As people are settling down to the life of working from home, different organisations are adapting in different ways. The occasional work from home day that used to be a benefit for working at your company has now become a critical way of working in order to maintain business operation. Some find this transition easy and are used to working from home on a regular basis, and for others it’s a whole new world. It’s fair to say though, we all have a few things in common, and that is if you used IT systems in your day job, you will need to manage your employees digital access to various IT systems and data. The initial rush of mobilising the workforce to minimise business disruption was done swiftly, but the sprint has turned into a marathon, and attention needs turning to effective management and security of your digital access. Here are a few key considerations for a team of home workers:
1. First and foremost, protect the keys to the kingdom. Privileged Access Management
The backbone of most organisations is their IT infrastructure which is managed by a few system administrators who keep the lights on, even during a pandemic like Covid-19. Management of any system in the IT infrastructure, for example e-mail servers, file sharing platforms, payroll systems, book keeping and accounting tools, etc. requires elevated permissions, often known as the privileged accounts. 80% of data breaches involve privileged accounts and securing access to such accounts is probably one of the first things to ensure when most of your staff will be remotely located.
2. Secure access to your applications and data
Now your employees are home working, we have emergency access created to critical apps and data, it is time to secure that access. One very easy way is to implement a Multi Factor Authentication (MFA) solution to add additional security to your mission critical apps or sensitive data. This is a crucial step as you may no longer be in complete control over the networks and devices that are being used to access your organisations data. MFA adds an additional layer of assurance that the person accessing the app or data is really who they say they are.
3. Ensure you have clear accountability for each IT system
Having an individual(s) that are clearly responsible for each of your IT systems is important to ensure that all applications are managed in some way or another. This provides two things: firstly an individual or team that can ensure employees are given access to the system in a timely manner as to reduce any downtime for the individual. Secondly, the application owner can verify that each person who has access to their system actually needs it. This will help support the principle of least privilege.
4. Implement regular reporting and increase the frequency of access review
Ensure that you are effectively monitoring access logs, access requests and authentications. This will serve as providing a holistic overview of how your organisation is using their IT systems, but more importantly allow you to identify unusual activity that could be malicious activity. Regularly reviewing access of your team is a good practice, but during times like these, it is even more important to reduce potential risks.
5. Deploy security patches and updates
Time to ensure that you are on top of your critical system and application security patches. This is less important if using cloud services, but critical to do on user’s laptops and PC’s. This will ensure that not only is your software and hardware functioning at its best, it will also ensure that any known vulnerabilities are secured.
If you would like to discuss anything security related, or have any no obligation advice on managing your IT systems for a remote workers, please contact us:
+44 (0)20 3034 1300 firstname.lastname@example.org www.securience.co.uk
Securience is an organisation specialising in Identity Management, Access and Governance solutions. We have extensive experience implementing IAM solutions all around the globe in many different business sectors, predominately in the Finance sector (Banking, Trading, Insurance, Pensions), but also in Government, Aerospace & Defence, Telecoms, Retail, Manufacturing and Energy sectors.
Over the years Securience has provided ‘best in class‘ Delivery Capability to a wide range of organisations. This expertise has led to the development of software products being built to compliment and enable rapid reliable IAM deployments.
Securience is head quartered in London, UK, but operates globally.