Remote Access Policy Best Practices | A Practical Guide to SOC 2 Compliance

Our world has changed.  Gone are the days of an 8 to 5 work day at a physical office, and leaving all your responsibilities behind at the end of the day.  We now live in a 24×7 global economy and are perpetually connected to our corporate networks with cell phones, laptops, and tablets.  The convenience of “work from anywhere” introduces some exciting challenges for your information security and information technology teams, and that’s where the remote access policy comes in.  The purpose of this policy is to make your employees productive from anywhere without sacrificing security. Here are steps your team can take to work remotely while still maintaining security: Define who can work remotely Before you start mandating security controls for remote access privileges to your internal network, you need to take a step back and determine which roles should even have permission to work remotely, and when.  For

Read more

Workstation Security Policy Best Practices | A Practical Guide to SOC 2 Compliance

Some might say that workstations are a necessary evil.  Users with varying degrees of technical and security aptitude are using them 24/7, communicating with the world and taking care of business.  With workstations being an indispensable part of business comes a substantial security burden, especially for your information technology staff.  In the workstation security policy, you will define rules intended to reduce the risk of data loss/exposure through workstations. Often, information security best practices are used synonymously with “Oh that’s just common sense.”  But remember that in security - and perhaps life in general - there’s no such thing as common sense.  Spell out these best practices clearly with as much detail as possible. Define “workstation” At a high level, a workstation is a device - be it personal or company-owned - that contains company data.  This includes desktops and laptops, as well as mobile devices. Require centralized management As a general rule, to secure your

Read more