On September 1, 2017, the FTC published the seventh blog post in its “Stick with Security” series. As we previously reported, the FTC will publish an entry every Friday for the next few months focusing on each of the 10 principles outlined in its Start with Security Guide for Businesses. This week’s post, entitled Stick with Security: Secure remote access to your network, outlines important security measures businesses should take to ensure that outside entryways to their systems are sensibly defended.

The security protections include:

  • Ensure Endpoint Security: Before allowing remote access to a network, businesses should set security ground rules, communicate these rules clearly and verify that the person who will access the network is in compliance. In addition to putting these rules in place, companies should also ensure that devices used to connect to the network from the outside are up to date in terms of software, patches and other security features. Companies should further approach endpoint security as an ongoing process and regularly evaluate their security requirements and block remote access by devices with outdated security.
  • Put Sensible Access Limits in Place: Businesses should not only control access to data in-house but also remotely. For example, a business engaging a remote contractor to update its payroll system should provide remote access only to the parts of the network necessary to complete the task. The scope and duration of access will depend on the task at hand, but for all remote users, access should be tailored to ensure appropriate protection of the network.

The guidance concludes by noting that the key message for businesses is if you allow remote access to your network, be vigilant about defending the outside entryways.

The FTC’s next blog post, to be published on Friday, September 8, will focus on applying sound security practices when developing new products.

To read our previous posts documenting the series, see FTC Posts Sixth Blog in Its “Stick with Security” Series, FTC Posts Fifth Blog in Its “Stick with Security” Series, FTC Posts Fourth Blog in Its “Stick with Security” Series, FTC Posts Third Blog in Its “Stick with Security” Series and FTC Posts Second Blog in Its “Stick with Security” Series.