Checking laptop security after remote access
October 5, 2018 12:37 PM Subscribe
I'm doing some freelance work for a (reputable) company. Their IT contractor accessed my Lenovo laptop remotely to set up my access to the portal, webmail, etc. I want to run a security check on the laptop "just in case."
(What's done is done, so please dont tell me it's always a bad idea to allow this.)
For my own record, I recorded and photographed almost everything I could view on the screen while he was working. But if the IT consultant isn't 100% honest, how can I secure my device.
I wasn't pleased that he was unavailable by phone as he worked, and his answer to one question in chat ("What did you need to do in Google Drive?") weren't complete.
What steps can I take to inspect my laptop for potential security issues? For example, would the file that I downloaded and ran for his access still be on my drive, and of concern?
(What's done is done, so please dont tell me it's always a bad idea to allow this.)
For my own record, I recorded and photographed almost everything I could view on the screen while he was working. But if the IT consultant isn't 100% honest, how can I secure my device.
I wasn't pleased that he was unavailable by phone as he worked, and his answer to one question in chat ("What did you need to do in Google Drive?") weren't complete.
What steps can I take to inspect my laptop for potential security issues? For example, would the file that I downloaded and ran for his access still be on my drive, and of concern?
(What's done is done, so please dont tell me it's always a bad idea to allow this.)
It's not really a bad idea, remote access sessions like this happen all the time. Team Viewer, Webex and Zoom are large companies who's entire business model is making remote access easy for large organizations. If you're working as a freelancer for a reputable company, it's pretty unlikely the tech did anything 'in secret' to monitor you or steal data. In my experience, companies are very upfront with you when they do something like this for liability reasons.
For my own record, I recorded and photographed almost everything I could view on the screen while he was working. But if the IT consultant isn't 100% honest, how can I secure my device.
Get something like Malwarebytes and run a scan on your computer. It will report anything that matches up with known malware or scamware. If the tech installed anything, you can likely find it in your "Programs and Features" section of Windows Control Panel. You can sort this list by date and uninstall anything you're not familiar or comfortable with.
posted by Fidel Cashflow at 1:08 PM on October 5, 2018 [2 favorites]
It's not really a bad idea, remote access sessions like this happen all the time. Team Viewer, Webex and Zoom are large companies who's entire business model is making remote access easy for large organizations. If you're working as a freelancer for a reputable company, it's pretty unlikely the tech did anything 'in secret' to monitor you or steal data. In my experience, companies are very upfront with you when they do something like this for liability reasons.
For my own record, I recorded and photographed almost everything I could view on the screen while he was working. But if the IT consultant isn't 100% honest, how can I secure my device.
Get something like Malwarebytes and run a scan on your computer. It will report anything that matches up with known malware or scamware. If the tech installed anything, you can likely find it in your "Programs and Features" section of Windows Control Panel. You can sort this list by date and uninstall anything you're not familiar or comfortable with.
posted by Fidel Cashflow at 1:08 PM on October 5, 2018 [2 favorites]
Best answer: It might help to know the name of the file that you downloaded and ran, to give specific advice about whichever remote access tool they used. If it's TeamViewer, for instance, it is only active when it's running and quitting the app should prevent your computer from being accessible. If they didn't ask for any passwords or view sensitive information while they were remoted in, it's unlikely that they could use your session to gain additional access to your accounts or data. If they ran additional programs while they were remoted in, it'd depend on what specifically they ran or installed to determine whether they left something malicious behind. Seconding a MalwareBytes scan if you're at all concerned.
That said, the company would open itself up to some serious liability if they installed anything destructive or that provided them access to stuff they shouldn't have access to, so unless you're dealing with a really shady outfit (or alternately, a monumentally inept outfit), you're probably okay.
posted by Aleyn at 1:21 PM on October 5, 2018
That said, the company would open itself up to some serious liability if they installed anything destructive or that provided them access to stuff they shouldn't have access to, so unless you're dealing with a really shady outfit (or alternately, a monumentally inept outfit), you're probably okay.
posted by Aleyn at 1:21 PM on October 5, 2018
Ugh - so - my "rule of thumb" is - if the IT organization does not trust me to manage my equipment to work remotely - securely, then - they had better provide their own trusted equipment/operating-system/application-software.
posted by jkaczor at 7:56 AM on October 6, 2018
posted by jkaczor at 7:56 AM on October 6, 2018
Response by poster: Thanks all. I did know about Malwarebytes, and ran it. The IT people continued to be not-great communicators as we finished setting up. But I'm busy with the work now.
posted by NorthernLite at 10:26 PM on October 20, 2018
posted by NorthernLite at 10:26 PM on October 20, 2018
This thread is closed to new comments.
posted by jacobean at 12:48 PM on October 5, 2018