Remote Access Tools (RATs) installed on your computers or networks are the leading cause of security breaches today.
What are RATs and how do I know if my computers or networks have them?
How to prevent RATs from getting in?
During the onset of the Covid-19 pandemic, the need to work remotely was something everyone wanted. As essential businesses, veterinary practices remained open but had to change their processes, and we saw a climb in practices requesting remote access for their team members to safely connect to their networks from home. The scramble was on to put in quick solutions that allowed the ability for said staff to assist their veterinary practice without the need of being at the practice. If you were one of these practices, I’d highly advise assuring these tools are reviewed and secured to protect your practice from attacks!
Remote Access Tools (RATs) are the easiest way hackers can gain access to a clinic or hospital computers and network. Many of these tools remain to be in place because the ability to work remotely can assist with employee productivity but also provides a huge risk to the practice if done incorrectly.
There are two main ways veterinary clinics and hospitals can allow remote access. One involves using your firewall to allow a connection from a home computer to your work network. This is often called a VPN (Virtual Private Network). The other is using third party software that gets installed on a computer at the practice and allows access to that computer or server.
VPN – Virtual Private Network – Once the VPN is established the computer that has connected would have access to internal private network resources like file shares, printing, remote connections and sometimes running of the practice management system from a home computer. You may have heard this called a “Tunnel,” as it acts as a private tunnel allowing only this system access into the network.
VPNs that allow a home computer to connect have some major security concerns if not implemented correctly. If that connection is not secured properly, it can be like taking your staff’s personal computer that runs at home and plugging directly into the network at work. Let’s think about that for a second. Would you allow your staff to bring their personal computer from home and allow it to get set up, plugged in, and used as a machine in the practice? We highly advise against that as there are many unknowns about that computers “hygiene” that could comprise your network.
To assure VPNs are secure, we advise you ask your IT (Information Technology) professional the following questions:
Do you have 2FA/MFA enabled for that connection? A user is required to put in a username and password for this VPN connection to work in most cases. However, it is also advised that there is some sort of secondary check that either sends a text message back to that user to confirm they are who they are, or some sort of application that requires this user put in a revolving code that changes every 30 seconds. Usernames and passwords get compromised all the time and using 2FA/MFA reduces the risk of that password leak and allows a hacker access by simply typing in your username and password. Lock down your remote access with 2FA/MFA and ask your IT provider how this can get enabled if not already in use.
Is the VPN only allowing specific access to your private network? Once a VPN connection is established, ask your IT provider what private network access is allowed. This should be very minimal. As an example, we would advise this VPN only allows a remote connection to an internal PC or Server, not the whole network. Only allowing specific protocols is what we call them. Ensure this isn’t wide or it is like connecting that home computer directly to your practice’s private network.
As mentioned above you could be using remote access third party software to allow connections to your computers or server. These are tools like Teamviewer, LogMeIn, Splashtop, RemotePC, Chrome Remote Desktop by Google, AnyDesk, Kaseya, ScreenConnect or something similar. This is software that gets installed on a computer or server and then allows access via a cloud portal or software that makes a connection to that computer.
We highly advise asking your IT provider for a full list of software installed on all computers to start. Ask them to go through this list and identify what software would be considered a RAT (Remote Access Tool). Once you identify that software and wat computer it is installed on, ask yourself: Is this software needed? If that software is NOT needed, then we highly advise it gets removed. Perhaps it was there to allow temporary access but didn’t get removed; in this case removing it will remove your risk.
If the tool IS needed, then let’s refer to the recommendations we made on VPNs above. For instance, we want to ensure that the software is locked down by 2FA or MFA. In this case it’s typically the cloud provider that allows this option and it is highly, highly recommended it gets enabled right away. This again will prevent access to your computers with just a simple username and password. It requires that this user confirms that they are who they claim to be after entering their credentials.
RATs could be in your network, and we highly advise reviewing to ensure they get removed if they are not essential. If they are needed, please lock them down properly with MFA or 2FA. Proper technology hygiene requires that you know what is in your network, how it is being used, and how to safeguard your practice against threats.
It’s a Cat and Mouse game today with IT Security. Let I.T. Guru be your guide!