Remote control/remote access solutions offer managed services providers (MSPs) and their clients significant benefits. They allow a technician to take control of a user’s computer remotely to perform maintenance, install applications, troubleshoot problems, or provide training, saving the time and expense of traveling to the client’s location. Remote control solutions can also result in faster, more convenient service and resolution to your clients’ problems.
Before you log onto a client’s computer, however, make sure you’ve spelled out the terms and conditions of the remote services you provide in a remote access agreement.
Put It in Writing
Bob Goldberg, General Counsel for the Retail Solutions Providers Association (RSPA), explains that an agreement is necessary to give an MSP or reseller explicit permission to gain remote access. This consent is usually a part of the maintenance or support agreement that you have with your clients.
Your remote access agreement should state that your organization is responsible for access through the remote connection and that you will limit access only to authorized personnel through security measures and best practices such as:
- Unique passwords for each client: It’s dangerous not to change the default password for a system. If that one — probably weak — password falls into the wrong hands, it could potentially enable a hacker to gain access to all of your clients’ systems.
- Regular password changes: Don’t be complacent if you’ve assigned unique passwords to each client. Remember to change them often, especially if you’ve had staff changes in your organization.
- Multifactor authentication: A password alone isn’t a foolproof way to limit access to a remote system. Goldberg recommends a minimum of two-factor authentication to access a client’s system or computers.
Goldberg says the agreement should also state that your team will only use the remote connection when necessary, and the connection will not remain open longer than needed.
The remainder of the agreement should establish who is responsible for implementing and maintaining security solutions such as firewall and antivirus. If the end user’s employees also use remote access, spell out whether it’s managed through the same system, and who is responsible for controlling access.
Example Agreement Language
Your remote access agreement should also address confidentiality and limitation of liability. We strongly advise consulting an attorney to draft an agreement that is specific to your business and your clients. You may have access to legal guidance through organization memberships. For example, RSPA provides its members with templates, draft agreements, and free consultation with Goldberg as an included benefit of membership.
Goldberg provided a portion of the draft agreement available to RSPA members:
Remote Access. The Company maintains a system which allows remote access to the Client’s POS System (“Remote Access”). Provided that the Client has entered into and is then covered by a _______support plan (the “________ Support Plan”), the Company will allow Remote Access to those persons from time to time authorized by the Client in writing as being allowed to have Remote Access. As of the date hereof, the Client authorizes the Company to allow Remote Access to those persons identified on Exhibit A attached hereto. The Client shall have the right from time to time, upon not less than three (3) days prior written notice to the Company: (i) to authorize the Company to allow Remote Access to additional persons, and (ii) to authorize the Company to prohibit Remote Access to any person which the Client had previously authorized for Remote Access; provided, however, that the Client shall not have the right to limit Remote Access by the Company’s employees. The Company shall have the right from time to time to alter the means for Remote Access, including, without limitation, designating the means of access and user names/numbers and passwords.
Leave No Doubt
With a remote access agreement, both you and your client have a written reminder of the services you will provide, best practices you will follow, and a clear delineation of each party’s responsibilities. The agreement can help prevent misunderstandings — and security vulnerabilities that could arise if one or both parties doesn’t comply with the terms that they’ve agreed to.
Formalizing and agreeing to the terms and conditions of remote access helps to set the stage for seamless service and better customer relationships with your remote access clients.