US government issues guidance for enterprises using VPN software

By Anthony Spadafora
last updated

Expect increased phishing attempts and attacks that exploit VPN security flaws

(Image credit: Shutterstock.com)

With the ongoing coronavirus outbreak leading many organizations to allow employees to work from home, the US government has shared a list of tips on how to properly secure enterprise VPN software.

In its alert (opens in new tab) on enterprise VPN security, the Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, has warned organizations to adopt a heightened state of cybersecurity in these uncertain times.

Due to an increased number of employees using services to work remotely, cybercriminals will likely focus their attacks on VPN security flaws. The reason for this is because organizations will be less likely to keep their VPN software regularly updated, especially when employee work schedules will be spread around the clock.

The CISA also warned that cybercriminals may launch additional phishing attacks in an attempt to steal the users credentials of employees working from home and that organizations that haven't implemented multi-factor authentication yet, are the most at risk.

Boosting security while working remotely

The CISA has laid out a number of mitigation measures organizations that are currently allowing their employees to work remotely or considering doing so can take to protect themselves.

However, the most important of which is keeping VPNs, network infrastructure devices and other devices used for remote working up to date by applying the latest patches and security configurations.

The alert also recommends that organizations notify their employees of an expected increase in phishing attempts.

Enabling multi-factor authentication on all VPN connections and requiring employees to use strong passwords are other ways that organizations and employees can stay safe while working remotely.

The next few months will certainly be challenging for all businesses but by taking the necessary steps now, organizations can ensure that their remote workers stay productive and secure.

  • Also check out our complete list of the best VPN services

Via BleepingComputer (opens in new tab)

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

See more Computing news