The Cyber Security Department of the Ministry of Homeland Security USA (DHS) published some tips on how companies can secure their VPNs as more and more governments around the world constitute work from home in view of it pandemic of the Koronai COVID-19. As companies choose to implement teleworking, the CISA encourages them to enhance their cybersecurity, as they are likely to hackers take advantage of teleworking to perform malicious attacks.
As more and more employees tend to use their company's VPN while telecommuting, hackers are looking for opportunities to exploit any vulnerabilities security corporate VPNs, which are less likely to be set up in a timely manner if the work is done around the clock.
CISA also points out that hackers may increase cyber attacks significantly Phishing to steal credentials home users at the same time that companies have not yet implemented multi-factor authentication (MFA) for the most exposed remote access. In addition, companies may have a limited number of VPN connections, beyond which no other employee can telework. This increases the chances for companies, including the IT department, to have trouble coping with cyber security issues.
For this reason, CISA proposes some tips for companies considering teleworking for their employees due to the COVID-19 coronary syndrome:
- Keep your VPNs, network infrastructure devices, and devices used for remote tasks up-to-date by implementing the latest newsletters and updates settings security.
- Inform employees of a possible increase in malicious activities, such as online phishing.
- Ensure that IT staff is ready for remote file overview, attack detection and recovery.
- Apply Multi-Factor Authentication (MFA) to all VPN connections and motivate employees to set strong passwords in order to reduce the risk of falling victim to malicious attacks.
- Check the limits of the VPN infrastructure when preparing for bulk use and take steps, such as limiting connection rates, to prioritize users who need higher bandwidths.
As part of teleworking, one of the tips CISA proposes to companies is to review what DHS proposes on how to secure network infrastructure devices, avoid social engineering and phishing attacks and password protection option, and the National Institute of Standards and Technology gives instructions on corporate teleworking and BYOD (Bring Your Own Device) security.
Its cyber security service DHS had previously warned companies to protect and enhance their Pulse Secure VPN servers to reduce the chance of being victimized by attacks aimed at exploiting the vulnerability of remote code execution (RCE) Located as CVE-2019-11510.
In the meantime, the FBI said state-backed hackers have breached the networks of a US entity and a US government by exploiting servers vulnerable to exploits of vulnerability CVE-2019-11510.
CISA also published information on how companies can protect themselves against hackers exploiting the COVID-19 Koronai for cyber fraud.
Finally, the MicrosoftThe Google, LogMeIn and Cisco have announced that they offer remote work tools as well as other facilities so that those who are required to work from home due to the Coronation can participate in virtual meetings and talk to their colleagues while working remotely.