Warning issued to adopt a heightened state of cyber security when facilitating home working
- Details
- Published: Wednesday, 18 March 2020 10:10
CISA, the US Cybersecurity and Infrastructure Security Agency, has issued an alert to encourage organizations to adopt a heightened state of cyber security when implementing teleworking in response to COVID-19.
‘AA20-073A: Enterprise VPN Security’ highlights the following cyber security considerations regarding telework:
- As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors.
- As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches.
- Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords.
- Organizations that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks.
- Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks.