When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.
If you have people working from home, you have a vector for malicious attacks. The more people working from home, the bigger the attack surface. Like with all security threats, it helps to know what to defend against. Here are the five remote access threats you should know about.
- Phishing attacks. The easiest way for an attacker to get into your system is to trick a worker into sharing the information they need to do it--or even just give them the info they wanted to get out of your system.
- Distributed Denial of Service (DDoS). Specifically, DDoS against your VPN's TLS server. This one aims to take down your encryption service so folks can't use VPN.
- VPN tools. Advanced persistent threats have been found in VPN solutions from Palo Alto Networks, Fortinet, and Pulse, among others. Make sure you've got them patched.
- Remote Desktop accounts. Someone working from home probably has access to a critical computer or server--it's a good disaster recovery plan move. Attackers too often phish those credentials or even brute force them.
- BlueKeep. This specific vulnerability is in Microsoft's Remote Desktop services. It affects Windows Server 2003, 2008, and 2008 R2, as well as Windows 7, XP, and Vista, but not Windows 8 or Windows 10. Stay patched.
It's good to know what the attacks are so you can defend against them. So patch, patch, patch! If you want some other ideas on mitigating these attacks, be sure to read Lance Whitney's article: How to better defend your organization against remote access threats.
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- VPN usage policy (TechRepublic Premium)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Tom Merritt's Top 5 series (TechRepublic on Flipboard)