The ongoing global pandemic has resulted in organisations all over the world urging employees to stay home and work remotely in order to reduce the risk of workplaces falling victim to the highly transmissible COVID-19 outbreak. Organisations have had to rapidly adopt solutions that enable employees to telework, but most importantly telework securely, often via a VPN.
What is a VPN?
One of the primary technologies that enable remote working is the use of a virtual private network, or VPN. VPNs allow remote systems to establish a secure connection to the organisation’s internal network. Once established, the systems connected to the VPN act exactly as they would if they were connected in the office directly to the network. This allows remote workers access to internal file servers, intranet web pages and any other internal service they may require to complete their work.
Potential Vulnerabilities
VPNs are an excellent tool and are also often used to establish secure links between physical sites over the public Internet. However, they are also very vulnerable to cyber-attack, especially if the VPN is poorly configured or uses weak security features. With the large number of remote workers amidst the COVID-19 outbreak, malicious actors have set their sights on weak VPN servers that use poor encryption, as well as directly targeting employees in phishing attacks to gain access to their VPN credentials.
The rush to roll out VPN solutions for remote workers has increased the possibility of overlooked security. An existing system may be outdated, configured with weak encryption protocols, or lack the use of multi-factor authentication (MFA). It is possible that the VPN is not regarded as a particularly vulnerable area of the network, and no matter how strong the security of the internal network is, a weak VPN compromises the entire network.
Another consequence of the rushed rollout is a lack of employee training on best security practices when using a VPN. Employees may mismanage their login credentials or fall victim to a phishing attack. Every possible attack vector must be considered, because a weak VPN can present an attacker with a large hole straight into the internal network.
How to ensure your VPN is secure
To reduce the attack surface, it is critical that the software and host system is up to date, and that the latest and most secure security features are used, such as strong ciphers and key exchange protocols. Most importantly, it’s essential that multi-factor authentication (MFA) is implemented. This ensures that even if an employee’s credentials are compromised, an attacker cannot gain access to the network without the second authentication method. It is also extremely important that users are properly trained on how to use the VPN securely, but also how attackers may attempt to steal personal information and credentials.
Our consultants here at Agilient are subject matter experts when it comes to strong network security and security policy, which is extremely important when rolling out large-scale solutions that many organisations around the world are in desperate need of. We specialise in helping organisations implement secure security solutions that are customised to fit their needs and requirements. If you’d like to learn more about how Agilient can help, contact us today.
Author: Jack Schofield