I believe that many of the IT-related issues I encounter during site visits or the advice I provide for a client based on real-world experience could be a benefit to other companies as well. This is the first installment of a continuing series of Blog posts called “Notes from the Field” – observations, advice and warnings about IT issues I have come across that may be of interest to your business.
Companies can spend thousands of dollars hardening their cyber-defenses. They may have invested in a top rated firewall appliance, employed enterprise-grade antivirus and malware protection on each workstation or they may even use comprehensive cloud-based security services. Many companies, however, have a common but often hidden security threat that they don’t even know about. And the worst part is that these threats come from within their own organization.
Almost every company for whom I provide IT support has employees who have installed Remote Access software on their workstations. In almost all cases, they have installed this software for legitimate reasons; they need access to their files from home, they wish to remotely control their machines while traveling, etc. Popular Remote Access applications include LogMeIn, Teamviewer, GoToMyPC, VNC, Windows Remote Desktop and Chrome Remote Desktop.
Although these programs may be convenient and they may even utilize strong encryption, they are also designed to bypass a company’s firewall protection unless the firewall is configured to specifically block these applications. Obviously, there are many legitimate reasons to use Remote Access software. But a company that does not monitor the use of these applications is opening doors straight into the company’s private and important data. An employee who is using a simple login and password (most Remote Access applications do not require password complexity or multi-factor authentication) can easily give full control of your business’ internal network to anyone they wish without you ever knowing. How do you feel about a terminated employee who still has back door access to the network?
Here are a few simple things that your business can do:
1) Decide on a company policy for remote network access and inform your employees.
2) Find Remote Access applications already installed on your company’s workstations. You may need to run a network security scan, a network software inventory or just go around to every workstation and check manually.
3) Configure each workstation so users cannot install their own software. This is usually done by Group Policy.
4) Configure your company’s firewall to block Remote Access applications.
5) If you do need to allow some users remote access, standardize on a commercial application that requires strong password security, includes encryption and has a way to audit usage. When a user does not need remote access any longer, uninstall the application or change the password.
If your company is concerned about hidden Remote Access applications within your network, Infinity Networking can assist you in identifying and mitigating this possible threat. Contact us today to request a network security scan.
