More companies are now relying on VPNs for business continuity. As a result, VPN gateways are running at or near capacity. This means that corporate IT departments need to step up proactive security measures and leverage all the tools at their disposal to implement security controls and keep traffic load manageable so that the VPN gateways aren’t overwhelmed and unable to perform as expected for remote workers. Because of this, just one DDoS attack can take down an entire company. Cybercriminals know that employees are more exposed and less cautious when working from home, so it is important that your company’s IT team stays up to date with software patches and takes appropriate actions to mitigate risks.
Additionally, these proactive security measures should be followed to provide optimal security for your company’s VPN connectivity for your employees:
- Perform regular audits on your VPN user base to ensure all users that have VPN access truly need it and are authorized company employees
- Conduct security awareness training for your employees on regular basis
- Educate users on best practices and acceptable use to ensure that users are limiting VPN use to business related activities
- Cloud migration where possible to reduce reliance on office VPN
- When possible, use two-factor authentication to protect VPN accounts and cloud services from unauthorized access.
- Ensure remote access session capacity, bandwidth and throughput are horizontally scalable so that they can be supplemented as demand warrants
- If and when possible, restrict remote access to a whitelist of known-good IP addresses
- Use identity and access management: IAM, MFA, Privileged access security becomes more essential
- Whenever possible, disable “everyone” and “anonymous” rights to restrict unauthorized access
- Develop and implement a strict security policy for third parties connecting and working within your company network
- Ensure that your password policy is implemented and configured correctly. Check your length and complexity requirements, focusing on ensuring passwords are easy enough to remember but difficult to guess
- Make sure an account lockout policy is implemented to prevent attackers from getting into your internal network by guessing a user’s password
- Do not use default port numbers when setting up remote services and connections
- Perform an enterprise-wide security risk assessment with emphasis on your company’s remote workforce practices, remote services and access/permissions