As firms gear up for an increase of users working from home, it is important to ensure that security protocols are in place. While remote access technologies, including virtual private network (VPN) capability, allow remote connection to firm resources, it is essential to understand that some remote access methods are laden with potential security risks. Allowing employees to run VPN software on a home computer for remote access is high risk with an undesirable attack vector, permitting access into your entire home computer. What are the dangers of using a VPN on a home computer? Consider the following:
- Malware Defense – Home users are typically local administrators for their personal computers. They rarely create secondary standard user accounts for daily usage, which makes them far more susceptible to malware attack.
- Family Machine – If a personal computer is shared among multiple family members, even with multiple user profiles, there are very few mitigations to prevent an infection or poor judgment of one individual from infecting others.
- Security Tools – Lastly, home users typically only have antivirus on their computers. Home users generally operate as independent workstations with no monitoring from security professionals to respond when something goes awry.
- Company Control – Organizations do not have the authority to manage an individual’s home computer. These gaps, even when connected to a bastion host, can allow data leakage from keystroke loggers and screen-capturing malware that can place data and the organization at risk.
Even with all of these dangers, some organizations have accepted the risk of VPN software on resources not being maintained by the business. The initial decision to allow VPN software on home assets should be revisited, and businesses should consider other ways to allow remote access with lower risks:
- License a third-party remote access solution that does not require a complex environment to provide connectivity and can perform the connection through a web browser without the need for the VPN software, dedicated applications or protocol tunneling. Our best suggestion for which specific tools are best changes constantly- ask us if you’re interested in most current.
- If employees who need remote access have traditional desktop computers, consider replacing them with corporate-owned and managed laptops with docking stations. In the office, a laptop would operate as a regular desktop, including having large monitors, but when required at home, it could travel as a managed asset, minimizing the risk.
Stay safe and please reach out if you would like additional IT security guidance!
