Fast and Cheap VPN’s are a Hacker’s Dream

JUN 09, 2020

By: Bryan Kissinger, Trace3 VP, CISO

The COVID-19 pandemic has changed the way our world functions, forcing us into a new normal at home and at work. A growing list of companies including Twitter, Google, and Facebook have transitioned their employees to work-from-home indefinitely, while in-person conferences and events have either been cancelled, postponed, or gone virtual.

Many organizations were unprepared, or at least under-prepared, for the shift of office-based employees to a remote workforce. Undersized VPN infrastructures, inadequate bandwidth, and a lack of managed devices for employee home use have left IT departments overloaded and under-resourced.

To top it off, IT teams were given little time, under immense pressure, to set up virtual work environments and limit impacts on productivity and collaboration. The accelerated deployment created the potential to “cut corners” in virtual network security, leaving hackers with weakened IT oversight, a greater attack surface, and new ways to penetrate. Bad actors relish these situations, taking advantage of rookie users who are new to remote work.

This combination of factors could significantly alter an organization’s risk profile – securing a mostly (or 100%) mobile workforce is much different that securing a corporate on-prem network.

When starting down the remote workforce path, it’s critical to ensure your employees have the basics to stay productive and enabled, such as hardware and connectivity to software and customers. More importantly, you will want to reinforce new virtual environments. Don’t build cheap, throwaway solutions. Rather, build sustainable options that can be utilized after the pandemic crisis subsides.

“Securing the workforce” is a key pillar of a Zero Trust security model, which Trace3 recommends to all of our clients. The Zero Trust model puts an identity and access management (IAM) solution with multi-factor authentication capabilities at the core of your workforce security program. An example of this technology is Cisco’s DUO or Okta’s MFA solution.

In addition, our Rapid Technology Review (RTR) can assist in creating and deploying a remote workforce mobility strategy. The evaluation includes key on-prem and cloud infrastructure, along with critical collaboration tools, such as WebEx.

This crisis will leave a drastic paradigm shift in the way we work and deploy work-related technology, if it hasn’t already. Many organizations will maintain their workforce as full time virtual and downsize their physical offices. Given the significant investment it takes to support a remote infrastructure, why would a company throw that away once the pandemic recedes?

We believe this pandemic has created an opportunity to reimagine how we work and how we go to work. We also believe the experience will help us be more prepared for future workplace disruptions, in whatever form they may appear.

Leave a Reply

Your email address will not be published. Required fields are marked *