Working remotely has become increasingly more common as the coronavirus continues to spread throughout the world. To reduce the impact of this COVID 19 pandemic and protect their workers, employers are moving their office environments to remote work, which is making the VPN functionality serve as the company’s lifeline against hackers.
As cybersecurity risks significantly increase due to organizations shifting to remote work, it is essential to make sure corporate VPNs are up to the challenge of supporting a large remote workforce by confirming they are upgraded to the most current version.
A VPN connection is an encrypted tunnel that protects the information being passed between the two sites. Without using a VPN, an attacker can snoop in and listen to the exchange of information between your computer and the intended destination. This can be especially dangerous on shared networks, like public WiFi, as an attacker can intercept sensitive information and user credentials. Simply put, a VPN provides you privacy and security that you would not normally have without it.
VPNs are typically designed to be used by a smaller group of employees rather than an entire company, often taking the back seat on being updated due to the associated downtime. As we have seen over the past couple of weeks, VPNs specifically are a target for malicious actors and there are publicly known vulnerabilities, which is why it’s now more important than ever to up the security for your VPNs.
One of the best ways to secure your VPN is through multifactor authentication. In light of the pandemic, we have seen an increase in phishing attacks targeting VPN’s. By enabling multifactor authentication, you are adding an additional layer of security that helps to significantly secure your VPN. If MFA is not an option for your organization, creating strong, unique user passwords should be required.
There is an increase in VPN traffic that IT staff now need to monitor and making sure that they are up to date on the latest patches will help to secure VPN access.
For information on what needs to be patched, visit https://cve.mitre.org/, then selecting “Search CVE List” in the top black banner. You can search for a specific vendor product and find all known vulnerabilities. Inside of the CVE, if known, the site provides references to the vendor’s advisories which usually has patching/mitigation information.
While VPN’s play a big role in security of remote working, you should not rely on it as your only source of security. VPN’s should be part of your security toolkit in addition to managed endpoint and gateway protection, security awareness, and more.
For more information on how you can make sure your VPN is currently updated and managed properly, check out our checklist here.