Thursday, February 2, 2023
  • Login
Metro News
  • Home
  • News
    • Sports
    • Science
  • Entertainment
    • Music
    • Fashion
  • Lifestyle
    • Food
    • Health
    • Travel
  • Tech
    • Mobile
    • Gaming
    • Gadget
    • Apps
No Result
View All Result
  • Home
  • News
    • Sports
    • Science
  • Entertainment
    • Music
    • Fashion
  • Lifestyle
    • Food
    • Health
    • Travel
  • Tech
    • Mobile
    • Gaming
    • Gadget
    • Apps
No Result
View All Result
Metro News
No Result
View All Result
Home Tech

Cybersecurity Focus: How to Make Remote Work Safer

ALY by ALY
January 17, 2023
in Tech
0
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Telework is a long-running trend in the business world, and it has reached unprecedented heights because of the Coronavirus emergency. As a result, numerous companies have been forced to plunge headlong into implementing the remote work model, and predictably enough, this process is not always smooth.

One of the issues is that employees’ security is often sacrificed so that organizations can continue to operate as they did before the crisis. Unfortunately, this fact could not possibly stay beyond the cybercriminals’ spotlight.

As a result, malicious actors have focused on finding loopholes in the popular tools used for teleworking, such as conferencing software and Virtual Private Network solutions.

Malicious actors aim to snoop on sensitive communication or plague enterprise networks with spyware or ransomware. To further boost these efforts, they are also adjusting the themes of phishing attacks to employees’ fears and pain points arising out of infodemic and terrifying news like those coming from the fronts of the Russian-Ukrainian war.

Here is a roundup of cybercrime methods zeroing in on the remote work model and practical techniques for companies to steer clear of these attacks.

VPN security needs an overhaul

While working out of the office, employees should maintain a stable and secure connection with the company’s computer networks. VPN is a vital tool that bridges the gap between workers and hacker-proof online communication.

Unfortunately, with teleworkers increasingly relying on these tools to perform their duties, cybercriminals are busy exploring them for vulnerabilities.

Numerous security reports signal the escalating threat of VPN exploitation. Therefore, it is crucial to harden the security of the remote work model and implement VPNs wisely these days. Here are the significant risks in this regard:

  • Since VPN is one of the foundations of secure telework, hackers have ramped up their efforts to discover and exploit new weaknesses in these solutions.
  • Businesses use VPNs 24/7, so it can be problematic for them to keep up with all the updates that deliver the latest security patches and bug fixes.
  • Threat actors may increasingly execute spear phishing attacks (malwarefox dotcom spear phishing) that dupe teleworkers into giving away their authentication details.
  • Organizations that do not require their personnel to use multi-factor authentication for remote connections are more susceptible to phishing raids.
  • Trying to save money, some admins configure their systems to support a limited number of simultaneous VPN connections. As a result, information security teams may fail to perform their tasks when VPN services are unavailable due to network-wide congestion.

Essentially, adopting telework that relies on VPN technology leads to the fact that the average company’s security architecture often has a single point of failure. A malefactor who succeeds in hacking VPN connections can get an unnervingly broad scope of access to the target’s data assets.

Here is some extra food for thought. Some time ago, CISA alerted businesses to the massive exploitation of a nasty flaw in Pulse Secure VPN. This bug could launch remote code execution attacks targeting enterprise networks.

One of the reported incursion vectors involving this vulnerability was related to the distribution of the Sodinokibi ransomware virus, a strain that specifically homes in on corporate networks.

If the appropriate patch was not applied, this imperfection allowed malefactors to turn off MFA and access network logs that keep the cache of user credentials in plaintext.

In response to the looming menace, security experts recommend organizations focus on upping their VPN security practices to prevent the worst-case scenario.

Here are a few tips to help a company from being a moving target:

  • First, keep VPN tools and network infrastructure devices up to date. This recommendation also holds true for devices (company-issued or personal) that the employees use to connect to corporate resources remotely. Correct updates and patch management ensure the most current security configuration is in place.
  • Let your teams know about the expected rise in phishing attacks so that they exercise more caution with suspicious emails.
  • Ensure the cyber security team is prepared to tackle remote access exploitation scenarios through breach detection, log analysis, and incident response.
  • Use multi-factor authentication for all VPN connections. If, for some reason, this rule cannot be put into practice, ascertain that your staff members are using strong passwords to log in.
  • Inspect the corporate VPN services for capacity restrictions. Then, choose a reliable hosting service that can help leverage bandwidth limiting and ensure secure connections continuity when needed the most.
  • An additional precaution is to test the functionality of the VPN kill switch. This feature automatically terminates all web traffic if the secure connection is interrupted. This way, you can rest assured that the data doesn’t travel via the public Internet in an unencrypted form.

Conferencing software is low-hanging fruit.

Similarly to virtual private networks, tools that enable virtual meetings have recently extended their reach significantly. It comes as no surprise that cyber crooks have stepped up their repertoire in terms of discovering and exploiting weaknesses in popular conferencing products.

The consequences of such a hack can be devastating because it paves the way for eavesdropping on a large scale.

The U.S. National Institute of Standards and Technology (NIST) highlighted the risks stemming from the abuse of virtual meeting tools. According to the agency, although most of these solutions come with basic security mechanisms, these features may not be enough to fend off privacy encroachment.

