US government issues guidance on enterprise VPN use

As the ongoing coronavirus outbreak has led many organizations to allow their employees to work from home, the Department of Homeland Security’s cybersecurity agency has shared a list of tips on how to properly secure enterprise VPNs in a new alert.

In its alert on enterprise VPN security, the Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations to adopt a heightened state of cybersecurity in these uncertain times.

Due to an increased number of employees using their organizations’ VPNs to work remotely, cybercriminals will likely focus their attacks on VPN security flaws. The reason for this is because organizations will be less likely to keep their VPN software regularly updated, especially when employee work schedules will be spread around the clock.

The CISA also warned that cybercriminals may launch additional phishing attacks in an attempt to steal the users credentials of employees working from home and that organizations that haven’t implemented multi-factor authentication yet, are the most at risk.

Boosting security while working remotely

The CISA has laid out a number of mitigation measures organizations that are currently allowing their employees to work remotely or considering doing so can take to protect themselves.

However, the most important of which is keeping VPNs, network infrastructure devices and other devices used for remote working up to date by applying the latest patches and security configurations.

The alert also recommends that organizations notify their employees of an expected increase in phishing attempts.

Enabling multi-factor authentication on all VPN connections and requiring employees to use strong passwords are other ways that organizations and employees can stay safe while working remotely.

The next few months will certainly be challenging for all businesses but by taking the necessary steps now, organizations can ensure that their remote workers stay productive and secure.

  • Also check out our complete list of the best VPN services

Via BleepingComputer

Source Article