By submitting this form, you agree to receive RealVNC education content, special offers, exciting news and product updates. You can withdraw your consent at any time. We respect your data, see our Privacy policy.

5 common misconceptions about remote access security

Giulia Ceccon | 14 Feb 2019

Remote access securityWhat’s preventing your company using remote access software? According to our research, some companies are put off using remote access software because of existing misconceptions about the risks they think it might pose to the security of their business.

The problem with these misconceptions is that they often prevent firms from adopting a technology that would provide significant, measurable business benefits. In this post, we’ll examine some of the most common, and offer some much-needed reassurance that they aren’t the threat to security that you might have imagined.

Here they go. 

1) Remote access does not support compliance

When deploying a remote access strategy, regulatory compliance is a major consideration for many industries, such as finance and medicine. To achieve compliance there are multiple considerations that must be addressed in relation to security, privacy, and visibility.

Compliance regulations such as HIPAA, PCI-DSS, and GDPR have stringent requirements when it comes to the handling and processing of corporate and personal data, so it might not be immediately clear whether remote access can satisfy these requirements. These concerns are understandable, as failure to satisfy compliance regulations can result in large fines, potential loss of business and reputational damage. 

In reality, a professional remote access solution will help to support the compliance process for your company, as long as it offers some key security features:

  • Multi-factor authentication— all remote access sessions need to be authenticated as, or before, they start. Multi-factor authentication (MFA) refers to the use of two or more separate methods for validating your identity. This could be as simple as username and password as the first factor, and then a one-time validation code or key-chain that gets sent to your email account or phone.
  • Session encryption—remote access sessions must be encrypted end-to-end. The minimum encryption level to look for is 128-bit, though 256-bit will give you a higher level of protection.
  • Remote access logs—you need to be able to demonstrate log and audit history of everyone who has accessed your network remotely. This is often one of the first things an investigator will ask for during a review or if a breach has occurred, so it’s essential that your software supports it.

2) Remote access gives staff too much control for comfort

Another common misconception about security is that using remote access will allow staff to access information to which they are not entitled, or even allow malicious third parties to steal confidential data.

You can put these fears to rest by adopting a remote access software that allows you to control users’ access rights. This way, you can grant different levels of access to different employees, and create teams of users to arrange staff by work functions assigning the minimum level of permissions they need to operate. 

For example, you might decide to disable the ability to transfer files or copy and paste text from remote devices for users who do not require that functionality.


3) Remote access isn’t secure enough

Of course, no computer software is completely secure, and remote access is no exception. Determined hackers can use many clever techniques to try to breach the security of your software and steal your data. 

Imagine you have staff collaborating remotely on a major project: commercially sensitive data is being exchanged regularly across the country, and the last thing you want is for this information to fall into the wrong hands. Reputable remote access will offer several features to prevent that from happening and prioritize the protection of your data.

To start with, as information is transmitted from site to site and person to person, it can be encrypted to prevent anyone eavesdropping on your connection. This can be easily achieved by granting a good level of encryption: 128-bit will provide strong protection, but if you want to be even safer or if you need to satisfy certain compliance regulations, you can choose a software that offers 256-bit encryption.

To prevent unauthorized people from gaining entry to the remote access accounts of your staff, look for a solution that supports multi-factor authentication (MFA). MFA is very important to maximize security because it adds one or more layers of protection compared to just using a siingle password. This more complex authentication method involves a combination of two of more of the following credentials:

  • Something the user knows, such as a password, Personal Identification Number (PIN), or the answer to a security question.
  • Something the user has, like a device or a smart card.
  • Something the user is, like a fingerprint or face recognition.

Using a combination of credentials means that if one method of authentication is breached, a hacker would still need the other credential (or credentials) to gain access.

Another clever feature of some remote access solutions is screen blanking. If you’re working remotely and have forgotten to turn off the monitor of the device you're connecting to, you might be worried about people seeing what happens on the screen while you’re not there. This feature will give you the option to automatically blank the screen of your remote device to protect your privacy.

A combination of these measures should be enough to give you the peace of mind you're looking for by ensuring that your remote session is protected by the highest possible level of security.

4) Secure remote access is very expensive

Open source remote access solutions that are offered for free may look attractive, but you also get what you (don't) pay for: holes in their security. Conversely, highly secure, paid-for remote access solutions do cost money and might look expensive at a first glance. If you dig deeper though, you will find that the price is not at all unreasonable, and that going for a free solution can end up costing your business a lot more in the long run.

Many remote access solutions now work on a Software as a Service (SaaS) model, where you lease software by subscription from the company that created it and who are also responsible for its ongoing maintenance. It has lower initial costs, a faster development cycle, and is updated frequently to fix the latest security issues and bugs.

Because SaaS works on a subscription model, it’s very flexible and provides good value for money: you can buy licenses for just the number of users you need at any one time and know exactly how much you are spending month on month for your secure connection.

If you’re still put off by cost and are thinking of going with a free, think that a data breach costs on average $2.2 million for "smaller" incidents with fewer than 10,000 compromised records, and 69 days of work to contain it. I know we're biased, but if you ask us this is definitely not worth the risk. 

5) The security risks of remote access outweigh the benefits

As we’ve seen, modern remote access solutions come with several measures designed to make sure that your connection is as secure as possible, so you should have no concerns about using a reputable one. Given the vast benefits that remote access can deliver, a company has far more to lose by not using the technology, especially if their competitors adopt it before them.

Whatever the size of your company, but especially for smaller firms, secure remote access can help you get an edge on your competitors by making your employees more productive, improving the efficiency of your business, and keeping your customers happy. In a competitive marketplace you need every advantage you can get, and this technology can help you retain and grow your customer base.

For instance, having secure remote access enables you to offer more flexible and remote working for your staff, expanding your talent pool and cutting overhead costs. It can also give you the opportunity to support your customers quickly wherever they may be, offering them them a better, more personal, business experience. With a correctly configured remote access solution, both parties can be sure that any information you exchange online is secure, protecting vital business goodwill.



 

There are many ways to protect your business and avoid falling vicing of a data breach. The first step is to support cybersecurity awareness in the workplace by training your staff and encouraging them to keep up-to-date with the latest cyberthreats. The next, and possibly most important, is to do your research when it comes to sourcing your software, making security your top priority.

We hope that this post has convinced you that the misconceptions around the security of remote access software are misplaced and there’s no reason why you shouldn’t invest in the technology for your company.

In not doing so, you’re potentially missing out on a range of benefits that could make your organization more productive and profitable. You can find out more about choosing the right remote access solution for you here.

2019 remote access security checklist



 

Giulia Ceccon

Written by Giulia Ceccon

Topics:

All

 

Comments