With COVID-19 (coronavirus) cases increasing by the day, organizations in affected countries around the world are asking employees to work remotely. However, offering this option without proper supervision and preparation raises security concerns.
The Microsoft Remote Desktop Protocol (also known as RDP) is used to allow remote desktop to a computer. Very easy to use and widely implemented, Remote Desktop even comes built-in to most versions of Microsoft Windows. It’s a powerful and convenient business tool to facilitate remote working but it does need further securing.
Access can be first restricted by ensuring Remote Desktop is used behind a secure virtual private network (VPN). Then two-factor authentication (2FA) that is compatible with RDP and VPN should be implemented to augment traditional password authentication.
What are the risks of working remotely?
IT professionals understand that remote working is extremely beneficial, but they also know that remote workers create risks.
Research shows that 92% of IT professionals believe the benefits of remote work outweigh the risks.
But their approval of remote work as a whole comes with some concerns. 90% of respondents think that remote workers pose a general security risk, and 54% think they pose a higher security risk than employees on site.
Whether we’re talking about insecure networks, the risk of spying or hacking, or even exploited employees, the risks of remote working ultimately concerns how IT can securely extend access to the corporate network – and the sensitive data inside.
How to secure your remote employees?
Raising employee awareness around the challenges and risks of IT security is essential. However, this is not enough. There are steps to be taken in addition to awareness.
-
1. Use a VPN
Using a VPN opens a secure tunnel between the remote desktop and your corporate network.
-
2. Secure access to VPN connections
For users to be able to work safely outside the office, IT administrators must be able to limit VPN access to certain authorized enterprise laptops. Any attempt to access from another machine must then be denied.
-
3. Two-factor authentication for VPN sessions
VPNs are meant to give users access to your most sensitive resources, therefore hardening them with 2FA is a crucial step toward preventing hackers from gaining access to your corporate network.
-
4. Monitor and manage all RDP sessions
Setting up a monitoring solution for RDP connections is a great way to detect abnormal access. Real-time alerts and an automated response allow you to act before any damage is caused.
-
5. Two-factor authentication for RDP sessions
2FA helps secure user access to the Windows environment. For remote connections the need is even more paramount. End users who connect remotely or virtually to a computer on the network should be challenged with 2FA to verify their identity.
A solution to secure your RDP &
VPN sessions
With remote and mobile access quickly becoming the rule rather than the exception, UserLock alleviates this increased risk to enterprise security and protects against inappropriate or suspicious access.
Working alongside Active Directory, the solution helps administrators manage and secure access for all users (remote or on-premises), without disturbing employees or upsetting the IT department.
- Secure VPN connections by only allowing a user access to a certain authorized device.
- Monitor and react to any user session (including RDP and VPN) direct from the UserLock console.
- Enable two-factor authentication on all Windows logins and RDP & VPN sessions.
- Choose to apply 2FA on RDP connections that originate only from outside the corporate network, or for any RDP connection inside or outside.
UserLock supports 2FA through authenticator applications that include Google Authenticator, Microsoft Authenticator and LastPass Authenticator, or programmable hardware tokens such as YubiKey and Token2.