The Cybersecurity and Infrastructure Security Agency (CISA) is advising people to pay attention to the security of VPN networks. The U.S. government organization is warning about this in the wake of the coronavirus outbreak.
Because of the pandemic, more and more people are working from home. Employees connect to the corporate network via VPN. Consequently, CISA expects more vulnerabilities in such products to be found and attacked as well.
"Since VPNs are 24/7, organizations are less likely to keep them up-to-date with the latest security updates," CISA states. Also, malicious actors are more likely to launch phishing attacks on home workers to capture their usernames and passwords. "Organizations that do not use multifactor authentication for telecommuting are more vulnerable to phishing attacks," the CISA said.
Another risk is companies and institutions that only have a limited number of VPN connections. As a result, not all employees can work from home. This reduced availability can affect the performance of work by IT security personnel, according to CISA.
CISA recommends that organizations keep their VPN solutions, network equipment and home worker equipment up-to-date. Staff should also be alert to an increase in phishing attacks. Another recommendation is to use multifactor authentication for all VPN connections. IT personnel should test possible VPN limitations and make adjustments so that home workers with greater bandwidth needs are prioritized.
This news item can also be found in the Coronavirus dossier
