{"id":40579,"date":"2020-05-06T14:49:50","date_gmt":"2020-05-06T10:49:50","guid":{"rendered":"https:\/\/www.msp360.com\/resources\/?p=40579"},"modified":"2023-12-14T11:53:43","modified_gmt":"2023-12-14T07:53:43","slug":"working-remotely-covid-19-raises-the-standard-for-vpn-security","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/working-remotely-covid-19-raises-the-standard-for-vpn-security\/","title":{"rendered":"Working Remotely: COVID-19 Raises the Standard for VPN Security"},"content":{"rendered":"<p>There\u2019s nothing new or especially significant about the remote work concept. Students and employees have been doing it in increasing numbers over the past decade. What changed the game was the recent immediate mass exodus from workplaces and classrooms to home offices or even the living room table as a result of the COVID-19 pandemic.\u00a0<!--more--><\/p>\n<p>While it seems an easy enough matter simply to change the location from which you work and continue on your way, the suddenness with which this recent societal upheaval was thrust upon companies left little time to prepare the necessary cybersecurity processes and protocols properly.<\/p>\n<div class=\"perfect-pullquote vcard pullquote-align-full pullquote-border-placement-left\"><blockquote><p>And if there is one thing hackers have taught us in recent years, it\u2019s that if there is a weakness, they will find it.<\/p><\/blockquote><\/div>\n<p>Thanks to the generalized fear and panic surrounding COVID-19, those inclined to do so have found it a relatively simple matter to take advantage of the at-home workforce who are not schooled in protecting the device they\u2019re working on against common threats.<\/p>\n<p>How can an organization ramp up its efforts to protect sensitive information? We have some ideas.<\/p>\n<div class=\"call-to-action\">\n<div class=\"call-to-action__left\" style=\"width: 45%;\">\n<p><img decoding=\"async\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/03\/Best-parctices-for-IT-teams-supporting-remote-workforce-1.png\" alt=\"WP icon\" \/><\/p>\n<!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper hs-cta-deferred\" id=\"hs-cta-wrapper-1820057a-5e6b-496a-ad3c-460caa910973\" data-portal=\"5442029\" data-id=\"1820057a-5e6b-496a-ad3c-460caa910973\"><span class=\"hs-cta-node hs-cta-1820057a-5e6b-496a-ad3c-460caa910973\" id=\"hs-cta-1820057a-5e6b-496a-ad3c-460caa910973\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/5442029\/1820057a-5e6b-496a-ad3c-460caa910973\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-1820057a-5e6b-496a-ad3c-460caa910973\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/1820057a-5e6b-496a-ad3c-460caa910973.png\" alt=\"CTA\"><\/a><\/span><\/span><!-- end HubSpot Call-to-Action Code -->\n<\/div>\n<div class=\"call-to-action__right\" style=\"width: 55%;\">\n<div class=\"call-to-action__title\">Best Practices for IT Teams Supporting Work-from-Home Employees<\/div>\n<div class=\"call-to-action__text\">\n<p>Read this free whitepaper to learn more about:<\/p>\n<ul>\n<li>How to move your operations out of the office;<\/li>\n<li>Security considerations for remote workers;<\/li>\n<li>Best practices and tools;<\/li>\n<li>And a lot more.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<h2>COVID-Themed Attacks<\/h2>\n<p>The current wave of attacks plays off a remote worker\u2019s fear of the thing that sent them home in the first place, namely, the pandemic. There has been a deluge of fake emails pretending to come from the World Health Organization, with appropriately fear-inducing wording intended to encourage a click that will download malware on to your laptop. Another tactic is to take the identity of a charity organization and go for the click that way.<\/p>\n<p><span class=\"further-reading \">Further reading<\/span> <a href=\"https:\/\/www.msp360.com\/resources\/blog\/coronavirus-phishing-awareness-guide\/\">Coronavirus Phishing<\/a><\/p>\n<p>The bottom line is that people are stressed over the pandemic, not as focused as they should be, and likely to forget the company security training from six months ago on how to recognize and <a href=\"https:\/\/www.msp360.com\/resources\/blog\/social-engineering-prevention\/\">prevent social engineering<\/a> attempts like phishing.<\/p>\n<p>A single wrong click of the mouse and you\u2019ve got malware. And email is no longer the typical avenue of ingress. \u201cSmishing\u201d - a form of social engineering aimed at SMBs who use <a href=\"https:\/\/www.getweave.com\/business-texting\/\" target=\"_blank\" rel=\"noopener noreferrer\">business-to-business SMS messaging to stay connected<\/a> - has seen a steady rise in popularity. Malicious links can be transmitted that way as well, so consider yourself warned.