Before You Hand Over Your Screen: Protecting CUI During Remote IT Support

Remote support is how most IT gets done now: you click a link, your technician takes control, the problem gets fixed in minutes. It's efficient — and it's also one of the most overlooked ways sensitive data leaks.

The moment you grant remote control, whoever is on the other end can see everything on your screen and, depending on the tool, everything on your machine. If you handle Controlled Unclassified Information (CUI), Protected Health Information (PHI), or personal data, that support session just became a place where regulated data can be exposed to someone who may not be authorized to see it. NIST SP 800-171 cares about exactly this kind of access.

Here's the protocol we use internally before any remote session touches a machine that might hold sensitive data. We call it FIRST HIDE.

First, Hide

Before you approve the remote-control prompt:

• Close or minimize anything containing CUI, PHI, or PII — documents, email threads, spreadsheets, database windows, ticketing systems.
• Clear your screen down to what the technician actually needs to diagnose the problem. If the fix is a printer driver, they don't need your contract folder open behind it.
• Lock away what you can't close. If a system has to stay running, move it to a separate desktop or monitor that isn't being shared.

The goal is simple: the person helping you should see the problem, not your protected data.

Verify Who's Actually on the Line

Authorization isn't just about the data on screen — it's about the person seeing it.

• Confirm the technician's identity through a channel you trust, not just the inbound request. Social-engineered "IT support" calls are a common breach vector.
• Use approved remote-support tools only. Sanctioned platforms log the session; random download-and-run tools don't.
• Make sure the session is logged. Who connected, when, and to what should be recorded — that record is part of your audit evidence.

During the Session

• Stay at the keyboard. Watch what's being accessed.
• If the technician needs to open something sensitive to do the job, that's a decision you make deliberately — not a default.
• End the session cleanly and confirm remote access is fully revoked when it's done.

Why This Is a Compliance Issue, Not Just Etiquette

Under NIST SP 800-171 and CMMC 2.0, you're responsible for controlling who can access CUI and for being able to show that you did. An unmanaged remote-support habit quietly undermines both: data gets exposed to unverified parties, and there's no record to prove otherwise. A short, consistent routine before every session closes that gap — and it costs nothing but a few seconds.

How We Help

Secure remote support is one of the documented practices in the security program we run ourselves and implement for clients. It's a small piece of a much larger picture — access control, monitoring, incident response, and the evidence trail that ties them together.

If you want the written policies behind practices like this, grab our NIST 800-171 Policy Template Pack. To turn them into an operating program, see our CMMC Enablement services or request a callback.