<p>In the age of hybrid and remote work, remote access is a powerful enabler for organizations, allowing employees, contractors, business partners, vendors and other trusted parties to access company resources. Yet, remote access increases cybersecurity risk. It inadvertently provides relatively easy-to-compromise entry points into internal networks and systems — entry points that attackers know to seek out and exploit.</p>
<p>The following are 10 critical secure remote access best practices, how to implement them and how they improve an organization’s cybersecurity posture and <a href=”https://www.techtarget.com/searchnetworking/tip/8-remote-work-security-risks-and-tips-to-mitigate-them”>reduce risk</a>.</p>
<section class=”section main-article-chapter” data-menu-title=”Have a remote access policy”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Have a remote access policy</h2>
<p>The foundation of any remote access implementation is a <a href=”https://www.techtarget.com/searchsecurity/tip/Create-a-remote-access-security-policy-with-this-template”>comprehensive remote access policy</a>. The policy should define the high-level requirements governing secure remote access, including acceptable use, and specify the potential consequences of violating any of those requirements. The policy should address the following topics, at minimum:</p>
<ul class=”default-list”>
<li>The forms of remote access that the organization allows, such as VPNs.</li>
<li>The types of devices that can use each remote access form — for example, organization-issued laptops versus personally owned smartphones — and any other requirements those devices must meet.</li>
<li>The types of resources that can be used through remote access, with any limitations for particular remote access forms or device types.</li>
<li>Any requirements for acceptable use of remote access technologies that are not already addressed in the organization’s acceptable use policy.</li>
</ul>
</section>
<section class=”section main-article-chapter” data-menu-title=”Provide organization-issued devices for remote users whenever feasible”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Provide organization-issued devices for remote users whenever feasible</h2>
<p>For years, BYOD — where users brought their own computers and mobile devices to access the organization’s resources — was a huge trend. BYOD enabled telework for many users, but <a href=”https://www.techtarget.com/searchmobilecomputing/tip/3-BYOD-security-risks-and-how-to-prevent-them”>endpoint security suffered as a result</a>. The organization could strictly control the security posture of its own devices, but had limited ability to control or even monitor the security of personally owned devices and other types of BYOD.</p>
<p>To avoid this gap in security, equip remote users with company devices whenever feasible. This should include contractors and, in some cases, business partners and vendors. Eliminate or strictly limit BYOD to users who need only access to low-risk, publicly accessible resources.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Require use of a remote access server for internal resources”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Require use of a remote access server for internal resources</h2>
<p>VPNs have anchored remote access servers for decades. A VPN provides a single, well-secured and monitored point of entry that enforces security policies on the users and devices attempting to use it.</p>
<p>Most VPN technologies provide a range of cybersecurity features, from authenticating users and devices to assessing device security posture before permitting access to internal resources. This is highly convenient for both users and administrators. The alternative would be for users to access each internal resource directly and separately, with administrators having to manage and monitor every step in the process.</p>
<p>In recent years, <a href=”https://www.techtarget.com/searchnetworking/feature/VPN-use-prevails-despite-interest-in-VPN-alternatives”>VPN alternatives have emerged</a>, including secure access service edge (SASE) and zero-trust network access (<a href=”https://www.techtarget.com/searchnetworking/tip/The-basics-of-zero-trust-network-access-explained”>ZTNA</a>). Most organizations need at least one of these remote access technologies implemented to safeguard access to internal resources. Using a single VPN, SASE or ZTNA instance to access all resources can be complicated because many resources are cloud-based and publicly accessible. A common example is using
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: