Options for Secure Remote Control

by Steve Yates

The ITS Connection Online Newsletter

Over the last few years many of us have gotten used to working from home. As cyber criminals become more advanced, how should you go about securing your remote access, and block out hackers? Below, we discuss a few options.

ITS Remote Control

We can provide remote control to any PC under ITS TeamCare, or any other PC. Staff log into a web portal, with multi-factor authentication (MFA) provided via email. Since no direct inbound connection is made, all firewall ports remain closed to inbound connections. Staff can print remotely, transfer files, and hide their screen on the office monitor.

Third-party remote control solutions can provide similar features but often cost twice as much and/or have an annual contract term.

Windows Remote Desktop

Microsoft has included Remote Desktop in Pro versions of Windows for a long time now. Remote Desktop allows for printing remotely, and the screen in the office is always hidden. Remote Desktop can also allow accessing the remote computer's disk to copy files, though that part is...not exactly fast. MFA can be provided via a third-party service that sends approvals to a mobile phone app.

While firewall ports must be opened, we recommend access be restricted to staff's specific IP addresses for maximum security. Alternately a VPN (below) can be used. At a bare minimum we suggest limiting inbound connections by country. It is rare but Microsoft has patched security flaws in Remote Desktop.

Through third party services, access can be provided without opening inbound connections to the network.

Open/unrestricted access often leads to locked out accounts (if Windows is set to do that after a specified number of failed logins), and if MFA is not used it is often just a matter of time before an account is compromised.

Google Remote Desktop

Google also has a remote desktop service. It is free but requires the host PC and remote user to sign in to the same personal Google Account. This may not be desirable in a business setting, and is harder to control, as an employee may set it up and later leave the company. Of course, all network login (and other) accounts should always be disabled when an employee leaves!

VPN

A Virtual Private Network can be used in a few ways, such as to allow a remote laptop to access a company network to open files, or to just facilitate remote control. In the latter scenario, the remote device only has access to control a PC in the office and not to access files. This two-step connection would require a hacker to both gain access to the VPN, and also log in to a PC. Optionally, access can be restricted to staff's specific IP addresses to heighten security.

Like anything else, VPN server software must be kept up to date since it is a common hacker target, and any discovered flaws can be remotely exploited to gain access.

Note this usage of "VPN" is not the same as a personal VPN, discussed in our Related Article below.

January 2026

Send this article to a friend!
Subscribe to The ITS Connection

Related articles