Remote Access Best Practices An important consideration for organizations developing a business continuity plan is the organization may not be capable of sustaining normal operations onsite. The ability to support employees working remotely is essential to ensuring both business continuity and security. The following best-practices should serve as a framework and reference for organizations needing to provide secure remote access to employees as broken down into 3 categories: General User, Power User and Super User. *Note this framework is not comprehensive but rather a starting point for businesses to expand upon based on individual requirements.
1. Create a Policy The remote access policy should complement existing policies such as, but not limited to: • Acceptable Use Policy • Data Use and Transfer Policy • Device/Endpoint Security Policy • Password Policy • Approved Software Policy • BYOD policy (All of which should be in place prior to allowing remote access) This policy should clearly state the purpose, scope and procedures to be used in the implementation and enforcement of the organization’s remote access / teleworker program. The policy should be reviewed and updated regularly (at least annually), and all changes should be tracked. (Reference Documents: ISO 27002 6.2.2 & 9.1.2 | NIST Cybersecurity Framework PR.AC-3)
| 15 |
POS SECURITY IMPLEMENTATION BEST PRACTICES
