a man wearing headphones and using a laptop

With so many people working from home, remote-hosted desktops are particularly useful. They can allow an employee to access everything they can in the office smoothly. However, they are also open to potential abuse, and vulnerabilities in remote desktop protocols are significant and growing. Here are some tips on how to protect your data when you have employees using remote desktops:

Limit Devices

The best practice for remote desktops is to issue the employee a company-owned laptop and allow only that device access to the remote desktop. This means you control the security software on the laptop and can prevent employees from installing personal software that might cause problems. You can also use this as an extra layer of security by enforcing a password on the device.

In general, users can be easily discouraged from using phones and tablets for remote desktops specifically, as it seldom works well and they have alternative methods for things like quick email checks.

You can also restrict access to only locations where your employees are likely to be. Locking to specific IPs is possible, but can cause problems; for example, even if your employee only ever works from home, rebooting their network router will change their computer’s IP and lock them out. However, you can restrict by geography, disallowing connections from overseas.

Control User Permissions

Many companies are careless about granting permissions to users and giving employees carte blanche access. Compartmentalizing user permissions and allowing them access only to the files they need can go a long way toward ensuring that a hacker can’t get to all of your data from one compromised account.

Obviously, you need to make sure you don’t negatively impact productivity, but making HR files read-only, for example, can be useful in protecting from malicious actors.

Protect your Data by Enabling Two-Factor Authentication

Two-factor authentication is good practice for all accounts. One good way is to use token-generating software that texts a code to the employee’s cell phone. These codes can only be used once, so are unlikely to be compromised.

You should also limit login attempts so as to prevent brute force attacks and encourage the use of good password hygiene. Passphrases are better than passwords as they are easier to remember.

Monitor Suspicious Activity

One concern with remote work is that supervisors can no longer do random checks on employees in their offices or cubicles. However, it is possible to keep at least a basic check on odd behavior. Obviously, you should not micromanage people, which reduces engagement and productivity. Things you can monitor, though, include connection attempts from odd locations or at times when the employee concerned does not normally work. VPN systems can generally spot unusually high network activity, which can also be a red flag.

Use Encryption to Protect your Data

Requiring files to be encrypted during remote work can improve security on top of using a VPN. The files cannot be read in transit even if an employee forgets to connect to their VPN or turns it off because the system is so slow they are unable to work, both of which have been known to happen.

Use AES 128 and/or AES 256 as the gold standard to protect your data.

Choose a Good Provider

Finally, make sure that the provider handling your servers is using up-to-date security methods. Ask about firewalls and rolling or incremental backups. Also, make sure they have a good record in terms of uptime. It’s even harder for remote workers to continue to operate when the network is down. Additionally, if they are using a virtual desktop they may not be able to access any of their files and may not be able to store stuff locally.

If you have employees using remote-hosted desktops or similar protocols and need advice on how to keep things secure, protect your data, and sustain productivity, contact Bluwater Technologies today.

Recommended Posts

No comment yet, add your voice below!


Add a Comment

Your email address will not be published. Required fields are marked *