Think you have secure remote access – it might be time to think again!

Providing staff with the convenience of remote access is an everyday essential when it comes to boosting productivity, but all of these benefits can easily be wiped out if it compromises the security of your organisations systems and data. In his latest blog, the cyber-security expert, Graham Cluley, reveals that one of the most popular remote access tools – Outlook Web App (OWA) – has been ‘backdoored’ in a malicious attack on an unnamed company. The ramifications of the attack means that employees’ OWA usernames and passwords and more importantly what they provide access to, could be compromised.

For many organisations, remote access has presented a perennial challenge, balancing system security with user convenience. Make the login process too convoluted and employees will shy away from using it, limit what can be accessed impacts productivity, and using a username and password makes systems vulnerable.

Traditionally, for those who could afford the initial capital and ongoing operational expense, the standard option was to roll-out hard-tokens for strong two-factor authentication. This is a very expensive option and certainly one that the vast majority of SME organisations and larger enterprises for that matter, couldn’t and shouldn’t entertain. But cost is just one (albeit major) issue. The law firm Taylor Wessing had trialled hard-tokens, but they proved to be extremely unpopular with its partners, who did not want to carry them everywhere. In another trial, tokens on a mobile device were used and whilst they received a warm reception, the particular solution used caused headaches when partners travelled overseas causing the token to fail. A particular issue for an organisation with 26 offices around the world.

The solution for Taylor Wessing was the PINgrid authentication solution from Authlogics, which can be used as a soft-token in both 1.5 and 2FA environments. Crucially it does not require the mobile device upon which it is installed to be connected. This approach was also taken by Liverpool Heart and Chest Hospital, an NHS Foundation Trust and its IT Operations Manager, Matt Connor commented that: “The 1.5FA approach offers the perfect fit for a BYOD strategy. It means authorised staff can get fast and secure access from any device anywhere and our systems are fully protected at all times.”

Implementing 1.5 or 2FA for remote access in this way removes the reliance on passwords as a security measure and that means that the likelihood of a successful attack such as the OWA example can be mitigated significantly. What is more, it opens up opportunities for organisations of all sizes to provide not just remote-access but secure and convenient remote access for all who need it.