4 best practices for secure remote support

null

Customer service teams today use a wide range of new technologies to help us resolve any number of issues we may have with our beloved devices. Of all of these technologies, remote support has emerged as one of the stand-out favourites. And for good reason.  Remote support solutions take the guesswork out of IT problems by connecting support staff directly to customer’s devices, and provide a front row seat to the issues at hand. The days of lengthy conversations between customer support teams and novice users seem like a long time ago now – “click on this”, “no over in the right corner” “do you see that menu that looks like a hamburger?”

Remote support technology has forever changed how customer service teams assist customers.  It not only helps agents get resolutions faster to increase productivity, but also creates a better overall experience.  However, just like any other technology, the security of these solutions is paramount to maintain long-term success. Hackers are getting more sophisticated every day and organisations cannot afford to leave any door open that will expose valuable and customer and business data.

Recent reports show that the estimated annual global cost of cybercrime damage that companies will have to face by 2021 is now $6 trillion, up from $3 trillion in 2015. Financial loss is not the only problem, however. These incidents can also impact brand image, discourage innovation, and may hinder users and organisations from embracing new technologies in the future.

With security breaches making headlines every single day, providing remote access – even if the end result is happier customers and agents -- can be a scary proposition for some organisations.  That being said, remote support solutions are being used by the world’s most trusted brands in both their internal IT and external customer support environments to boost customer satisfaction and agent productivity. 

So, how can businesses take advantage of these tools while at the same time keep their organisations and customers safe from the prying eyes of cyber criminals?

All security experts will agree that organisations who leverage these types of support tools need to make sure they meet the highest level of security possible.  But that can feel like a lot of hyperbole for most people.  No one sets out to implement solutions with subpar security – do they?  What does the “highest levels of security” really mean? How can organisations keep customers safe and consumer confidence in the technology high?  Here are a few things to note:

Good database security is not an option

Whether it is business or customers’ data, your database can be a huge goldmine for hackers if not properly protected. Especially if you cannot control how data is transferred and stored while using remote support, data encryption plays an important role in securing the database as is the ability to detect data manipulation, database backup and the knowledge of the country where your data is stored.

“Key agreement encryption” is another thing that is often overlooked but it is very important for ensuring secure remote sessions. This makes sure that when a technician starts a remote session with a client, their computers must agree on an encryption algorithm and key to be used in that session. Use a remote access software that uses SSL certificates and verification systems to help keep data safe.

Strong passwords alone are not sufficient

It is now common knowledge that strong authentication is crucial for organisations. But simply having a strong password is not enough. As recent high-profile security breaches have shown, relying solely on passwords is becoming less adequate for protecting sensitive systems and data.

Two-factor authentication, for example, is a good way to ensure that anyone that tries to connect to the system is who they say they are. Two-factor authentication requires something you know (a password) and something you have (a one-time code, for example). This means that even if your password is compromised, there is still another layer of security that will keep your session safe.

Emphasis on clearly defined roles and authorisations

We cannot overstate the importance of clearly defined roles and authorisations as this feature on its own can go a long way to ensuring security. For example, most technicians must be authorised at least once during every remote access session, many remote access support solutions provide this feature via IP restriction, selective administration permission and security certificates.

Nothing should be left should assumption and all permissions should be defined to a granular level.  Organisations should also be able to create support channels that allow specific issues to be assigned to specific groups and follow through escalation levels to improve customer service.

The importance of session reporting and recording

Data breaches, unfortunately, don’t always come from the outside.  A recent report suggested that 25 per cent of data breaches are carried out from within the organisation.  Fighting an internal hacker can be difficult, but ensuring your remote support software can record and report each and every remote session can help keep agents accountable and help with liability issues. 

With data breaches becoming more frequent and sophisticated, and the consequences more long-term than ever, this list is never complete and should always be evolving.  No matter how easy or complex the security landscape gets, organisations can never afford to rest on their laurels. The bad guys never rest so, unfortunately, neither can anyone else.

Peter Zeinoun, director of products, LogMeIn Rescue
Image source: Shutterstock/deepadesigns