How to keep your remote access solution from becoming a hacker portal
Earlier this week, we brought your attention to the July 2014 Visa Security Alert, which identified remote control solutions as a major inroad for cyber criminals in POS environments.
Multi-factor authentication, along with other important security measures, emerged as practical, and essential, strategy for keeping these criminals at bay. Today, we'd like to take a closer look.
Why is remote control such a ready inroad?
Here's how SC Magazine UK answers that question:
"Remote access services such as LogMeIn or TeamViewer provide superb levels of functionality equivalent to a direct remote desktop session, and, naturally, are highly secure in their architecture and operation.
"But if account credentials are stolen, direct access to customer systems is then afforded to the password-thief and suddenly, the feature-rich, easy-access remote access service will be providing the ultimate hacker portal to the customer's sensitive data."
Point being, where remote access software is concerned, keeping hackers outside the door is an issue of extraordinary importance. If your solution fails to offer sophisticated security tools, you may find that your third party service provider has become your "hacker-portal provider."
So security must come first. Solutions that offer multi-faceted security functionality are much less likely to let a hacker through the door. Chris Twyman, Global Solution Manager at Netop, puts it this way:
"Any organisation, including service providers, looking to benefit from remote access services should always consider tools that provide multi-factor authentication, particularly those in regulated industries. This mitigates the risks associated with standard usernames and passwords being lost or stolen. Netop Remote Control is one of those tools, but there must be others who also take this seriously."
Security doesn't end with multi-factor authentication.
A security strategy is most effective when it involves a combination of defense measures: i.e., when it's defense-in-depth. PCI compliance is a good place to start. Choose a solution that helps you achieve it.
There are a few other essential features we'd like to highlight as well. One is the ability to define granular access rights; this lets you decide on a case-by-case basis what your third-party vendors will be able to do. When you're working with many external vendors, you don't want to grant everyone cookie-cutter privileges. You need their access rights to reflect the job they're there to do. Not only does this help protect you from vendor misconduct; it ensures that even if a vendor's credentials are hacked, the criminal will not, in so doing, achieve automatic, comprehensive access to your entire system.
Finally, choose a solution that provides a comprehensive audit trail. According to the annual Verizon Data Breach Investigation Report, it's not uncommon for breaches to go unnoticed for painfully long periods of time - days, weeks, even months on end. The best way to detect a breach quickly is to keep a comprehensive log of all user activity... and monitor it.
How do you use remote control software at your organization? Click here to see how Netop Remote Control can help you achieve your remote access goals.