Businesses worldwide are looking at remote working as an option for many of their employees. Flexjobs, in a recent survey, has noted that 74% of workers around the globe have stated that remote working is the “new normal”. Remote work does have a problem with the company’s viewpoint, especially when it comes to accessing business data. While VPNs and virtual desktops can be used and configured to gain access to data stored within the company servers, there’s no guarantee that the person accessing this data is an employee. Sure, businesses can put authentication protocols in place, but there are ways around this. This article will look at some of the cybersecurity threats that virtual desktops and VPNs may potentially introduce into a company’s network.
Table of Contents
It All Starts with Passwords
When a user logs into a VPN or a virtual desktop, they’re using a username and password combination that they aren’t supposed to give to anyone. Using these credentials, Bradington Young can log in and get access to their business’s servers. Only, there’s no guarantee that they’re the one using those credentials. Security Boulevard mentions that VPNs are a popular vector that malicious users adopt to conduct cyberattacks. It’s not enough for users to be constantly vigilant since many of these actors can simply slip in code that scans passwords and usernames as they go out. Before the connection is encrypted, this data can be intercepted and decrypted to allow hackers to access an employee’s user account.
What Can a User Do?
Dependence on standard VPNs isn’t enough for users that need to access highly sensitive company data. Companies do offer workarounds for this. One business even offers RAM-only VPN servers that don’t save the connection location or any data about the user on their servers. This is New Trend. Businesses could opt for different authentication methods, but these may run into hundreds of thousands of dollars to implement. One of the more straightforward approaches to ensure that credentials aren’t being abused is to set up a simple two-factor authentication (2FA) system linked to a user’s personal phone. However, since this connection may not be secure, malicious actors may be able to hijack this code as well. It all depends on the sophistication of the attack and how many barriers the hacker is willing to hurdle.
Dealing With Challenges to Network Security
Enterprise security is slowly coming to terms with allowing users to access company servers from their personal machines. One of the things most IT teams understand in the early days of their training is that users can’t be trusted. In the past, using a VPN was enough to ensure that a user would be who the businesses say they were. Today, with companies stepping away from over-authentication for ease of use, the dependence is on the user keeping their passwords secure. If history has taught us anything, it’s that trusting non-specialists to follow industry best-practices typically leads to failure. Security teams need to step up their vigilance to ensure their companies remain protected into the future.