During this time of minimizing physical contact to reduce the spread of COVID-19 many companies are promoting telecommuting, and increasing remote access of their organization’s network. This is inherently risky, due mostly to substantially increasing the number of threat vectors into their network.
Home devices can include personal computers which are commonly accessed by numerous family members in a household. Laptops that remote in are often used to visit a variety of other non-business sites and run personal software. Mobile devices that connect to a business network are typically running a variety of non-business applications. Each website visited, attachment opened, application accessed, or non-vigilant person using a device equals another potential threat vector.
Most households function with a simple unsecured modem and do not have a protective firewall in place. Today, most consumer-grade anti-malware and anti-virus protection software won’t even slow down hackers from penetrating an organization’s network. Another risk is cyberthreat protection on mobile devices is rarely utilized.
Many companies believe that using a Virtual Private Network (VPN) to securely connect from the end device to the business network assures safe access, but this is not completely accurate. A household or personal device may have been breached or may have malware in place that can then use the secure VPN connection to infect the network.