Tips and tricks for securing your ConnectWise ScreenConnect endpoints

| By:
Anna Morgan

When it comes to protecting endpoints, your customers are relying on you to make sure their connections are secure. Luckily, there are industry tools and programs to streamline the process, such as ConnectWise ScreenConnect™. ScreenConnect offers fast, flexible, and secure remote desktop and mobile support solutions to meet the cybersecurity needs of every industry, simplifying the process of protecting your clients’ endpoints. Of course, taking advantage of all the security benefits of ScreenConnect is easier said than done, but don't worry—we're here to help.

We'll discuss some of the cybersecurity designs and features automatically enabled in ScreenConnect, as well as additional settings you can configure. Keep reading to learn more about effectively securing your endpoints with ScreenConnect.

Getting started with ConnectWise ScreenConnect

Getting started with ScreenConnect in the cloud is easy and secure. First, let's discuss the cybersecurity measures that are already enabled to protect your clients’ endpoints when you create a ScreenConnect cloud instance. Because they are already enabled, these measures should require no further configuration.

  • All ScreenConnect traffic is encrypted with AES-256 block encryption and Rivest-Shamir-Adleman (RSA) provided by the Microsoft RSA/Schannel Cryptographic Provider. These particular implementations of the AES-256 and RSA algorithms have been designated as FIPS-compliant for ScreenConnect servers on Windows. For more information, see Microsoft's documentation on FIPS 140 validation.
  • ScreenConnect cloud instances are secured with a secure sockets layer (SSL) certificate and enabled with an HTTP-to-HTTPS redirect. SSL certificates create a foundation of trust by establishing a secure connection.
  • ConnectWise passed an independent and comprehensive security operations center (SOC) type 2 audit, which covers the security, availability, and confidentiality principles of the AICPA trust services criteria (TSC). These reports are designed to determine the suitability of an organization's cybersecurity systems and processes.
  • ScreenConnect provides login protection against brute-force attacks. If someone enters eight incorrect password attempts within ten minutes, the cloud administrator account will lock. The account will automatically unlock after ten minutes, so you will not be locked out.
  • For more information on automatically enabled cybersecurity measures, please visit our Security Guide.

ScreenConnect administrators can take action to better secure customer endpoints

ScreenConnect administrators can create an even more secure environment for their clients. As an administrator, some actions you can take to protect the portal to your endpoints and prevent unwanted access include:

  • Enabling two-factor authentication (2FA) for all technician accounts. 2FA requires users to submit two forms of identification to access their accounts. This can help protect against stolen passwords.
  • Changing how long a technician can be idle in the portal before they're automatically logged out. This will protect unauthorized access to end-points in the case a technician forgets to log out

Administrators can also take measures to secure the client side of endpoints. Some examples include:

  • Disconnecting a technician from an endpoint after a certain amount of time. As an administrator, you can turn on "lock on disconnect" or "lock on connect," which locks a guest machine when a host disconnects. This will force a technician to enter login credentials when connecting to the endpoint.
  • Allowing the end user to consent to a connection. If the guest refuses control, the host cannot control the machine.

With ConnectWise ScreenConnect, the sky is the limit

While these tips and tricks are a helpful jumping-off point for taking full advantage of ConnectWise ScreenConnect, these are just some of the cybersecurity features available to you. One of the great things about ScreenConnect is that it’s flexible—making it the perfect tool to create an endpoint security process that meets all of your customers’ unique needs.

For even more ideas about how you can secure your endpoints, check out our Security Guide.