Attackers will have additional opportunities to break into networks in the coming weeks as more U.S. workers log on from home as the country responds to the COVID-19 outbreak, warns the Cybersecurity and Infrastructure Security Agency (CISA) in an alert Friday to the public.
Any organization that uses virtual private networks (VPNs), including agencies at all levels of government, should remember basic cyber-hygiene procedures such as updating and patching networks, staying alert to phishing attempts and using multi-factor authentication when possible. For organizations without multiple-factor authentication, CISA recommends at least using strong passwords.
“As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors,” the agency said in its alert. For IT professionals, CISA points to a July 2016 guide to telework security from the National Institute of Standards and Technology.
As the novel coronavirus spreads, it has brought with it a spike in phishing and other malicious attacks using fear of the virus as part of their attempts to breach networks.
There are tools that federal agencies are permitted to use, such as Google G Suite, Slack, Cisco and Zoom. The platforms have all been FedRAMP authorized to some degree, and many agencies are already paying for them.