Remote Access: A Fresh Opportunity for Hackers?

As we all remember, in May 2017 NHS England fell victim to a vast global cyber attack; the WannaCry virus. The ransomware attack encrypted hundreds of sensitive files, hitting 48 NHS England trusts — one in five across the country.

And, according to the ECRI Institute’s annual Top 10 Health Technology Hazards for 2019, remote access systems are now the biggest security threat to the healthcare industry.

Worryingly, the report also explains that once hackers gain access to remote systems, they can move around the healthcare network, install ransomware, steal or encrypt data, or hijack computer resources.

But it's not just the healthcare sector that's at risk — with a greater number of businesses encouraging a digital workplace, BYOD and remote working, it has never been more important to ensure you have robust safeguarding processes against all your remote access points.

Why are remote access systems more vulnerable?

Remote access software allows a computer’s desktop environment to be run remotely on one system while being displayed on a separate client device.

Such systems are incredibly useful if you’re a future-focused business running a digital workplace with enhanced mobility for your workforce. Nevertheless, remote access systems are a common hacking target because they are, by nature, remotely accessible.

With so many devices remotely connecting to your network, there’s more exposure than ever to security threats of varying sophistication.

There are several ways hackers can gain access to a network using these systems. These include lack of intrusion or threat detection, poor governance for installing remote access software, and weak remote access account passwords.

How can businesses protect themselves?

Despite the threats, the risks around remote access are not to be feared — there are tactics business can deploy to ensure their access points are fully-protected.

There are two important aspects to securing your remote access systems. Firstly, you need robust access rights and layers of protection that safeguard your core information and most valuable data. You also need safeguarding technologies that identify, protect, and monitor all remote access points.

Touch Secure, for example, is a cloud-based Security as a Service (SECaaS) with 24x7 x 365 proactive monitoring, immediate intrusion detection and threat response using advanced detection techniques. It also sits on the G-Cloud 10 framework, so it’s ideal for public sector bodies like the NHS.

Share an effective remote access policy

Secondly, a reliable cloud-based security technology must go hand in hand with an up-to-date and well-circulated remote access policy for your IT team and the rest of your staff.

Such a document will ensure you (and they) are adhering to recommended cybersecurity practices, instituting a strong password policy, maintaining and patching your systems, and routinely logging system access.

As well as outlining issues such as using strong passwords, listing unauthorised sites and explaining how to manage suspicious emails, your remote access policy should address the following areas:

• Ensuring remote devices have the latest anti-malware and updated operating systems
• Assessing whether devices can be used for personal business
• Are devices connected to a Local Area Network (LAN), Virtual Private Network (VPN), or other service?
• Whether the employee can store sensitive information on the device
• Are devices adequately protected?

It’s perfectly possible, therefore, to allow your workers to remain proactive when working away from the office, whilst ensuring your core information and systems are protected.

With a managed security solution like Touch Secure, coupled with a thoughtful and well-disseminated remote access policy, your entire business will be entirely protected from the inside, as well as from the out.