Remote Access & Multi-Factor Authentication (MFA) Policy
1. Purpose: This policy defines the security requirements for remote access to Bravas Technology’s systems to ensure the protection of sensitive data and maintain the integrity of company resources. It mandates the use of Multi-Factor Authentication (MFA) and controlled network access to mitigate risks associated with remote work.
2. Scope: This policy applies to all personnel, including employees, independent contractors, and third-party service providers, who require remote access to Bravas Technology’s systems and services.
It covers cloud-based platforms (e.g., Google Workspace, HubSpot, SafetyCulture, Employment Hero, Trello, QuickBooks), company-owned devices and approved personal devices used to access company systems remotely, and client workspaces accessed on behalf of Bravas Technology’s services.
3. Remote Access Guidelines: To ensure the security of Bravas Technology’s systems, all remote access must comply with the following guidelines.
Secure Network Usage: Remote access should only be conducted over secure and trusted networks. Public or unsecured Wi-Fi networks must be avoided; if necessary, users must enable a Virtual Private Network (VPN) to establish a secure connection.
Multi-Factor Authentication (MFA): MFA must be enabled and used for accessing all company systems, including Google Workspace, HubSpot, SafetyCulture, Employment Hero, Trello, and QuickBooks. Users must configure MFA using company-approved authentication methods (e.g., authenticator apps, security keys).
Device Security: Devices used for remote access must have up-to-date security patches, firewalls, and antivirus software installed. Lost or compromised devices must be reported immediately to the Director, Darcy Patterson for investigation and necessary action.
4. Responsibilities: User Responsibilities: Ensure MFA is configured and actively used for all required platforms. Connect only through approved secure networks and avoid public Wi-Fi unless using a VPN. Maintain strong, unique passwords and adhere to company Access Control & Passwords Policy. Report any suspicious activity or unauthorized access attempts immediately to the Director.
Bravas Technology Responsibilities: Conduct regular security audits to ensure compliance with remote access protocols. Enforce access reviews to verify that only authorized personnel have remote access privileges. Provide training and guidance on secure remote access practices to employees and contractors. Monitor login activity and investigate unusual access patterns.
5. Monitoring & Compliance: Bravas Technology continuously monitors its remote access security through system access logs to track login attempts and detect anomalies, automated security alerts for unauthorized access attempts, and quarterly compliance audits to assess adherence to MFA and remote access security requirements.
Failure to comply with this policy may result in suspension or revocation of remote access privileges, termination of contract or employment for repeated non-compliance, or legal action if unauthorized access results in data breaches or security incidents.
6. Policy Review & Updates: This policy will be reviewed annually or updated as required to align with new cybersecurity threats and industry best practices. Any changes will be communicated to all personnel, and compliance training will be conducted as needed.
Acknowledgment & Agreement: By accessing Bravas Technology’s systems remotely, all personnel confirm they have read, understood, and agree to comply with this policy. Failure to adhere to this policy may result in restricted access or disciplinary action.