Brute-Force Attacks: Fight Back with Education, Remote Support

Brute-force attacks can be IT security provider nightmares. Automated software allows would-be data thieves to make consecutive guesses–millions in just seconds–and, through trial and error, crack into passwords and other encrypted data.

What can you do? Fight back against digital thieves with user education and by enabling these security features in your remote access and support software.

Ad hoc remote support sessions offer a subtle opportunity to include some helpful cybersecurity advice. If there’s no time to talk with your customers while they’re on the line or chat, consider sending a follow-up email to the user recapping what took place during the session and offering helpful suggestions for preventing the issue in the future.

By following these simple suggestions, you can better protect your team–and your users–from brute-force attacks and other cyberthreats.

Customer Education

First, take the time to educate your users. Walk them through repairs during a remote support session. Offer insight, encourage them to look for red flags and give examples of what to do (or what not to do).

If the people you support are more aware of the benefits security measures and more tech-savvy in general, they’ll be less susceptible to remote support scams and other traps laid by cybercriminals, ultimately making your job easier.

When you create user logins, set up additional requirements that make them change their password after the first login so they aren’t using a default password. If you experience pushback from your customers, remind them that the longer and more complex the password is, the longer it will take to crack. Discourage the use of birthdays, addresses, pet names and other common password missteps, too.

Taking the time to impart some wisdom or offer helpful suggestions can further position your business as a trusted security adviser and likewise boost customer satisfaction with your service delivery.

Remote Support Security

Remote access software worth its salt should allow your team to configure lockout passwords after a certain number of failed attempts. Doing this can effectively prevent an attacker from being able to continue their attempts to guess a password and gain access to private accounts.

Another method you can employ to lock down your remote support software is IP address restriction. This prevents others from accessing the login page from unauthorized IP addresses, and can even block certain IP addresses if there’s an existing range of known IP addresses that pose a potential threat.

This puts safeguards in place that eliminate outside access by restricting access to only the IP addresses you authorize.

Multifactor Authentication

Multifactor authentication (and its popular subset, two-factor authentication [2FA]) is a preventative method that employs a combination of answers to something you know, something you have, something you are prompts to authenticate access into a system.

Enable 2FA in your remote support software and encourage your users to opt into this effective security measure whenever they’re offered the option to do so. Yes, it takes a little bit longer to get into an application and you might get some pushback from your users about that.

Foster a better understanding of how this fends off hackers from cracking the codes and accessing sensitive data. An extra step or two is all it takes to throw them off. After all, you want to put as many stumbling blocks in the way of a cybercriminal as possible, right?

Authentication is a powerful and reliable line of defense that will keep you breathing easier. And at the end of the day, putting these measures into play against brute-force attacks will reinforce your expertise and credibility and reassure your customers that you’re behind the scenes fighting digital bad guys, saving the day and showing them how to stay safe.

Jeff Bishop

Avatar photo

Jeff Bishop

Jeff Bishop serves as the Vice President of ConnectWise Control, and has worked with the company since its initial launch in 2009, under then parent company Elsinore Technologies. Prior to that, Jeff was a field service engineer for Machine Vision Technology (MVT) out of Dublin, Ireland. MVT was later acquired by Agilent Technologies, where Jeff was the product manager for the automated optical inspection product line. Jeff's extensive experience includes sales, marketing, engineering, documentation, product management and more. He earned a bachelor's degree in mechanical engineering from North Carolina State University.

jeff-bishop has 1 posts and counting.See all posts by jeff-bishop