How to protect against Remote Hosted Desktop Risks
Remote hosted desktop technology extends the reach of your business beyond a physical office. It lets your employees work from anywhere and can save you a considerable amount in upfront hardware and app licensing costs. And in today’s COVID-19 world, RHDs allow for business continuity amidst the unpredictable ebb and flow of lockdown restrictions.
However, along with boons come new security risks waiting to pounce on poorly secured networks.
Employees forced to use personal devices, unsecured home networks, businesses scrambling to go live as fast as possible–the abrupt shift towards remote work presents an easy and lucrative opportunity for cybercriminals. Attacks on remote desktops are increasing. Even using virtual private networks (VPNs) can’t completely shield your remote workers from hackers. A compromised employee using a VPN only means malicious actors now have untraceable access to your network.
Fortunately, securing your remote hosted desktop network doesn’t require dramatic shifts in protocol. Businesses who have strong cybersecurity measures in place will find that many of these measures are similar to ones you’d implement in a physical office.
Enable Two-Factor Authentication
Lock your network behind a two-part key: a username and password, and a one-time code. Software like RSA SecureID generates new tokens, which consists of randomly generated numbers, by the minute. Thieves may get their hands on credentials, but random fobs will remain constantly elusive, making you a harder target.
Bolster your password security further by limiting login attempts. Assisting employees who may have forgotten their passwords may be another item atop your daily tasks, but it’s much better than the alternative. Limited log-in attempts help protect from brute force attacks, where hackers develop an automated script that tries thousands of combinations in an attempt to guess passwords.
Practice good Password Hygiene
Passwords continue to be a major cybersecurity risk in the UK. Millions of Brits have been compromised by weak passwords, according to the National Cyber Security Centre (NCSC).
Luckily, the risk is easily snuffed. Start by educating employees about good password practices–no names or other easily identifiable information, like your favourite local football team. However, alphanumeric combos are difficult to remember; coupled with limited log-ins the experience can be frustrating for both end users and admins. NCSC technical director Dr. Ian Levy recommends using at least three words of some personal significance, but aren’t easily guessed by a quick scan of your online profiles.
Add Another Defensive Barrier through Encryption
Encryption is one of the strongest fortifications you can use to protect your data. The tech works by converting your information into a cipher using mathematical equations. The process essentially renders the data inscrutable to unauthorised individuals looking in, even if they manage to intercept data transmitted between your remote employees and the host server.
The Advanced Encryption Standard (AES) is the most mainstream form of encryption, used by everyone from businesses to governments. AES 128 and AES 256 are currently the most sophisticated methods. Even the world’s smartest supercomputers would take billions of years to crack an AES 128 key. Make your data harder to steal by choosing a remote hosted desktop provider that offers state-of-the-art encryption (like us).
Limit Access to Pre-Approved Devices and Locations
Restrict access to computers, phones, or tablets that have already been installed with firewalls and appropriate security measures. Requiring users to log into specific devices can also safeguard against cybercriminals trying to use stolen credentials on unauthorised computers.
You can also restrict access by location. If your employees have no business working from India, the US, or simply anywhere outside the UK, you can block any permissions from unknown locations. Access attempts from unfamiliar IP addresses can also help you identify suspicious activity or compromised accounts.
Grant user Permissions on a Need-to-Work Basis
Your employees don’t need carte blanche access to all your files. Marketers have scant use for backend information. Accounting documents are beyond the scope of the data your IT team needs to do their jobs.
Limiting access to sensitive information protects your data in a myriad of ways. It prevents employees from accidentally deleting files, minimises inside job thefts and leaks, and prevents criminals from infecting files laterally from compromised user accounts. These limitations don’t have to be overly tight as to throttle productivity. You can toggle specific files to be view only for the majority of your workforce, such as HR or security policies, or prevent certain documents from being downloaded.
Monitor Suspicious Activity
Removed from the office, verifying or checking employee behaviour and usage is incredibly difficult. There’s no walking over to a colleague’s cubicle to check why there seems to be a heavy increase in data traffic.
One way to limit risks and spot suspicious activity is by limiting the time users should be logging in. For instance, log-ins during the weekend when no one should be working, or has asked to work, can be a red flag that’s worth investigating.
Audit and Optimise
Like any other software, your remote hosted desktops can crash or become unresponsive. There can be multiple reasons behind subpar performance, such as a certain task overloading the connection or your firewall blocking the software from initialising. Regularly reviewing these instances allows you to prevent them from happening again, reducing disruption and improving business continuity.
Logs are also a useful tool for staying on top of your remote network. Your remote hosted desktop system should allow for detailed logs that let you review each action taken during the session. This lets you identify potentially risky activities or bottlenecks that are throttling your users’ productivity.
Choose Competent Service Providers
With remote hosted desktops, your infrastructure lives on servers. Large enterprises may be using on-site hardware, but for most businesses, the economical choice would be to rent or work with a service provider.
Security should go without saying. Ensure your service provider is using up-to-date security measures such as firewalls and rolling backups. Uptime is another crucial factor to consider–if the server goes dark, so does your operations. Your service provider should be transparent about uptime rates and fail-safe measures.