US CISA warns remote workers, ImageQuest

Make sure your employees working from home use an up-to-date Virtual Private Network (VPN) to connect to the office.

Require your workforce to use an authentication app, such as Duo, Authy, or even Microsoft or Google.

And make sure they’re on alert for phishing scams.

That’s advice from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) for organizations sending workers home during the COVID-19 pandemic.

VPN – In an alert the agency issued as millions of workers stayed home, CISA warned that some unpatched VPNs could have a vulnerability that allowed hackers to steal log-in credentials.

The agency warned last year that some popular VPN services stored log-in credentials insecurely in part of the VPN memory. A hacker could find those credentials and use them to steal information intended to be protected by VPN encryption. In January, CISA noted that some VPNs still had this vulnerability.

In addition, the stress on VPN services with a multitude of people trying to use them could result in bandwidth limits or crashes, CISA warned. A worker frustrated by the VPN not working and facing work deadlines might try to skip the VPN and log in anyway.

Authentication – Criminals are actively trying to steal credentials over less-secure home working environments. Requiring workers to use authentication software would reduce the risk of business data being stolen. Last week Microsoft said  99.9% of compromised accounts they see did NOT have authentication.

Phishing – Criminals also are using fake coronavirus news sites and other methods to steal money and credentials. They may send requests for donations to fake coronavirus charities, or they may pretend to be the boss back at the office, demanding a worker send payment on an invoice.

Our colleagues at KnowBe4 posted examples of some well-done fake COVID-19 emails and links that are worth a look. If workers are seeing these kinds of emails, they should ALWAYS double-check the actual link address before clicking. You do that by hovering over the link to view a pop-up box showing the actual address.

CISA also warned that IT teams could be so busy trying to make work-from-home happen, they might miss other network activity suggesting malware or intrusion.