Send a Tweet
Most Popular Choices
Share on Facebook 24 Share on Twitter Printer Friendly Page More Sharing
Exclusive to OpEdNews:
Sci Tech   

Securing Remote Workers Amid the Pandemic

By       (Page 1 of 3 pages) (View How Many People Read This)   1 comment

Whereas teleworking has been a steadily growing trend in the enterprise ecosystem for years, it is currently gaining extra traction among businesses due to the COVID-19 pandemic. Organizations around the world are increasingly adopting a model where office employees work from home as part of the disease mitigation strategy.

This tactic makes a whole lot of sense in light of the healthcare crisis running rampant, but it also provides malicious actors with additional opportunities to eavesdrop on sensitive communication and infect business networks with such dangerous things like ransomware. In particular, the adversaries are growingly shifting their focus toward the exploitation of VPN services and conferencing software. They are also rethinking the logic of phishing attacks to align them with the "infodemic" and take advantage of people's fears stemming from the unnerving coronavirus stats.

Here are insights into the vectors of cybercrime targeting remote workers and the ways to prevent these raids from affecting your organization.

VPN security comes to the fore

To connect to business IT networks securely and have fully-fledged access to the required corporate data assets, teleworkers typically leverage virtual private network (VPN) tools that safeguard sensitive traffic against interception attempts and other forms of unauthorized tampering. In response to the ongoing boom in the enterprise VPN use for remote work, malefactors are looking for new ways to compromise these services.

On March 13, 2020, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding enterprise VPN security. The federal agency encourages companies to strengthen the security of alternate workplace implementation for their personnel. The officials single out the following risks in this context:

● Since VPN is the fundamental technology that enables secure teleworking, threat actors are busy trying to unearth and target new vulnerabilities in these tools.

● Organizations use VPNs round the clock, and therefore they may fail to apply updates delivering the latest security patches.

● Cybercrooks are likely to send more phishing emails that attempt to hoodwink remote workers into disclosing their usernames and passwords.

● Companies that don't enforce the use of multi-factor authentication (MFA) for establishing remote access sessions are more vulnerable to phishing.

● Organizations typically support a finite number of VPN connections, which means that IT security team members may be unable to do their job properly during periods of capacity congestion.

The paradigm of mainstream teleworking with virtual private networks at its core means that organizations are faced with a single point of failure. By compromising VPN connections, attackers can gain a foothold in a business environment and amass sensitive data.

As the issue is escalating, CISA additionally lists mitigations for strengthening enterprise VPN security. According to the official advisory, organizations should adhere to the following practices:

● Keep VPNs and network equipment up to date. The same applies to devices used by employees for connecting to work environments remotely. This will ensure that the latest software patches and security configurations are in effect.

● Inform the personnel about the expected growth of phishing attacks.

● Ascertain that IT security teams are all set to perform critical tasks related to remote access security such as attack detection, log analysis, as well as incident response and recovery.

Next Page  1  |  2  |  3

(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).

 

Rate It | View Ratings

David Balaban Social Media Pages: Facebook page url on login Profile not filled in       Twitter page url on login Profile not filled in       Linkedin page url on login Profile not filled in       Instagram page url on login Profile not filled in

David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on contemporary information security (more...)
 
Go To Commenting
The views expressed herein are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.
Writers Guidelines
Contact AuthorContact Author Contact EditorContact Editor Author PageView Authors' Articles
Support OpEdNews

OpEdNews depends upon can't survive without your help.

If you value this article and the work of OpEdNews, please either Donate or Purchase a premium membership.

STAY IN THE KNOW
If you've enjoyed this, sign up for our daily or weekly newsletter to get lots of great progressive content.
Daily Weekly     OpEdNews Newsletter
Name
Email
   (Opens new browser window)
 

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

Securing Remote Workers Amid the Pandemic

To View Comments or Join the Conversation: