-- Make multi-factor authentication obligatory for all VPN connections. If this is unsuitable for whatever reason, make sure remote workers use strong passwords to sign in.
-- Instruct IT security personnel to stress-test enterprise VPN services to get an idea of their capacity threshold. Consider implementing flexible bandwidth throttling so that users who perform critical tasks can stay connected at all times.
On a side note, CISA had previously given organizations a heads-up about the exploitation of a known vulnerability in the popular Pulse Secure VPN service. Documented as CVE-2019-11510, this imperfection can become a basis for remote code execution (RCE). One of the adverse scenarios is the deployment of enterprise-targeting ransomware such as the notorious Sodinokibi strain within a corporate network. Unless patched, this vulnerability may also allow an attacker to disable multi-factor authentication and view network logs along with cached user credentials in plain text.
In addition to the agency's recommendations, it's a good idea to verify that the VPN kill switch works seamlessly. This feature ensures that the enterprise traffic won't go unencrypted via public Internet even if the secure connection drops.
Virtual meetings in criminals' spotlight
Conferencing software is one more technology seeing a massive spike in the corporate ecosystem due to the COVID-19 outbreak that has urged businesses to take the remote workplace route. As is the case with VPNs, cybercrooks have ramped up their efforts to exploit flaws in solutions used for virtual meetings. Obviously, this can become a major source of eavesdropping.
Considering the elevated risks, the U.S. National Institute of Standards and Technology (NIST) alerts organizations to the emerging threat. The agency, which is part of the country's Department of Commerce, emphasizes that although most virtual meetings services are equipped with basic security features, a few extra precautions are worthwhile to bolster corporate defenses against privacy incidents. The recommendations are as follows:
-- Stick to your company's policies addressing the security of web meetings.
-- Refrain from reusing access codes for multiple conference calls. Sharing these codes with too many people can lead to the disclosure of sensitive information to individuals it isn't intended for.
-- In case you are going to discuss a sensitive topic, use meeting identifier codes or one-time PINs for the session.
-- Leverage the virtual "waiting room" feature so that the meeting doesn't start until the conference host is ready.
-- Configure the software to generate notifications when participants join the virtual meeting. If this option isn't available, the host should instruct all attendees to identify themselves.
-- Use a dashboard feature to keep track of all participants during the meeting.
-- Don't record the conference. If you have to, encrypt the recording and require a passphrase to unencrypt it.
-- Limit or prohibit the use of employees' personal devices for virtual conferencing instruct them to only use devices issued by the company.
NIST additionally stresses the fact that the range of individuals who may want to eavesdrop on web meetings isn't restricted to cybercriminals. Former or displeased employees who maintain a certain scope of access to the enterprise IT assets can try to steal corporate secrets as well.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
