Remote Vendor Support Options: Overview, Risks and Mitigation

Remote vendor support can be a valuable tool for troubleshooting and resolving technical issues. However, it also introduces potential risks if not handled securely. To assist you in utilizing remote support options while safeguarding your system, we have outlined four approaches below. Each approach is detailed in its respective section to guide you through the process while addressing security considerations

Overview of Remote Support Methods

  1. Recorded Teams Call: Record and monitor a Teams meeting for direct vendor assistance.
  2. Recorded Zoom Call: Use Zoom for recorded collaboration with added remote control capabilities.
  3. Recorded Call with S&T Support: Engage S&T staff for oversight during support sessions.
  4. Remote Desktop Access: Requires an IT support, user must raise an IT Ticket for support.

Users must adhere to S&T’s security policies and ensure proper documentation of all remote support sessions.

Security Considerations

Remote support poses security risks if not managed correctly. Users should:

  • Always record sessions to maintain an audit trail.
  • Avoid sharing sensitive credentials or data during calls.
  • Limit access to only what the vendor needs to perform their task.
  • Monitor all remote actions performed by the vendor.

Understanding the Risks: Remote support is a known vector for cyberattacks and exploitation by bad actors. These risks include:

  • Unauthorized Access: Attackers may pose as legitimate vendors to gain access to sensitive systems.
  • Data Theft: Screen sharing or remote access can expose confidential information if not carefully monitored.
  • Malware Installation: Bad actors may use remote sessions to install malicious software on the system.
  • Account Compromise: Sharing credentials or using weak passwords can lead to unauthorized access.

Mitigation Strategies:

  • Verify the identity of the vendor before initiating any session.
  • Use strong, unique passwords and enable multi-factor authentication (MFA) where possible.
  • Limit session permissions and access scope to the specific task.
  • End remote sessions immediately after the task is completed.
  • Report any suspicious activity to S&T Security Support immediately.

By adhering to these practices, users can ensure a secure and efficient remote support experience.