Remote Support: How Secure is It?
Remote support can deliver highly efficient tech support by allowing support personnel to remotely take over a customer’s computer. Remote support can result in shorter average call times, a higher success rate, and improved capture of information that can be used by the engineering staff for future updates and patches.
However, a common question often posed by remote support users is whether remote support is secure. Many users are reluctant at first to allow a remote support session to take place, and it is up to the support staff to reassure the customer that it is in fact, secure, and the customer is not at risk.
Remote support can be achieved either through on-premises equipment or cloud-based services, and both offer security. On-premises remote support solutions will typically be designed to work across the firewall so that it does not have to be disabled; a solution that does require disabling the firewall would raise legitimate concerns on the part of the remote customer. Some earlier remote support systems did communicate over a proprietary port which would normally not be open, and required the administrator to temporarily open a port that would not normally be open, leaving the system vulnerable.
Many remote support solutions, whether cloud-based or on-premises, also use 128 to 256 bit SSL encryption, which is accepted as a standard for security and is compliant with HIPAA, Sarbanes-Oxley, and other local and federal regulations. Password protection is also optional for added protection. Further, most remote support systems are permission-based and allow for granular control, meaning that it is less possible to abuse the remote support system to take control over areas of the remote computer that may be sensitive or particularly vulnerable. The granular control options permit the remote user to either grant or restrict permission to certain areas, applications or file folders; for example, allowing for the sharing of a certain application exclusively, while the rest of the system remains private.
An added security concern may come in when remote support software customers are required to download and install a client prior to the remote support session. Although the download is usually straightforward, the process should be made very clear in any case to protect against an illegitimate download at any time.
A valuable remote support feature that some vendors require, is a feature that automatically de-installs the client immediately after the session has terminated. This eliminates any possibility of a rogue takeover later on after the initial session has concluded. A better option is a “thin client” solution that installs through the web browser.