Versions Compared

Version Old Version 10 New Version 11
Changes made by

Harry Sanderson

Harry Sanderson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
hiddentrue

Document number:

DOC-XXX-XXXXX

Document type:

Guidance

Responsibility for implementation & training:

Cyber Essential Manager

CB contract doc/ schedule:

No

Scope:

Cyber Essentials

Reason for change:

Initial version

Approved by:

Approved date:

Next review:

Review and consultation process:

Reviewed Annually by

Associated documentation:

Distribution:

Controlled in Confluence Quality Management System.

...

 Off-site working means that rather than being connected to the internet via an organisation’s secure networks, staff are connecting their devices to home networks or other untrusted networks with unknown levels of security.  

 Firewalls 

When you connect to the internet from a device on a regular network, the data you send and receive over your connection could be intercepted by hackers. If you have a boundary firewall enabled in your router and on your device software, this risk is very much reduced, however, if you are using a public wifi connection, such as the free internet in a coffee shop or on a train, it's not difficult to hack into a laptop or mobile device that has no protection. 

...

The software or host based firewall, installed on each laptop or computer, must be turned on and configured to meet Cyber Essentials requirements. Where you do not control the boundary firewall, for example, in a coffee shop, hotel or conference centre, the host-based firewall on your device will act as your boundary. 

Using a Virtual Private Network to transfer your boundary to the organisational firewall

A virtual private network or VPN is a technology that allows a secure and private connection on the internet. There are several different types of VPN and they dont all provide the same level of security.
To meet the Cyber Essentials requirements, the only secure option is a corporate VPN which is a direct single tunnel that connects remote workers back to their organisation's office location, or to a virtual or cloud firewall. The corporate VPN must be administered by the organisation so that the firewall controls can be applied. 

Secure authentication 

When accessing accounts over the internet, in addition to passwords, user identity must be confirmed with multi-factor authentication (MFA) wherever this is available. This is even more important for remote workers who are potentially logging in via an untrusted network.

...

Each method varies in security and usability features, for more information about authentication methods, please read 'Bullet Proof your passwords'.

Remote Desktop Protocol (RDP)

Remote Desktop Protocol enables a user of a computer in one location to access a computer or server somewhere else. This is often used by technicians to support users and to carry out maintenance tasks.

...

Close or block the RDP port at the firewall so that it is not open for use across the internet.
Where possible, rather than using remote connections, utilise cloud services such as OneDrive or Google Drive. Cloud services need to be correctly configured and users need to have training to understand how to use them securely. 
 

Remote Working Procedure and Policy  

 If you are allowing users to connect to the organisational network remotely, ensure security requirements are explicitly referenced in any agreements and that the policies reflect behavioural expectations and security expectations, even in the home environment.  

...