A few weeks ago, VPN use was limited, compared to today. Tens of thousands of businesses have moved exclusively to VPNs in the past week posing a unique security vulnerability and opportunity for hackers.
In an alert issued March 13, the Cybersecurity and Infrastructure Security Agency (CISA), a department of Homeland Security, encouraged organizations to adopt a heightened state of cybersecurity during this period.
Security Issues of VPNs
As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors. Virtual Private Networks or VPNs are a virtual “tunnel” that encrypts your data as it is sent from one point to another. Because VPNs act like a tunnel if one end is not secure (your home network), the other side (your business network) isn’t either. This presents potential vulnerabilities to networks that need to remain secure.
Maintain Your VPN Updates and Patches
Additionally, if VPNs are being used 24/7, organizations without managed services or dedicated IT personnel are less likely to keep them updated with the latest security updates and patches. Patches update known security vulnerabilities to maintain security. The longer your VPN goes without updates, the greater the risk for a breach.
Look Out for Phishing
Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords. With log-in credentials, hackers are able to deploy the malware of their choosing or steal vital information.
The report also stated that organizations that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks.
VPN Limitations
Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks.
Alternative Options
If your staff has a desktop computer in the office, but they are at home and only have access to their personal computers and the internet, we recommend using ScreenConnect.
ScreenConnect provides secure remote access for your staff to work on their office computer, from any computer with an internet connection. Your staff can maintain the same desktop experience as if they were in the office, including line of business applications, filesharing, and most importantly security.
ITonDemand can add this service on a per-user/computer basis for only $5/mo. This service can easily be removed once life returns back to normal.
