Flexible work has changed the jobs of many IT teams and helpdesk staff forever. Whether it’s expanding BYOD policies, adjusting IT support strategies, handling changing ticket volumes, or all of the above, it’s clear change is necessary. This blog explores the many new (and evolving) situations facing IT support teams and offers best-practice advice for navigating with success.
Security for Remote IT: How to Protect Against Phishing and Scamming
BrandPosts are written and edited by members of our sponsor community. BrandPosts create an opportunity for an individual sponsor to provide insight and commentary from their point-of-view directly to our audience. The editorial team does not participate in the writing or editing of BrandPosts.
By Chris Handley
In this remote work era we’re living in, there are scammers who unfortunately use the remote tools we rely on maliciously. As IT departments support their organizations virtually, some of the biggest challenges they face involve security.
IT teams must eliminate any potential opportunities for scammers to take malicious action against their remote users. For this reason it’s essential that any IT remote support solution offers multiple layers of security.
Here are some important ways to protect your business and end users from nefarious activity.
Branding that End Users Can Trust
Trust is an important aspect of security, which is why seemingly small features like the ability to add branding to make the product your own can be impactful.
Instead of sending end users to an obscure support portal that may seem sketchy, adding your branding with your logo adds an extra layer of trust. This way people know they’re in the right place to get help. In some cases, you have full control over the applet. You can customize the name and add your logo to the one-time executable that’s downloaded after the employee enters the PIN code, so they can be confident they are getting support from the right people. End users see your branding and know that’s where they’re supposed to be.
Self-hosted PIN Page
If you don’t want to direct your employees or customers to the solution provider’s external webpage, look for the option to embed that form on your website, with the ability to customize it with your company name and branding. Again, users know they’re in the right place.
Example of a public-facing, self-hosted PIN page.
On top of that, consider adding a few extra security layers:
Company PIN Code Validation
This means only PINs generated from your own support account will be accepted. If someone malicious tries to trick your employee or customer into a support session on your webpage, their PIN code won’t work.
You can take that one step further and lock your PIN codes so they are only accepted on one site. If a user accidentally goes to the solution provider’s URL or another site, your PIN code won’t work. Users will be redirected to the correct page for valid support.
This feature prevents HTML scraping. Let’s say a scammer wanted to try steal the HTML on your custom PIN page to set up a “dummy” page. With domain validation, the PIN entry/channel form HTML snippet will be validated against the domain(s) entered within the admin center. The company PIN codes and/or channel entry form will not be accepted or function on that malicious actor’s page. This provides a layer of protection against phishing attempts that try and obtain information about your users without interacting with them directly.
When your technicians are remote, as many are right now, you want to ensure they’re adhering to company policies and accessing your tools where they should be accessing them, whether that’s on your VPN or from other company-designated equipment.
Example of an IP Restriction error message.
As an admin, you should be able to set IP restrictions for your technicians so that they can only log into the technician console from within your network or from an approved list of IP ranges. If they try to log in from a different device or network, they’ll be locked out.
Additional measures take IP restrictions a step further to restrict access to only users in your company.
Look for the ability to provide your solution with a list of your IP ranges. The solution will check the IP when the session starts, and if the PIN code entered didn’t come from within the IP range in your account, the session won’t start. Employees won’t be able to receive support from any other account than your own.
Example of a Restricted Access message when the user’s IP is outside the specified range.
This is probably the most restrictive layer, but in the kind of world we’re in, it is an important layer that a lot of companies are turning to.
Thriving in a remote world requires taking a good hard look at your systems and processes. Your remote support solution is an important part of your IT toolkit. Be sure that it helps lock out malicious activity and keep your organization safe on multiple levels.