Feb 17, 2017Industry insights,
The more obscure the more secure
One of the biggest challenges for businesses is the growing requirement for remote working. Remote working can provide an agile solution for expansion, overcome geographical challenges and is a cost effective approach. But this flexibility can come with an unseen cost; the heightened risk of a potential cyberattack.
Remote workers will need to access the business’s network, and to do this they will often use a VPN (Virtual Private Network) or a remote desktop, which can open a gateway to the main business’s terminal server. In doing this, it creates a certain level of exposed vulnerability.
A great and simple way of increasing the basic levels of security when you have people accessing the terminal server remotely is to develop a more robust process for remote access login, that includes documented recommendations for more secure practices.
As one of the ways cyber-criminals are accessing business data is via the terminal server, an easy way to protect your server is to remove the remote access from the default port 3389. A would-be hacker could easily find your IP address online and with any one of the online port checker tools, they can clearly see when a remote access terminal server port is open. Once they have this information, all they need to do is combine this with the username and password and they can infiltrate your IT systems.
We’d recommend the core elements of this policy contain the following:
- Only provide remote access to those individuals that actually require this to fulfil their role.
- Ensure the list of all people with remote access is stored securely.
- Regularly manage the list of users with this access to ensure they still need these privileges and remove any that don’t, such as once they leave the business.
- Ensure users change their username to a standardised format and regularly change their password to something secure. Equally, no part of the username should form part of the password.
- Consider the use of a two-factor authentication, where the user and VPN connection itself will each have an access password.
- Remove your terminal server from the default port.
These points won’t be able to prevent all forms of cybercrime, but they will make it much harder for the hacker to break into your business’s IT systems, and hopefully give you the peace of mind that your IT systems are that little bit more secure.