According to a Reuters report, in February 2021, “Hackers broke into the computer system of a facility that treats water for about 15,000 people near Tampa, Florida and sought to add a dangerous level of additive to the water supply…. The hackers remotely gained access to a software program, named TeamViewer, on the computer of an employee at the facility for the town of Oldsmar to gain control of other systems.” Later updates, including one from PCMag, reported that contributing factors may have included a shared password and an outdated version of Windows.
Questions & Answers
What does Splashtop do to help ensure secure remote access?
Splashtop is a remote access solution designed to enable employees to remotely access their office computers while working from home or on the road. Here is how Splashtop prevents unauthorized parties from gaining access to company computers and sensitive information:
- Intrusion protection – Splashtop utilizes intrusion detection and defense mechanisms for its production environment running 24×7. Splashtop adheres to industry best practices when building its Cloud application stacks to ensure security is enforced and instances are fortified.
- Remote access app security – To keep your endpoint devices secure, Splashtop leverages multiple levels of security protection, including device authentication, two-factor-authentication, and security codes.
- Secure remote connections – All remote sessions are protected with TLS (including TLS 1.2) and 256-bit AES encryption.
What are some best practices Splashtop users can follow to prevent issues like this from happening to them?
Here’s how Splashtop users and account administrators can keep their computer assets, network, and data safe:
- Update your computers to the latest version of its operating system (e.g., Windows 10).
- Integrate your single sign-on (SSO) tool with Splashtop
- If your organization does not have SSO, use strong passwords along with multi-factor authentication to protect your Splashtop accounts.
- Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
- Audit network configurations and isolate computer systems that cannot be updated.
- Maintain and monitor audit logs for all remote connection protocols.
- Train users to identify and report attempts at social engineering.
- Identify and suspend access of users exhibiting unusual activity.