Versions Compared

Version Old Version 1 New Version 2
Changes made by

Jane Waterfall

Jane Waterfall

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
idAll

Title of Content

Primary Category

Secondary Category

Date Last Reviewed

Author

Graphic

...

A home worker’s boundary firewall is usually in their home router and if that home router is provided by the organisation, that router is in scope and needs to have the Cyber Essentials controls applied to it. However, if a worker’s home router is provided by their internet service provider (eg Plusnet, BT, Virgin)and not their organisation, it is not in scope for Cyber Essentials.

The software or host based firewallsbased firewall, installed on each laptop or computer, must be turned on and configured to meet Cyber Essentials requirements. Where you do not control the boundary firewall, for example, in a coffee shop, hotel or conference centre, the host-based firewall on your device will act as your boundary. 

...

A virtual private network or VPN is a technology that allows a secure and private connection on the internet. There are several different types of VPN and they dont all provide the same level of security.
To meet the Cyber Essentials requirements, the only secure option is a corporate VPN which is a direct single tunnel that connects remote workers back to their organisation's office location, or to a virtual or cloud firewall. The corporate VPN must be administered by the organisation so that the firewall controls can be applied. 

...

When accessing accounts over the internet, in addition to passwords, user identity must be confirmed with multi-factor authentication (MFA) wherever this is available. This is even more important for remote workers who are potentially logging in via an untrusted network.

If Multimulti-Factor Authentication factor authentication (MFA) is enabled on an account, you have to perform two or more steps to gain access to it. These may include entering your regular password plus a number that is sent via a text or email, a fingerprint or face scan or a verification process on an authenticator app.  According to Microsoft, using MFA blocks 99% of all password safety issues.

It is not, however, always necessary to have MFA enabled on every single service. Some authentication methods link the sign in of one account to the sign in of an existing trusted account where MFA is already in use. Whether signing in to an account directly or indirectly, the point of the log login that makes it secure, is that MFA is required.

...

  • OAuth 2.0

  • FIDO2

  • Magic links and one-time passwords

Each method varies in the security and usability features, for more information about authentication methods, please read 'Bullet Proof your passwords'.

Remote Desktop Protocol (RDP)

...