The ITenvironment in today's financial services industry has becomehighly distributed, with branch offices and remote workers spreadacross thousands of miles and systems ranging from servers tomobile devices to kiosks.

This can be a tricky environment for any organization to manage,but credit unions often face additional challenges. Unlike theirlarger counterparts, many of them have limited resources that canonly support a small IT staff.

Remote support technology can be a useful way to address thisissue, however, without the proper security considerations someremote access tools can inadvertently open organizations up to databreaches.

According to the 2013 Trustwave Global Security Report, remote access orremote desktop services are a leading vector through which hackersare infiltrating networks. While banks and credit unions are notthe most frequent companies targeted by hackers, their directaccess to account information certainly makes them an attractivetarget.

In light of these variables, historically, it has not beenuncommon for credit union IT departments to shy away from remotesupport. However, technology has evolved to ensure remote access issecurely implemented, enabling credit unions to operate moreefficiently, do more with less, and meet the increasing customerdemand for seamless delivery.

There's no doubt that enabling IT to remotely access computersand other corporate systems leads to faster and more efficientissue resolution. Reps can be centrally located and the need foronsite branch visits is removed so they can begin addressing issuesright away without the added cost and system downtime of having totravel to the affected site. If the frontline technician is unableto find a resolution, he or she can up level the ticket to a moreexperienced colleague who again, doesn't have to physically go tothe machine.

The key to securing remote access is the ability to control theparameters of that access. By limiting what each individual IT rephas access to, credit unions can eliminate a number of thevulnerabilities associated with legacy remote access tools such asVNC or RDP. This process starts with multi-factor authenticationand unique log-in credentials which enable organizations to ensurethe person logging into the system is who they say they are.

It's not enough just to require multi-factor authentication,companies should also set permissions so that reps don't have allor nothing access. Organizations need to take a tiered approach toremote access that will enable them to control which specificsystems an individual rep is allowed to access. Thus, full accessmight only be granted to select high level IT managers and limitedaccess would be granted to others that only need to address selectsystems.

In addition, the amount of visibility credit unions have intowhat is happening remotely plays a vital role in the securityecosystem. Once an organization has locked down who has access towhat, they still need the ability to see and record what thoseindividuals are doing when they access systems and devices. A keycomponent of this is ensuring that remote access tools are equippedwith session recording and audit capabilities. This enablesorganizations to look for potentially malicious activity while alsoproviding a means to quickly source and resolve issues that mightarise.

Modern remote access solutions also enable credit unions to reapthe efficiency gains engendered by mobility among IT departmentsand end users alike. When reps can tackle service requests viamobile devices it enables them to fix issues wherever they may be.Organizations can add an additional layer of security by settingparameters around how reps can remotely access devices and systemsfrom the mobile platform.

For example, enabling access only when the device is connectedto the corporate WiFi or a select group of networks. Employees canutilize the benefits of mobility knowing that issues that arise onthe go can quickly be addressed whether it's a sales execpresenting from his tablet or the CEO encountering emailconnectivity issues while traveling. If the remote access ishandled via a device behind the credit union's firewall, theinformation stays secure while meeting the industry's varioussecurity and compliance regulations.

Securing third party access is another benefit of modern remotesupport solutions. Service providers, contractors and otherexternal groups often need access to credit unions' corporatesystems to conduct essential business and IT operations. Withoutthe proper controls, this access can be difficult to monitor andcould unintentionally open the door to hackers as was the case withthe massive Target data breach late last year.

However, with the proper means of remote access, third-partyvendors can be managed with the same security measures implementedfor internal IT reps. For example, limiting their access to onlycertain systems, and also setting time parameters around when theaccess can be utilized. Credit unions can also draw on their remoteaccess solution's recording and auditing capabilities to have arecord of what third parties are doing when they access thecorporate network and systems.

It's true that many credit unions may never have the IT budgetor resources of their larger competitors. However, by implementinga modern remote access solution with the security functionalitiesoutlined above, even the smallest organization can reap efficiencyand productivity benefits while ensuring that security is apriority.

Boatner Blankenstein is senior director of solutionsengineering at Bomgar. He can be reached at [email protected] or 601-607-8219.