As a CIO, IT Manager or Senior Executive you may experience a sense of mild panic at the prospect of high numbers of staff suddenly vacating the office to work remotely. That’s unsurprising but the world as we know it is changing due to COVID-19.
The First Step is…
The solution is preparedness. It’s never too late to formalise arrangements by drafting a sound and robust remote access policy. Everybody needs to fully understand what is expected of them:
Users – How to continue to be productive while appreciating the dangers posed by devices that are remotely connected to the organisation’s systems.
Managers – How to give remote workers the fullest possible access to the organisation’s systems while ensuring that security is tightly maintained (and risks are managed).
Technical – The special and/or additional safeguards (controls and measures) that need to be in place to protect the organisation’s networks, systems, data and people.
Thinking Things Through is Vital to Formulate a Good Policy
There is no one-size-fits-all policy but there are a number of core best-practice principles. By addressing each one as fully as possible you mitigate the risk of a “nobody told me that” scenario. Minimising confusion by maximising clarity and scope is the overarching guiding principle.
Consider These 3 Rules as a Starting Point
In our long experience of helping organisations and businesses to formulate remote access and other IT policies, some primary guidelines have stood out in almost every case.
Rule #1 – Policies with the most impact contain well written high-level statements documenting the rules and guidelines around systems management, operation and use.
Rule #2 – Producing good policy content triggers the creation of excellent supporting process and procedures documentation.
Rule #3 – Stakeholder engagement encourages buy-in and leads more readily to smooth policy adoption and compliance.
Expert Advice Steers You in the Right Direction
It’s our job to help you arrive at your destination safely by implementing a remote access policy that is clear, unambiguous and easily understood.
Our experts have helped many organisations navigate the development, delivery and maintenance of policies which are key to mitigating cybersecurity risks.
In the current fast moving and uncertain environment, the combination of people, process and technology is going to be fully tested in many cases. Make sure that your organisation wins that battle.
What are Examples of Some Key Points That a Good Remote Access Policy Should Address?
Our policies cover all of the many important areas for safe and secure remote access. Here is a small sample of the type of guidance they cover. Each audience (user, manager, technical) is addressed in a separate policy document.
- Remote users must not be permitted to allow unauthorised persons to access the organisation’s computing or information resources from computers and devices in their control.
- As information is likely to be used offsite, you must consider classifying information as well as the appropriate levels of confidentiality and security that should be applied to protect it.
- Managers are made responsible for confirming that the correct documentation for user remote access authorisation is completed correctly and passed to the Service Desk for implementation. This process ensures that only authorised users can gain remote access to the organisation’s computer systems and information resources.
- Managers must promptly report any significant changes in user duties or employment status to the Service Desk staff responsible for managing user accounts and assigning system privileges.
- A legitimate business case must be submitted and approved to be able to grant access privileges for third parties. Access must only be permitted for length of the time required and during the time specified to accomplish the agreed tasks.
- Remote connections must be configured by ICT staff to securely authenticate users in accordance with internal security requirements, documented procedures and approved best practice standards.
What You Can Do Today to Set Your Remote Access Practices on the Right Path
In this newsletter we’ve focused on the need to have a good, easy to understand remote access policy in place. Ideally for this particular policy to be effective it should be written contextually to reflect three user types – General User, Manager and Technical User.
Policy Management as a Service from PPS delivers a comprehensive suite of IT policies that are branded and customised to reflect our customers’ business requirements. Where required, your corporate language can be used to ensure policies are written contextually to reflect the three user types above.
All policies are aligned to best practices and recognised international standards. Once the system is deployed, our experts continuously ensure the contents are kept up to date and relevant on your behalf.
The Takeaway for You
A well written remote access policy does more than just protect your business. It boosts morale because it demonstrates to staff quite clearly that the organisation is serious about cybersecurity. You have enlisted their support with documentation that is unambiguous, to the point and easy to understand.
This breeds a positive and proactive attitude, which is widely acknowledged as being a significant element of every successful security system.
Let the experts help you. Click below to view the video about our service.
IT Policy System walkthrough video:
To arrange an IT Policy System discussion or demonstration please contact Emma Tickner.