Telecommuting and Remote Access in the Age of Cyber Insecurity
by Vijay Basani
This article is the first in a two-part series. Read the second part here.
A new survey from the Society for Human Resource Management (SHRM) reported what most of us suspected. Since 1996, the percentage of organizations offering telecommuting benefits has tripled – going from 20 to 60 percent. As working from home or on the road increases in popularity, cybersecurity risks are sure to follow.
While remote access is necessary for successful telecommuting and the teamwork approach, companies can be putting themselves and sensitive data assets at risk because of the lack of secure communications and file transfers outside of the corporate firewall.
The Importance of Remote Access
Remote access generally means control of one computer from a second computer located elsewhere, which can be crucial for businesses for a variety of reasons. Colleagues or partners may be located in another country, for example, and they may be asleep while their files are needed by users in the United States, who can then access the data remotely.
However, the danger of remote access hacks cannot be ignored. After all, if a legitimate user is logging into a faraway machine often, that machine has permissions and other settings allowing that person to use the device without being present. If the attackers can impersonate the authorized user, they can also intrude on the target system and appear as just another telecommuting employee, and then proceed to harm their new victim.
Take the recent case of TeamViewer, a popular proprietary piece of software for establishing remote access between computers. Thousands of TeamViewers users’ password credentials were compromised during a massive breach. Masquerading as the legitimate remote access user, attackers then commandeered machines with the TeamViewer software installed using them to benefit themselves—for instance, by accessing PayPal accounts and sending themselves money.
It was determined that the TeamViewer compromise was due in part to the popular but ill-advised approach of reusing passwords on multiple sites. This breach was connected to another major breach, the leak of more than 600 million passwords, which gave cyber criminals a lot of material to work with. With a little guesswork, the cyber criminals had a hunch that TeamViewer users might be using the same passwords used for other breached sites.
Despite the potential for threats, remote team access and telecommuting aren’t going away anytime soon. And while no IT security system or software is a 100 percent hack proof, there are some steps organizations can take to make sure their corporate networks and data remain as secure as possible. So how can organizations both provide their employees with the ability to work while on the road or from remote locations safely and securely? We’ll touch on two important tenents that should be incorporated into the corporate IT security policy that may prevent employees from unwittingly becoming a hacker’s pawn: password security and unsecured Wi-Fi networks
Eradicate Bad and Dusty Passwords
Like in the case of TeamViewer, employees oftentimes use the same password on their work machines as they do for personal accounts. If the services hosting personal accounts are breached, then hackers targeting a work account can then attempt to use the stolen passwords from the user’s personal account. Although more management is required, different passwords should be used for every account. It’s important that passwords are never reused. If each password is unique, they are more secure. If a site offers two-factor authentication, take them up on that offer. Here are some tips for what NOT to choose for a password:
- Password or Password1234
- Popular terms from pop culture, like “starwars” or “princess”
- Names of family members, family members or pets
Vijay Basani is the co-founder, president and CEO of EiQ Networks.