Is your remote control security bullet-proof?
When it comes to remote control, I always say “Convenience overrides paranoia,” meaning that customers will get over their paranoia at having a stranger accessing their system when they see the value that comes from using remote control (faster and easier problem resolution) . But for this to work, you need to make sure that the customer has absolutely nothing to worry about.
I’ve recently talked to a few members about remote support and security, and also we just recorded a mini-webcast, sponsored by Bomgar, with an open discussion on security and compliance with Phil Smiley, Director of IT Security for SSPA member BMC Software and Phil Demuth, VP of Internal Systems for ITI Fiserv. It was a really enlightening discussion. For instant access to this 30 minute mini-webast, click here.
Here’s what I learned:
- Use a ‘best of breed’ remote control product with strong security features. In our 2008 SSPA Member Technology Survey, 15.9% of members were using ‘home grown’ remote control solutions. Heaven knows I’m not a security expert, but having had security briefings from multiple remote control providers, there are levels of security in these packages you aren’t going to have with internally developed systems.
- Leverage the product’s audit trail to capture every action of the agent. Different products track different things in the audit trail, with some now giving you very granular control over exactly what to record, or to record everything-including a screen cam of what the support tech did during the session. You may think this is overkill, and it will take up a lot of server space, but when a customer complains one day of unwanted access, you’ll have the whole story on file.
- Enable tracking of uploads/downloads to/from customer systems. This is a feature in some suites, and I think a helpful one. If techs are responsible for checking/adjusting settings only, they may not need the ability to upload and/or download files to/from the customer machine. If you are able to disable this feature, you can promise the customer no virus will be introduced and no personal data will be stolen.
- Prompt customers to approve uploads/downloads during the session. When techs do need the ability to upload/download files during a remote support session, some products allow you to prompt the customer to approve the upload/download before it begins. This forces the support tech to explain what they are doing and further limits unwanted access.
How are you messaging to customers that remote access is safe and secure? Any security hiccups you are willing to share? Add a comment or shoot me an email. And as always, thanks for reading!