Here is a roundup of recommendations in this context to stop hackers in their tracks:

  • Adhere to your company’s policies and guidelines addressing the security of virtual meetings.
  • Avoid reusing access codes for web meetings. If you share them with plenty of people, chances are that confidential data is leaked beyond the intended number of individuals.
  • If you plan to discuss a highly confidential subject, consider using one-time PINs or unique meeting identifier codes.
  • Make the most of the “waiting room” function that prevents a virtual meeting from starting until the conference host joins.
  • Tweak the settings, so the app triggers notifications when new people join the web meeting. If this option is missing, the host must request that all participants name themselves.
  • Leverage dashboard controls to keep abreast of the attendees during the conference.
  • Refrain from recording the virtual meeting. If you really need to do it for future reference, be sure to encrypt the file and specify a passphrase to decrypt it.
  • Minimize or ban the use of employee-owned devices for video conferencing.

Keep in mind that hackers are not the only ones who may wish to snoop on virtual meetings. Disgruntled employees or fired employees who still have access to the company’s digital infrastructure may also be lured to get hold of your proprietary data.

The bottom line

The global increase in remote work is a natural part of the business evolution. It is also an emergency response to new factors like COVID-19. But sadly, the “rough” implementation of telework in many organizations has become the weakest link in their security.

In addition to thwarting the above risks related to VPN tools and virtual meetings, organizations should rethink and bolster their anti-phishing practices to dodge scams that rely on trendy news topics. Your personnel should be skeptical about suspicious messages and think twice before clicking on any links in them.

Remote work security is now more critical than ever before. This needs to change if it is not your organization’s top priority.

Featured Image Credit: Photo by Thirdman; Pexels; Thank you!

Alex Vakulov

Alex Vakulov

Alex Vakulov is a cybersecurity researcher with over 20 years of experience in malware analysis. Alex has strong malware removal skills. He is writing for numerous tech-related publications sharing his security experience.

Previous Post

5 NBA players likely to make their first All-Star appearance, ranked

Next Post

12 Cocktail Recipes Made With Bright Winter Citrus

Next Post

12 Cocktail Recipes Made With Bright Winter Citrus

  • Trending
  • Comments
  • Latest

Damar Hamlin injury updates: Latest on Bills safety in critical condition in hospital

January 3, 2023
recalled-dried-plums-Alli-and-Rose.jpg

Corporate remembers dried plums from Costco retail outlets on account of lead contamination

February 25, 2022

Samsung Galaxy Watch 5 Pro vs Samsung Galaxy Watch 4 Classic

August 13, 2022

Walking Dead Recap, Season 11 Episode 22: Faith

November 7, 2022
21ukraine-briefing-excerpts2-facebookJumbo.jpg

Highlights From Putin’s Cope with on Breakaway Areas in Ukraine

0
stranger-of-paradise-difficulty.jpg

Stranger of Paradise goes to be higher than Elden Ring… on the subject of problem choices, no less than

0

Pamela Anderson Is ‘Killing It’ In Broadway Rehearsals For ‘Chicago’ – Hollywood Life

0

About 300 People Died in Bombing of Mariupol Theater, Officials Say

0

OnePlus Pad teased again ahead of imminent launch

February 2, 2023

Samsung, Google and Qualcomm are making a mixed reality platform • TechCrunch

February 2, 2023

Global markets are subsidizing Galaxy S23 prices in the US

February 2, 2023

10 combat sports better suited for TV than Power Slap

February 2, 2023

Recent News

OnePlus Pad teased again ahead of imminent launch

February 2, 2023

Samsung, Google and Qualcomm are making a mixed reality platform • TechCrunch

February 2, 2023

Global markets are subsidizing Galaxy S23 prices in the US

February 2, 2023

10 combat sports better suited for TV than Power Slap

February 2, 2023




Metro News

We bring you the Global News From All Over The World. Stay Tuned For Your Favorite Categories News 24x7.

Browse by Category

  • Apps
  • Crypto News
  • Crypto Trading
  • Entertainment
  • essay online
  • essay usa
  • Essay Writer Cheap
  • Fashion
  • FinTech
  • Food
  • Forex Handel
  • Gadget
  • Gaming
  • Health
  • Lifestyle
  • Mobile
  • Music
  • News
  • pashka
  • Payday Loans
  • Porn Chat
  • Science
  • Software Development
  • Sports
  • Tech
  • Travel
  • Uncategorized
  • Бизнес Украина
  • Инвестиции
  • Новости Украины
  • Ремонт Автомобилей
  • Финансовые Новости
  • Форекс брокеры

Recent News

OnePlus Pad teased again ahead of imminent launch

February 2, 2023

Samsung, Google and Qualcomm are making a mixed reality platform • TechCrunch

February 2, 2023

Global markets are subsidizing Galaxy S23 prices in the US

February 2, 2023

10 combat sports better suited for TV than Power Slap

February 2, 2023

© 2022 Metro News - Biggest Digital New Network.

No Result
View All Result
  • Home
  • News
    • Sports
    • Science
  • Entertainment
    • Music
    • Fashion
  • Lifestyle
    • Food
    • Health
    • Travel
  • Tech
    • Mobile
    • Gaming
    • Gadget
    • Apps

© 2022 Metro News - Biggest Digital New Network.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Posting....
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
x Logo: Shield Security
This Site Is Protected By
Shield Security →