Remote work has become common across many workplaces. Employees working from home use many tools to stay productive remotely, including Remote Desktop Protocol (RDP), but these may introduce new vulnerabilities. While RDP is a helpful tool for remotely accessing company devices, it requires some extra security measures.
One report found that attacks targeting RDP rose 30% in March 2020 as the work-from-home revolution began. Here are a few of the most pressing vulnerabilities with this software you should know about.
Encryption Issues in Earlier Versions At first, Remote Desktop may seem secure because it encrypts all sessions. In earlier versions of the program, though, the encryption method isn’t sufficient by today’s standards, leaving it vulnerable to hackers. A cybercriminal could exploit this weak encryption to use a man-in-the-middle attack and access your session.
This isn’t an issue in Windows 8 and onward, but pre-Windows 8 versions may be vulnerable. Microsoft has released a legacy patch, but many devices, especially those running third-party or open-source versions, may not have this update installed.
Weak Password Practices Like most other programs, RDP is also open to vulnerabilities from unsafe user practices. Weak credentials are a particularly pressing concern, as many users reuse their device passwords for remote RDP logins. This password recycling could let cybercriminals access your system through credential stuffing or a brute-force attack.
Many companies leave password management to their employees. While this makes access easy and convenient, it could also open your devices to attacks through RDP. It only takes one compromised password for a hacker to slip past your defenses.