This week, more cities instituted stay-at-home orders to prevent further spread of COVID-19. These protocols have forced most companies to implement remote work programs with little time to prepare. At the same time, companies with existing remote workforce programs are now dealing with the demands of a 100% remote workforce, stressing systems and putting security controls to the test as staff conduct daily operations outside of the local area network (LAN).
VPNs and Security
The increasing number of employees working from home has led to the rise of virtual private network (VPN) usage, as companies must provide a secure way for employees to access networks. Because VPN is a critical technology currently used by the majority of employees to send and receive data, its availability is the top focus for most IT teams.
As VPNs provide the backbone for remote work, it’s essential that the VPN service is patched and updated to prevent cybersecurity threats and vulnerabilities. A recent security bulletin published by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) highlights VPNs as one of the primary targets for malicious cyber actors and encourages companies to adopt a heightened state of cybersecurity.
VPN is just one way to secure your remote workforce. To learn how to defend your company from a myriad of threats, read our blog post on the importance of layered security.
Questions to Ask
- Does your organization have secure VPN availability?
- Does your staff have adequate Internet access at home?
- Is your corporate Internet bandwidth sized for increased VPN access?
- Are your employees equipped with corporate mobile devices?
- Does your phone system support a remote workforce?
COVID-19 and Increased Cybersecurity Threats
Companies are also facing cybersecurity threats like ransomware, phishing, and malware. Companies that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks as well. It’s important to exercise caution as emails with malicious attachments or links to fraudulent websites related to COVID-19 are increasing. In addition, employees should also make sure the IT support group that is reaching out to provide support is truly legitimate and not someone pretending to be your IT support team.
Tips for a secure remote workforce
- Require the use of a VPN for secure connections.
- Do not permit the use of personal devices, as they lack security controls to prevent ransomware and virus activity from infecting the corporate network.
- Protect the endpoints. Ensure all software is current and continually updated.
- Leverage tools such as malware scanners, firewalls, and VPNs to maintain security.
- Provide remote worker training to understand the best practices to prevent cybersecurity threats and vulnerabilities.
- Enable and require multi-factor authentication for all remote connections to your network.