If you use VPN (Virtual Private Network) to access your business IT, is it patched, secure and most importantly using Multi Factor Authentication (MFA/2FA)?
In the race to give staff access to corporate systems from home we are hearing of VPN clients being hastily installed on untrusted home computers.
If these machines are compromised by malware the VPN profile can be extracted and the username & password logged – without MFA they can be re-used giving ultra easy access to a hacker.
There are other ways of securely giving ‘air gapped’ access from home computers, but be careful there are many rogue services & software out there just waiting for you to effectively breach your own network!
We would leave VPN connectivity for corporate owned & trusted devices (and still secure with MFA!) and set very tight firewall rules around what servers & services can be connected to over VPN. This also goes for those who expose Remote Desktop Services (aka Terminal Services) directly to the internet, not behind a secure gateway and likely again without MFA – Don’t Do It!