In an effort to protect employee health and continue serving customers, business owners across the country have rapidly adopted the work-from-home (WFH) telecommuting model, which equips designated staff to remotely log in and access company networks and data files.
While bold, especially for smaller firms, the shift is inherently rife with serious security risks, ranging from unpatched software and leaky wi-fi signals to weak passwords and distracted users. Crooks seeking to capitalize on WFH vulnerabilities have ramped up hacking and phishing attacks by a whopping 37% in just one month, according to InfoSec.com.
To counter these increasing threats, owners and IT teams are reviewing their remote security strategies, looking for ways to harden networks and connections against new waves of malicious assaults. One precaution receiving nearly universal consideration is the Virtual Private Network or VPN.
Effective, Yes. But Proceed With Care.
A VPN accommodates remote and mobile workers by providing secure, simplified access to company networks, systems and data. When used with a computer, smartphone or other Internet-connected device, the VPN acts like a dedicated ‘data tunnel’ that isolates user information from the outside world, encrypting and decrypting it during the connection.
VPNs can also be used in conjunction with single sign-on (SSO) services and outside applications, such as Slack and others. With such protective potential, it’s easy to see why VPN usage in the US has jumped more than 124% during recent weeks of the COVID-19 crisis.
But TeamLogic IT cautions owners eager to deploy a VPN to proceed with care, ideally getting help from an IT Managed Services Provider (IT MSP).
We would also point you to guidance recently issued by the US government’s Cybersecurity and Infrastructure Security Agency (CISA). You can view the full text of their one-page alert on Enterprise VPN security (AA20-073A), which was released on March 13, 2020. Or, get the quick highlights summary below and contact TeamLogic IT today for information and support.
What CISA is Seeing
- Vulnerabilities Identified. As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors.
- Updates Lacking. As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches.
- Potential Connection Limitations. Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks.
CISA’s Suggested Mitigations
CISA encourages organizations to consider the following recommendations to support VPN and network security:
- Device Updates. Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.
- IT Preparedness. Ensure IT security personnel are prepared to ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
- Multifactor Authentication. Implement MFA on all VPN connections to increase security. If MFA is not implemented, require teleworkers to use strong passwords.
- VPN Limitations Testing. Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate limiting—to prioritize users that will require higher bandwidths.
Need Help? We’re Here.
A Virtual Private Network (VPN) can be a prudent and effective addition to your remote security strategy. But as with any cybersecurity solution or upgrade, design and deployment require specialized expertise if you’re to minimize risk and maximize ROI. If VPN is on your radar today or your existing set-up needs an expert review, contact TeamLogic IT today. We’re here for you and ready to help.
Or, grab one of these free and helpful downloads and give us a call:
Small-Business Disaster Survival Guide
Small-Business Cybersecurity Guide