• Dave Kennedy

I blogged recently (here) about Smartphones not being an ideal remote work device. While the functionality for most aspects of remote access to business systems is there, their is often not practical.

Small Android tablets, and iPads provide many options for devices which have very similar functionality to a Smartphone but with a larger screen. Does this mean they are as impractical for general remote work?

I would say while they might not be perfect, they do provide a more practical / workable options depending on the device.

iPad from the last few years and many of the mid and top tier Android or Chrome tablets have as much if not more processing power than a smartphone and have an equally broad set of work related apps. So why might they be more practical for this purpose?

While some of the same challenges are presented in terms of remote support and centralised management, the ability for a user to handle and work on multiple tasks at once is made much easier. Many current tablets are able to split screen as well as sometimes transmit tasks to an external display while maintaining other tasks on their own screen. Used in conjunction with a smartphone this means communication tasks such as audio, video and instant messaging can be carried out on the phone while productivity tasks can be performed on the tablet

A good example would be:

The soon to be released in Canada, Lenovo Chromebook Duet tablet. Its a 10" tablet, but the screen brightness and resolution make productivity tasks much easier manage than a smartphone. Additionally it has a USB-C Port which can be used to connect an external display. The tablet is priced from $279 (USD) making it a reasonable price for a companion device.

I have other device suggestions that would be my preferred overall options for broad implementation with a user base, but tablets such as this Chromebook Duert would be much more practical than smartphones as remote work devices.

In the last few months I have been asked to look at various options to help customers who would normally be office bound work remotely.

Many ideas have been proposed and some are good ideas, some not so much. With some of this information in mind I thought I would produce a few brief posts about some of the suggestions.

Can a modern smartphone be used as a remote access business client and communication device?

The short answer is "yes", the longer answer is, yes but its probably not a good long term solution, its not for the average user, and difficult to manage and support.

Its certainly possible to create a setup using a smart phone to access many business systems and services.

  • Secure connectivity is possible with VPN services and Apps from Barracuda, Sonicwall, Cisco and others.

  • Apps exist to connect directly to files held on premises or cloud storage.

  • Microsoft Office Applications and Productivity services almost all have Android and iOS clients.

  • Remote Desktop and Remote control mobile equivalent apps both native and 3rd party are reliable and well established.

While all of these things are possible from the device itself, the ergonomics of using a smartphone sized device for hours at a time must be considered. Trying to word process, type long emails or even spreadsheet on the phone screen are entirely possible but are neither comfortable or practical for long term use.

  • Using a Larger Screen: Most modern smartphones can cast / share their screen, "Mirroring" output to an external display or TV, using Chromecast or Airplay. This allows almost anything that can be displayed on your phone to be projected on a connected external display. Many modern TVs have this as a built in feature or a Chromecast or AppleTV Device can be used to allow this type of connection.

  • User Input Devices: Both Android and iOS devices support Bluetooth connection for external keyboard and the selection is very broad and setup is generally very easy. Mouse support is less broad but a Bluetooth mouse can be connected to many Android devices as easily as a keyboard. From iOS 13, iPhone also supports mouse use but the setup does require some very specific settings changes on the phone.

I'm confident on an individual case by case bases it would be possible to set some degree of workable solution up for staff members to connect to their workplace from a smart phone. Unfortunately I don't feel its a very productive solution, multitasking or even switching between tasks would be challenging and accepting a telephone call while working on something critical could have some very undesired effects.

From a management and support point of view things are tricky. Very few mobile devices allow remote control should you need assistance, although many offer remote viewing with the addition of 3rd party apps. If customers and users are using their personal phones there are security aspects to be considered as well as the inconsistency of the user experience and the level of support required.

I'd consider such a setup as something only to be used as a last resort and not something to target as a main or long term solution.

  • Dave Kennedy

Come on a little security concern journey with me. This isn’t very technical. If you use email for business on a basic level, please come along for the ride. It will be useful and may help guide security decisions and bring some perspective to several common risks.

Your website includes a"Meet Us" section introducing members of staff, giving job title, email addresses and direct telephone numbers. A nefarious party might learn contact details useful for Spear Phishing.

Phishing might be the attack approach that is used. It may be via email, or telephone. Often finance related staff are the most common targets. However the information available may allow the process to go further, an attacker may lookup your website address / domain name and determine information about your email service.

A DNS MX Lookup performed against the domain name is easy to perform via one of many tools (eg and will often show the platform directly used by your organisation for email (such as GSuite or Microsoft365).

If Multi Factor Authentication (MFA) has not been employed, in many cases the only information now needed to access an account is the password? How strong are your passwords? How likely are your staff to fall for a Phishing attack?

If an account is being compromised via password attempts, its not a person sitting typing. Its software making attempts from a list of the thousands of most common. Check with HaveIBeenPwnd to see how common your password is.

Once access has been gained to a mailbox most commonly the attacker will add rules to harvest a copy of new email or establish a means of easily monitoring and spy on mail to allow them to insert themselves in an email conversation.

Ways to address this very common concern: * Multi Factor Authentication * Don’t use common or easy to guess passwords * Be vigilant about vetting email * Try and avoid making staff contact details too public.