<\/p>\n<p><span style=\"font-weight: 400;\">Even worse, if you\u2019re remotely connected to company resources at the time, you just offered Mr. or Mrs. Hacker a nice, clear shot at taking down the network or at least accessing any confidential data that might be there.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Obviously, companies are concerned about the prospect of a workforce operating outside the secure environment they are used to. Here\u2019s how the smart ones are responding. \u00a0<\/span><\/p>\n<div class=\"call-to-action\">\n<div class=\"call-to-action__left\" style=\"width: 60%;\">\n<div class=\"call-to-action__tag\">FREE ASSETS<\/div>\n<div class=\"call-to-action__title\">MSP\u2019s Assets to Stay Safe from Phishing<\/div>\n<div class=\"call-to-action__text\">Check out our assets that will help you to minimize the risk of a phishing attack, reduce the possible damage and increase the\u00a0security awareness.<\/div>\n<!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper hs-cta-deferred\" id=\"hs-cta-wrapper-a13a0279-a667-42d1-8ecd-608964d3c162\" data-portal=\"5442029\" data-id=\"a13a0279-a667-42d1-8ecd-608964d3c162\"><span class=\"hs-cta-node hs-cta-a13a0279-a667-42d1-8ecd-608964d3c162\" id=\"hs-cta-a13a0279-a667-42d1-8ecd-608964d3c162\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/5442029\/a13a0279-a667-42d1-8ecd-608964d3c162\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-a13a0279-a667-42d1-8ecd-608964d3c162\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/a13a0279-a667-42d1-8ecd-608964d3c162.png\" alt=\"CTA\"><\/a><\/span><\/span><!-- end HubSpot Call-to-Action Code -->\n<\/div>\n<div class=\"call-to-action__right\" style=\"width: 40%;\"><img decoding=\"async\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/06\/Phishing_CTA-1.png\" alt=\"WP icon\" \/><\/div>\n<\/div>\n<h2>Bolstering Remote Security - Key Solutions<\/h2>\n<p id=\"last\">Remember that secure environment we just mentioned? Likely it included an enterprise VPN to encrypt data flow and redirect IP addresses to protect connections accessing the open Internet. Now, the same <a href=\"https:\/\/privacyaustralia.net\/vpn-protocols\/\" target=\"_blank\" rel=\"noopener noreferrer\">enterprise VPN protocols are available<\/a> through most leading consumer VPNs. There\u2019s also a good chance that on-premises security also included a firewall, an antivirus security suite, anti-malware software, and monitoring tools to prevent, locate, and mitigate security threats.<\/p>\n<div id=\"slidebox\"><a class=\"close\">\u00a0<\/a><!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper hs-cta-deferred\" id=\"hs-cta-wrapper-bcfa34a1-273d-49a3-b24f-0878ce601a54\" data-portal=\"5442029\" data-id=\"bcfa34a1-273d-49a3-b24f-0878ce601a54\"><span class=\"hs-cta-node hs-cta-bcfa34a1-273d-49a3-b24f-0878ce601a54\" id=\"hs-cta-bcfa34a1-273d-49a3-b24f-0878ce601a54\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/5442029\/bcfa34a1-273d-49a3-b24f-0878ce601a54\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-bcfa34a1-273d-49a3-b24f-0878ce601a54\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/bcfa34a1-273d-49a3-b24f-0878ce601a54.png\" alt=\"CTA\"><\/a><\/span><\/span><!-- end HubSpot Call-to-Action Code --><\/div>\n<p>But with a suddenly remote force, the IT department has lost control of the carefully constructed and secure environment. From its perspective, every remote employee is now an additional threat vector. To put it mildly, they\u2019re feeling uncomfortable.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-40580\" src=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/05\/VPN-illustration.png\" alt=\"COVID-19 Raises the Standard for VPN Security\" width=\"600\" height=\"450\" srcset=\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/05\/VPN-illustration.png 800w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/05\/VPN-illustration-300x225.png 300w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/05\/VPN-illustration-768x576.png 768w, https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/05\/VPN-illustration-624x468.png 624w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<h3><strong>Reinforce Social Engineering Training<\/strong><\/h3>\n<p>Every employee needs an immediate refresher course on how to avoid phishing traps. It\u2019s a simple education, though harder to follow exactly, due to human nature. The bottom-line requirement is to never click a link in an email or open an attachment unless you know exactly who it came from and were expecting it. See? Easy to comprehend but harder to execute flawlessly, and all it takes is a single lapse to take down an entire network.