Remote access management

Remote workers have their own operating guidelines, which are monitored. In addition, regular training is provided to staff to identify threats to information security arising from the use of mobile devices and remote work, and to review the guidelines.

The selection and up-to-dateness of web browser greatly affects e.g. experience, operation and browsing security of online services. When the entire organization uses the same web browser, instructing is easier and security is improved.

IT has chosen the browser to be used, monitors the staff in using the correct and up-to-date browser and supports the staff in the use.

The organization shall ensure that the monitoring and management of remote connections is automated, that remote connections are encrypted to ensure their integrity and reliability, and that remote connections pass only through approved and managed Network Access Control (NAC).

The organization must also make possible for the remote connections to be closed within a specified time.

When working remotely, the employee must follow the following guidelines:

• remote work may only be performed in rooms where eavesdropping is not possible
• remote work must be agreed in advance (e.g. on a one-off basis or in an employment contract with flexible work arrangements) or remote work must be requested by the employer
• the employee must ensure the required security for remote work equipment (e.g. backup, malware protection, firewall, encryption, updates)

An appropriate log is generated from the use of the network to enable the detection of actions relevant to cyber security.

The normal state of network traffic (traffic volumes, protocols, and connections) is known. In order to detect anomalies, there is a procedure for detecting events that are different from the normal state of network traffic (for example, anomalous connections or their attempts).