Skip to main content

NSA issues cybersecurity guidelines for remote desktop users

remote desktop
(Image credit: Shutterstock / fizkes)

The number of cyber attacks has steadily risen in recent months, as more and more businesses adopt work-from-home procedures in an attempt to maintain productivity while respecting quarantine orders and social distancing.

In response to this threat, the US National Security Agency (NSA) has released a series of telework guidelines, emphasizing the importance of end-to-end encryption and other security measures.

The NSA is not the first to give guidance on dealing with security risks when using remote desktop software. In April, Microsoft posted instructions for protecting against cyber attacks when using its Remote Desktop Protocol (RDP), one of the most popular remote access solutions worldwide. 

Remote desktop security

The NSA publication offers users criteria for both selecting and using secure remote desktop software. According to the guidelines, the most secure solutions will implement end-to-end encryption with well-tested standards, validate users’ identities through multi-factor authentication, and allow for controlling exactly who connects to collaboration sessions. 

Additionally, users should take into consideration the privacy policy and transparency of any remote access tool being used. Businesses will want to double-check whether a vendor’s policy allows for the sale of information to third parties, and whether sensitive information can be securely deleted from its servers. 

The NSA’s assessment of popular remote access tools like Cisco Webex, Signal, and Microsoft Teams show that no one service meets all the requirements. The two that come closest, Signal and Wickr, lost points for not having undergone third-party auditing, although both have released their source codes to the public. 

Ultimately, businesses will have to decide for themselves which security features are most important, using the NSA guidelines as a starting point.