<\/p>\n<p><span class=\"further-reading \">Further reading<\/span> <a href=\"https:\/\/www.msp360.com\/resources\/blog\/anti-phishing-training-importance-explained\/\">Anti-Phishing Training<\/a><\/p>\n<p>Like the smishing mentioned earlier, social engineering attacks can come from unexpected directions. Some employees are learning new processes for getting paid as a result of working off-site. Was that invoice template <a href=\"https:\/\/www.freshbooks.com\/invoice-templates\" target=\"_blank\" rel=\"noopener noreferrer\">downloaded from a legitimate source<\/a>? If not, be careful. File formats like PDF and documents that were once considered unhackable actually aren\u2019t.<\/p>\n<h3>Prioritize Operations<\/h3>\n<p>Companies need to lock their remote force down and do it fast. Meet with the company decision-makers and establish which parts of the operation are mission-critical and which can be put on the back burner. Focus on the former, and only after they are secured is it time to proceed to the rest.<\/p>\n<h3>Review Remote Security Status<\/h3>\n<p>Then it\u2019s a good idea to assess each employee\u2019s work device (laptop or desktop) and evaluate its security level and threat vulnerabilities. In a perfect world, the company would be able to send each team member home with a device that had already been fortified. Not every organization was ready to do that when COVID-19 hit, so much of the remote force is tending to their daily business with largely unsecured home machines.<\/p>\n<p>There\u2019s a good chance the company will find itself in the position of having to buy a whole lot more licenses for security products in order to replicate that secure environment in dozens, hundreds, or thousands of remote locations. And then you have to worry that people don\u2019t know how to install them properly or at all. The IT staff might be forced into making home visits in order to verify security, though the whole social distancing aspect of the pandemic complicates that task as well.<\/p>\n<h2>Final Thoughts<\/h2>\n<p>Smart employers now have a two-fold mission to protect their remote workforce from COVID-19 on a couple of different fronts. First, of course, is to encourage them to follow local, state, and federal guidelines on how to reduce the chances of contracting the dread disease. Stay home as much as possible. Social-distance when you have to go out. Wear masks.<\/p>\n<p>But then there is also the necessity of maintaining a high alert against those who use the specter of COVID-19 to boost their chances of a successful hack. Companies that suffer compromised networks sometimes end up going out of business. Nobody wants that, so everybody should take security seriously these days.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There\u2019s nothing new or especially significant about the remote work concept. Students and employees have been doing it in increasing numbers over the past decade. What changed the game was the recent immediate mass exodus from workplaces and classrooms to home offices or even the living room table as a result of the COVID-19 pandemic.\u00a0<\/p>\n","protected":false},"author":66,"featured_media":40582,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[877,884],"tags":[],"class_list":["post-40579","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-articles","category-msp-business-articles"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/40579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/users\/66"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/comments?post=40579"}],"version-history":[{"count":1,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/40579\/revisions"}],"predecessor-version":[{"id":56983,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/40579\/revisions\/56983"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media\/40582"}],"wp:attachment":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media?parent=40579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/categories?post=40579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/tags?post=40579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}