[This post is the eleventh in a series. The original post can be found here.]
Being able to access your work network while you are out of the office can provide increased productivity and flexibility. However, opening your systems to remote access creates a number of security risks as external network connections are a ripe target for cyber criminals. And you should think twice about using public computers for firm work.
Setting up safe remote access
There are many tools that allow you to easily set up remote access (e.g., PCAnywhere, GoToMyPC, LogMeIn, TeamViewer, SplashTop). If properly configured, these are suitable for a smaller law office or home setting. Virtual private networks or VPNs may make remote access more secure. A VPN is a network connection constructed by connecting computers together over the Internet on an encrypted communications channel. VPNs are secure and fast, but may be expensive and harder to configure.
Securing remote access may require a degree of technical knowledge and advice from a computer expert. To make your remote access safe, you must secure your network and your remote access devices.
Do the following to secure your network:
- Use a firewall and security software to keep out unwanted connections.
- Only give remote access to people who really need it.
- In order to protect sensitive information, restrict the type of data that can be accessed remotely.
- Make sure all computers connecting to your network, including personal home computers, have up-to-date security software installed.
- Review firewall and other server logs to monitor remote access and watch for unusual activity.
Do the following to secure remote access:
- Ensure installation of remote access clients is done properly.
- Restrict access to the minimum services and functions necessary for staff to carry out their roles.
- Ensure that all staff use strong passwords on devices accessing your network remotely.
- Change remote access passwords regularly.
- Make sure that staff do not set their devices to login automatically and that they never store their passwords on them.
- Use strong authentication that requires both a password and token-based authentication.
- Have a formal remote access policy that clearly describes what staff are to do or not do with remote access.
- Delete staff remote access privileges if they are no longer needed, and immediately when a person leaves or is terminated.
The extreme dangers of using public computers
Public computers in libraries, Internet cafes, airports, and copy shops are an extreme security risk. While you can take steps to reduce these risks, it is still very dangerous to access sensitive client information on them. Start with the assumption that most public computers will have malware on them and let this govern your activities accordingly.
The following steps can reduce some of the risks associated with public computers:
- Try to turn on the “private browsing” feature.
- Watch for over-the-shoulder thieves who may be peeking as you enter sensitive passwords to collect your information.
- Uncheck or disable the “remember me” or “log in automatically next time” option.
- Always log out of websites clicking “log out” on the site. It’s not enough to simply close the browser window or type in another address.
- Delete your temporary Internet files, cookies and your history.
- Never leave the computer unattended with sensitive information on the screen, even for a moment.
Never save documents on a public computer.
These measures will provide some protection against a casual hacker who searches a public computer you have used for any information that may remain on it. But keep in mind, a more sophisticated hacker may have installed a keylogger to capture passwords and other personal information entered on a public computer. In this scenario the above steps won’t prevent your information from falling into the hands of the hacker. This is why it is not a good idea to access sensitive client information or enter credit card numbers or other banking information on a public computer.
Dan Pinnington is the Vice President of Claims Prevention at practicePRO. This article first appeared in the December 2013 issue of LawPro magazine. Reprinted with permission. For more cyber safety tips, visit www.lawpro.ca.