remote working infrastructure and ensure that all users are connecting through this technology. This has the advantage of being auditable, and logs kept in case of a security breach.
Ensure all users are using a VPN for security to access company data, this should be enforced and will adhere to the GDPR requirement of encrypting customer data.
Data must also be encrypted when it is stored or “at rest” within servers and hard drives. Control of this data using remote desktop guidelines helps to ensure compliance.
Bring Your Own Device
There has been a transition from the traditional approach of providing employees with a company laptop. It is increasingly more common that they use their personal laptop for business usage. This is one of the major threats currently as the device will not have the security, visibility, or safeguards of a professionally managed device.
Solutions 4 IT can help to secure company data on users’ personal devices. Through the use of Remote Desktop or Conditional Access with Microsoft Intune we can control the applications and user devices that are able to connect to both company resources and emails.
Before considering a BYOD solution it is vital to understand the additional risks involved. This will then allow you to create a BYOD policy which ideally will balance security for your business with acceptability and availability for your employees.
BYOD Security risks
There will be less control and visibility of your employees’ personal devices which mean BYOD deployments may have a heightened security risk rather than provisioning company owned assets. Malware, unauthorised access, and data compromise are the main security threats. Although with the correct procedural and technical control measures in place, these risks can be managed.
Latest Cyber Security News
Businesses that are looking to indefinitely adopt remote working practices need to take serious action in regards to their remote working security if they are to protect their employees and prevent their data from being compromised.
Phishing is a common and widely used form of cyber attack with the intent to steal, damage and encrypt user data. This form of cyber attack usually happens through email communication where the cyber attacker attempts to trick a user into clicking on an infected link that will download malware onto their device. Once the malware has been released, the attacker is now able to access all of the user’s data.
A virtual private network (VPN) is the closest that you can get to real anonymity online. VPN is a service that aims to keep users safe when browsing public networks through establishing a secure and encrypted connection between your device and the internet.
The cyber essentials certification process assesses a set of controls that provide basic cyber security for all types of organisations. Cyber essentials involve a self-assessment questionnaire of these controls, ensuring that each of them are present and are functional to verify that they protect the organisation and their cyber security system.