Many small businesses rely on outsourced managed services providers (MSPs) to regulate their firewalls, network infrastructure or daily processes. In our golden age of technology, your search for the right MSP might even connect you with a company based in another state. This doesn’t mean that your business is forced to come to a full stop from every IT issue, however.
Even far-off providers can access your devices using remote access controls — the most common of which being Microsoft’s own Remote Desktop Protocol (RDP).
Unfortunately, this incredibly handy tool isn’t always used for good, as cybercriminals have been known to break into devices set up for remote access. Today, we’re going to discuss the steps you can take to safeguard against this threat, from basic operating procedures to how you can ensure your MSP is on top of this issue.
How RDP works
RDP essentially turns your IT person’s laptop into a remote screen through which they can access your local computer and control your device. Basically, this gives remote system administrators the keys to your office.
This, understandably, makes RDP connections a bountiful target for hackers. In fact, the average computer may experience up to 50 RDP probes in a single day.
One common method of probing for RDP passwords is known as a “brute-force attack,” which attempts to guess user RDP passwords in the hopes of sneaking into a remote session. While tools like this are effective, criminals can also simply look you up on Facebook to acquire your birthday or pet’s name in attempts to guess passwords. Furthermore, once they have access to your RDP, they’ll create several administrative accounts so that even if you do change your password, they’ll have backup entry points through which to sneak in later.
Once they’re in, these hackers will encrypt your files and request ransom in order to get your access back. Of course, cybersecurity experts and the NSF suggests you never comply with cyberterrorists, but the stress of having this valuable information stolen from you can lead organizations to make bad decisions.
The victims of these kinds of attacks are almost always small-to-medium sized companies, as cybercriminals bet on smaller organizations having weaker protections in place. Most of the time, they’re right. A study by Sopho found the largest business suffering an RPD attack had 120 employees on staff, but most had 30 or fewer.
How to prevent RDP attacks
- If you’re a Microsoft user, turn off RDP when you’re not using it or if you don’t need it. Remember to check every computer on your network, as RDP can be used to connect to servers, desktops and laptops.
- Use a Virtual Private Network (VPN) for connections outside your network. A VPN requires outside users to authenticate with your firewall before connecting to your network. This means software like your RDP never needs to be directly exposed to the internet.
- Use two-factor authentication whenever you can. This is a tried and true tactic. This way if crooks find or guess your password, it’s useless to them.
- Patch early and often. Updating regularly will close off any known and corrected access points for hackers, so it’s more difficult for them to infect you.
- After an attack, conduct a thorough investigation into what has been changed. Removing malware isn’t enough. Check for added applications, altered security settings and newly-created user accounts.
Switchfast does not open RDP to access our customer systems for our own use. We use a separate and secure remote management and monitoring software which was built specifically for MSPs. We also protect all of our logins with two-factor authentication, a practice we constantly stress to our clients who use RDPs for remote work forces.
If you’re using a third-party IT company and they haven’t already listed the precautions we’ve mentioned above, ask them why? If they don’t have a good answer, maybe they’re not the right people to be looking after your network.
MSPs are valuable resources for helping businesses stay safe, but as we’ve said before, cybersecurity is everyone’s business. Be careful, educate your coworkers and don’t let an RDP for your IT team become a ransomware deployment vehicle for criminals.