XYZ Remote Access Policy
This XYZ remote access policy is designed and written specifically for XYZ Healthcare Provider.
The XYZ remote access policy is designed and written with the main objective of describing the standards for people who use or connect to XYZ Healthcare Provider’s network from any host. These regulations and standards have been designed so as to minimize possible risks and damages that XYZ may incur as a result of unauthorized utilization of the enterprise services. Such potential risks and damages may include the destruction of important internal systems, loss of confidential and sensitive information as well as intellectual property and even a dent on public image, among other things.
XYZ remote access policy affects all persons that may connect or use the XYZ network including the company personnel, contractors, suppliers, agents, patients and vendors or any other individual or groups of people. In addition, the policy also applies to remote access connections that perform varied tasks on behalf of the XYZ company including sending or reading emails and scanning through intranet web resources.
XYZ remote access policy will cover remote access implementations which will include ISDN, VPN, SSH, DSL, cable modems, dial-in modems, frame relay, cable modems and any other channels that can connect remotely, with the exception of those that connect through web interfaces.
- There will be strict control of the secure remote access and this will be enforced by using a single password verification system combined with private keys with complex pass-phrases.
- All the people who access the XYZ remote connection including the staff, contractors, patients, agents and vendors will be prohibited from sharing their login details with any other persons, including their family members.
- The company will explain and help each member of staff, contractor, patient, agent and vendor who has access to the remote connections, either through company or privately-owned computers or workstations that are connected to XYZ internal network, should not be connected to any other network simultaneously.
- The company will prohibit all members of staff, contractors, patients, agents and vendors with remote access concessions who possess company or privately owned computers or workstations that can be connected remotely to XYZ internal network from sharing these hardware with anyone.
- XYZ will further require that frame relay meet minimum verification preconditions of DLCI standards.
- Prerequisite authentication processes of CHAP must be met by all the routers for ISDN lines that are specifically built for access to the XYZ network.
- It is compulsory for every remote hosts that can connect to XYZ’s internal network via remote access technologies to use updated antivirus software in addition to operating system security patches.
- Each person affected by this policy will be given a detailed report on how implementation and enforcement will take place. Training will also be carried out beginning next week at department level to provide knowledge on how to fulfill these regulations. Policy review will take place every three months.
Given that this policy is new and has never been implemented by the institution before, it is expected that employees may have difficulty adhering to certain regulations especially those appertaining to sharing login details or hardware with family members. However, violations of any regulation will be punishable and persons found to be in violation will be suspended or denied remote access privileges.
Risks of using Public Internet for Remote Access
- Private networks can be risky in terms of spreading viruses and worms because they do not guarantee full protection of remote devices from configuration and software vulnerabilities.
- Exposure to worms and malware may compromise the company’s system resulting in illegal access of the remote access connections. This may lead to the introduction of malicious codes into the organization network (Ballad et al., 2011).
- Access of the network by outsiders may be used for wrongful purposes such as obtaining private information that may enhance susceptibility to phishing attacks and ultimately, loss of information, data or money if organizations are required to pay ransom by hackers (Gregory, 2010).
Need for Remote Access Policy
- The policy ensures that each staff is aware of where, when and how to use the company’s internet and don’ts accompanied by this concession.
- Reduces or eliminates altogether exposure of the organization’s network to worms, viruses and malware from external devices.
- It enhances accountability of internet usage in the organization (Eckel, 2006).
- It ensures that the resources of the company are used for organizational needs and not personal gains (Shoemaker & Conklin, 2012).
- It stipulates actions to be taken in case employees violate the codes of ethics on internet usage.
Ballad, B., Ballad, T., & Banks, E. K. (2011). Access control, authentication, and public key infrastructure. Sudbury, MA: Jones & Bartlett Learning.
Eckel, E. (2006, July 19). The importance of a remote access policy. Tech Republic. Retrieved 11 November 2013 from http://www.techrepublic.com/article/the-importance-of-a-remote-access-policy/
Gregory, P. (2010). CISSP guide to security essentials. Boston, MA: Course Technology.
Shoemaker, D., & Conklin, W. A. (2012). Cybersecurity: The essential body of knowledge. Boston, MA: Course Technology Cengage Learning.