Securing your Organization’s Network amid COVID-19
COVID-19 has shaken up the way that we work. In a study conducted by Statistics Canada, it was found that in the 2nd week of April 2020, 5 million employed Canadians worked mostly from home. This is significantly more compared to the 1.7 million that was recorded previously in 2008. The shift to remote work has affected businesses from a wide range of industries, including financial, real estate, and scientific. Due to the rapidness of the COVID-19 developments in the country, many of these organizations were forced to adopt work-at-home models in an extremely short period of time. Remote Deskop Protocol (RDP) and Virtual Private Networks (VPNs) are some of the most common methods of setting up remote work forces. However, due to the rushed timeline, many businesses adopted these strategies without the best practices that were needed to ensure that these connections are secure from cyberattack.
The dark web is a network of underground sites that are known for trading illegal goods and services. It has recently been found that illegal RDP accesses to corporate networks can be found on sale on sites within this network. Prices ranged between USD$10 to USD$100 000 depending on the size of the company. These illegal connections are often being sold by cyberattackers that have managed to hack into insecure or misconfigured RDP connections.
A buyer of these illegal connections can then utilize it to gain access to an organization’s network, using the infiltration to carry out further cybrattacks. Once a malicious actor gains access to a corporate network, they can launch a variety of malicious attacks on the victim. This can range from implanting malicious software such as data stealing trojans, or installing ransomware to extort money out of their victims.
Best practices to employ when protecting your Remote Connections
Make sure that RDP is only available while your employees are connected to the corporate VPN. This adds an extra layer of security when individuals are trying to connect and remotely control your organization’s computers. Furthermore, employ multifactor authentication on your employee accounts to ensure that malicious individuals who gains access to an employee’s login credentials cannot gain access to the system.
Next, an essential aspect to securing VPN connections is setting up clear policies for employees to connect into the network. Set up clear guidelines for supported operating systems and antivirus software that is up-to-date. Individuals who try to set up connections while on vulnerable machines that are not updated can pose security risks to your organization’s network, as these insecure connections become security vulnerabilities that can be exploited by cyberattackers.
Don’t let insecure RDP and VPN connections cause your organization to be vulnerable. Call GIGE at +1 888 366 4443 or send us an email at info@gige.ca. Our team of network experts will identify and rectify vulnerable areas in your current remote workforce set up.