How to protect end-user privacy on a remote support session

Most of the available remote support tools address the concept of security from the standpoint of communications and end-users’ computer access. But in a corporate scenario, one more issue must be attended: end-user’s privacy. What if the technician accesses the user’s desktop while they are working on sensitive, confidential data that shouldn’t be available for regular employees?

A typical approach for ensuring end user’s privacy consists on a single prompt for denial/authorization of the access request. However, this one-time verification does not suffice for all the possible remote activities, individuals and scenarios.

With SupportSmith IT Support, we have made sure that the spectrum of situations involving different privacy levels will be handled properly. When dealing with particular situations, IT Managers can now apply specific permission rules for each User / Group.
For instance, the personnel who handle very delicate information need a high privacy level. Does this mean that these users should not be remotely assisted? Not at all. They can be remotely assisted in a secure way through SupportSmith IT Support. Consider these possible settings:
  • Shared Desktop Access Request with prompt. Access denial upon timeout expiration. This setting ensures that the technician won’t get access to the remote user’s desktop unless granted by their response. Whether the remote user denies the request or doesn’t respond (probably because they are away), technician access is denied.
Depending on whether the support session can run unattended or not, two more possibilities are available:
  • Exclusive Desktop Access Request with prompt. Access allowance upon timeout expiration 
    Because technicians are aware of the user logon state (through the SupportSmith Support Manager), they can initiate the remote support session and ask for exclusive desktop access when the user is logged off. Also, in the event of the user still logged on, they will be prompted to grant or deny the exclusive desktop control request. In any case, as the remote control takes place in another Windows session, there’s no possibility of seeing the remote user’s desktop content.
  • Exclusive Desktop Access request always denied. If the remote user wishes to always supervise the support session, the exclusive control option can be disabled. This way, only shared desktop access can be requested.
Additionally, end-users can manually restrict access to their own PC by establishing a user-defined password for remote access or requiring Windows’ log on credentials.

This small example illustrates how different privacy rules can be quickly set to different user groups with as much detail as any company concerned with security and effectiveness will need.


Need Secure Remote Desktop Access software? Contact us. We have a solution for you.