Hackers are targeting unpatched VPNs (virtual private networks), work-at-home staff and remote employees amid coronavirus workforce shifts, the Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) has warned in an alert.
CISA is urging organizations to implement the following six recommendations if considering telework options:
- Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.
- Alert employees to an expected increase in phishing attempts.
- Ensure IT security personnel are prepared to ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
- Implement MFA on all VPN connections to increase security. If MFA is not implemented, require teleworkers to use strong passwords.
- Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications, such as rate limiting, to prioritize users that will require higher bandwidths.
- Contact CISA to report incidents, phishing, malware, and other cybersecurity concerns.
Read the full article here.