VPNs: Know The Risks

If you’ve ever worked from home—aptly coined “telecommuting”—chances are you’ve used a VPN, or Virtual Private Network, to connect with your workplace server. VPNs are designed to extend a private network over a public network, making it easy for telecommuters to send and receive data from their home computer without compromising their company server.

Now, with a mandate for the majority of the workforce to stay home and work remotely, VPNs have become a cornerstone of digital productivity. But they may not be the easy solution that companies are searching for.

IT security teams remain concerned about the removal of individuals from safe and controlled working environments leading to potentially, unintentionally disastrous decisions that could compromise their organization’s network. And while some larger enterprises may be struggling to extend the breadth of their VPN coverage to all of their employees, other, smaller organizations may not be equipped at all.

Trouble For Telecommuters

According to Stan Lowe, global CISO for Zscaler, most businesses have VPN capability for roughly 20-30% of their employees. Now, for obvious reasons, that capacity needs to be increased, but it’s no small matter—nor an inexpensive one.

Setting up wider bandwidths for VPN services is timely, costly, and risky for large corporate networks. A campaign to make the change will involve adding high volumes of users, making drastic changes to online infrastructure, downloading and installing widespread security updates, and handling the learning curve for employees who have no experience with VPNs.

And regardless of VPN experience, not all employees have the home network capacity to support a required connection. Seemingly mundane activities, like streaming on Netflix, can compete with a heavy bandwidth entity like a VPN and disrupt employees’ link to their private server.

Additional cybersecurity concerns have stemmed from the assumption that VPNs are inherently secure. In fact, it’s really the opposite that is true—employees linking into a company’s private server from all over the world means that the company’s attack surface is drastically increased.

Technically, a VPN only secures the connection between an employee’s workstation and the wider network. When employees work from their personal computers, any malware they interact with has the potential to ride the link to the company’s server and wreak havoc on corporate assets.

IT experts advise, for the time being, to avoid using multi-purpose personal devices to access company data in order to minimize that risk.

Protect Your People

When it comes to working from home, your company network will benefit from being stronger than ever. There’s never been a better time to prioritize cybersecurity.

BAI Security is dedicated to preserving public health, and with a decade of experience, we offer a fully remote audit option that incorporates our extensive processes, tools, and evaluations to ensure the same rigor and quality you would receive on-site.

And to address these newly heightened risks, we’re proud to announce that throughout the COVID-19 pandemic, we will be providing free Remote Worker Risk Assessments as part of your IT Security Assessment to evaluate your organization’s remote work environment. The evaluation includes full coverage of vulnerable technical aspects, as well as all relevant personnel, policies, and procedures.

To learn more about our documentation, deliverables, and all the assets of our remote auditing services, contact us today.



Posted in BAI Security Blog, Compliance Requirements, Reducing Security Risks and tagged , , , , .