Involve employees and limit access
- Get everyone on the same page. Review data security practices to ensure employees protect sensitive data.
- Limit who has remote access to your systems. Only provide remote access to those whose job requires it. Do not share remote access credentials. Ensure everyone has a unique username and password.
- Do not allow guest accounts. Guest accounts allow anonymous computer and system access. Disabling these accounts protects against unauthorized users.
- Limit login attempts. Set your remote access to lock out a user after three failed login attempts, and ensure administrators are able to unlock authenticated accounts.
- Minimize third-party vendors’ access and monitor it regularly. This can be accomplished by a second authentication factor that requires the third-party to telephone the site and speak with an authorized manager who knows the vendor. The on-site manager may then authorize a temporary access controlled remote session for the vendor. When a vendor’s work is complete, the on-site manager should perform a due diligence check and terminate remote access.