The 2013 Trustwave Global Security Report revealed that among 450 data breach investigations conducted worldwide, 63% were attributed to a third-party component of the company IT department. In other words, bad IT outsourcing caused almost two thirds of data breaches. The report revealed that IT outsourcing practices have gradually developed security flaws that hackers find easy to exploit. Luckily, there are ways to protect sensitive data even when using remote access technology to support offshore devices.
The current state
The report disclosed some of the burning security hotspots that companies face, when outsourcing shares of their IT departments. These findings are also the base for improvement.
- Risk of third parties - only about half of companies involved in the report conducted an inventory of all third parties that have access to employment or customer personal data. On the other hand, 47% admitted to running no risk assessment of third-party vendors.
- Personnel risks - a defeating portion of only 15% employees believe that their company is prepared for a security breach, while 42% feel that they lack skills and training to prevent the data breach.
- Vulnerable components – 80% of virtual private networks (VPNs) were targeted through their privileged accounts. At the same time, two thirds of networking managers revealed that their vendors have access to department-specific software. In addition, the companies involved in the report stated that they had over 1,000 POS malware infections, making desktop sharing another exploit that hackers use.
- In order to minimize your company’s remote risks, you need a remote control strategy. It will recognize the maintenance requests, analyze the remote support budget, and ensure that specific security regulations are met.
- Invest in an on-site solution that enables you more control over security. Access to the administration interface for on-site appliances should be made through an encrypted web connection, with options to restrict it to the local console port or a specific network segment. In this way, you can prevent hackers who have network access to the appliance from breaching into administration functions.
- As you are trying to find the optimal remote access software, you also need to assess the third party validations. A number of providers offer software solutions that are certified by security-auditing organizations, with the results of the assessments usually available on the providers’ page.
- For total transparency, you need to make every detail of remote support sessions automatically noted and recorded for audit. A clear record of chat transcripts and file transfers increases the audit effectiveness dramatically. You need a hard measure of accountability for the events during each logged session, so you need a live record of system and IP data, that will show when was a specific device accessed.
- Grade the access privileges, so that only the most qualified and trusted technicians can access the most sensitive data. Keeping the security under control and minimizing the exposure is critical when there is fairly high turnover rate of IT staff and increasing customer demand for extra security.
Introducing secure remote support solutions is important, because it has become evident that companies are not prepared enough for the data security risks that go with outsourcing IT functions. The preventive measures include limiting the access privileges, using secure remote access protocols, and registering every remote support session.
Dan Radak is a web hosting security professional with ten years of experience. He is currently working with a number of companies in the field of online security, closely collaborating with a couple of e-commerce companies. He is also a coauthor on several technology websites and regular contributor to Technivorz.
We would love to hear your thoughts?
Fivenson Studios is based in Ann Arbor, Michigan, our graphic design team specializes in logo and webpage design, as well as marketing campaigns for social and print media. From flyers and brochures to targeted landing pages, we aim to bring your company into the spotlight and reach a greater range of potential customers.