Remote Control Software and Proper Security: Key Considerations

ConnectWise CPO Jeff Bishop
Author: ConnectWise Control GM Jeff Bishop

As a technology services provider (TSP), you’ve likely received a panicked call from a customer who received a legit-looking pop-up computer message warning about a problem with that particular computer. The pop-up, which may have had your branding or look as if it was from Microsoft, Apple or another well-known company, directed the person to click the provided link and authorize the person who sent the message to remotely fix the hitch on the spot.

Of course, the instructions made sense because chances are that individual has at some point in the past happily handed over remote control of the machine to a legitimate technician. And so, with a single keystroke, a malicious scam came to fruition, giving the hacker easy entry to private information stored on that particular computer and possibly even the company’s servers.

Without a doubt, remote access and support software is critical to the success of today’s tech teams, as it allows you to meet service delivery expectations while increasing efficiency whether your customers are across the street or on the other side of the country.

However, with nearly 11,000 tech support scams resulting in $8 million in losses reported to the FBI in 2016 alone, according to its 2016 Internet Crime Report – and who knows how many went unreported – it behooves every single TSP to ensure that 1) its customers are prepared to recognize and avoid scams, and 2) its remote control software offering includes security features that instill a high level of customer comfort and confidence.

Educate clients how to spot scams before it’s too late.

Most tech support scams begin either with an email, cold call or pop-up message that spoofs a legitimate company’s branding, possibly including that of your own TSP. Therefore, ensure your customers know that they will NEVER receive any unsolicited remote access requests from you or from any other legitimate company. The only time they should accept a request asking for remote access of their devices should be in direct response to the users’ specific request for technical assistance.

You should regularly remind your customers about the following remote control rules of the road:

  • If you receive an unexpected phone call requesting access for a computer problem fix, immediately hang up. Do not engage with the person on the end of the line; do not provide any information about your company, email address or passwords; and do not trust Caller ID. Savvy scammers often use phone numbers that show up as bona fide businesses.
  • Immediately shut down and delete unsolicited pop-up messages or emails asking you to contact tech support. Most importantly, do not click on any links or call any numbers that might be provided, even to check out if a request is legitimate.

Also tell your customers that if they have any lingering concerns about their computer, they should contact you – their technology support team – directly through pre-established, secure channels.

Use remote control software that makes the client comfortable.

One way to ease the concerns of clients who are reluctant to hand over remote control of their computers or servers is to ensure the software you are using provides them a high level of control and complete transparency. To achieve this, look for the following customer-friendly features:

  • Permission-based access that gives customers full control over a connection to their machines
  • The ability for the customer to watch the tech work, initiate chats and end a session at any time
  • Automatic removal of the support client from a customer’s machine at the end of the session
  • Role-based security permissions that limits technician access to specific functionality and sessions
  • Session audit logs that include information such as the session host name, timestamps and more
  • Two-factor authentication for all remote log-in operations
  • Recorded sessions, especially for companies that have compliance and auditing requirements
  • Strong log-in credential requirements and the option to require mandated change intervals, password expressions and frequency of password reuse
  • Supports secure persistent connections for access, so no clicking on links or user decisions required

Showing that you care about your customers’ cyber safety with proactive and ongoing education about tech scams, as well as ensuring that your software has the security and transparency features that instill a high level of security confidence, can go a long way for positioning your business as a trusted advisor in the technology space. In the end, the better your customers understand how you and the software you deploy protects them, the more value they’ll see in your services.

Jeff Bishop is general manager of ConnectWise Control. Read more ConnectWise guest blogs here.