ScreenConnect Certificate Rotation: What SMBs Need to Know—and Do

What would happen if someone used your trusted IT tools against you? A recent move by ConnectWise highlights just how quickly business technology can become a risk if not actively managed. On June 5, 2025, ConnectWise announced they’ll rotate the digital code signing certificates for their popular ScreenConnect, Automate, and RMM products—responding to security concerns flagged by a third-party researcher (The Hacker News, 2025).

But what does this technical update really mean for your business, your IT operations, and your bottom line?

Why This Matters for SMBs

If your business relies on ScreenConnect, ConnectWise Automate, or any ConnectWise RMM solution, this certificate rotation isn’t just another IT update—it’s about preventing cybercriminals from exploiting digital trust. Code signing certificates are like virtual seals of authenticity: they assure your systems the software you install is safe and untampered. If an attacker gets access to a compromised certificate, they could potentially deliver malware disguised as a legitimate update or app.

• Business Risk: Out-of-date certificates can leave a backdoor open for attackers.
• Operational Impact: Interrupted remote support, patch deployments, or system monitoring if updates aren’t handled smoothly.
• Reputation & Cost: A compromised IT supply chain puts customer data, business continuity, and cash flow at risk.

Note: In 2023, the average cost to remediate a supply chain attack was $4.63 million (IBM, 2023). Even for smaller companies, hidden IT vulnerabilities can quickly add up in downtime and lost trust.

3 Key Takeaways for SMBs (Act This Month!)

1. Verify Your Remote Access Tools Are Up to Date. Ensure you’re running the latest versions of ScreenConnect, ConnectWise Automate, and any other ConnectWise tools. Vendors often roll out critical updates silently—don’t assume auto-update is on.
2. If You Manage IT In-House, Confirm Certificate Updates Are Applied. Assign responsibility to review vendor security bulletins and verify new certificates are in place. Unpatched tools are a prime target for attackers.
3. Revisit Vendor Risk Management. Do you have a process for tracking essential software changes and supplier security alerts? If not, create one—and communicate updates to all system users and IT stakeholders promptly.

Wondering if your tools or processes make you an easy target? Get clarity with a fast, no-pressure security consult from BoltWork.

How Certificate Management Simplifies, Secures, and Reduces Costs

This incident is a timely reminder: strong IT hygiene does more than prevent cyber incidents. By proactively managing updates, certificates, and security alerts, you:

• Simplify compliance audits and client trust requirements
• Secure your digital operations—reducing risk exposure
• Reduce costs tied to downtime, remediation, and insurance premiums

The good news? Certificate rotations like ConnectWise’s are proof that mature vendors are listening and improving. But it’s on each business to ensure those improvements reach their own environment.

Next Steps for Forward-Thinking SMBs

• Work with your IT partner to validate all remote monitoring and management tools are patched and certificates are current.
• Document—and communicate—a simple monthly process for checking major vendor security news.
• Evaluate your “digital supply chain”—from remote support tools to backup solutions—for risks linked to software authenticity and update management.

If you’re unsure or understaffed, BoltWork clients get all these basics—certificate checks, vendor alerts, and scheduled security reviews—built-in. Book a 15-min security consult to see where you stand.

References

• The Hacker News. (2025). ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks.
• IBM. (2023). Cost of a Data Breach Report 2023.