Altis Talent Expo April 23, 24 & 25
Find WorkHire
Company
DiversityLearn
Login
en
Login
Connecting Top Talent to Meaningful Work
Find Work
Hire
About Us
Services
Join Our Team
Diversity
Learn
Follow Us
Facebook
LinkedIn
YouTube
© Altis Recruitment 2023

Back to all posts

For Employers

Cybersecurity Tip: Beware of Using a VPN

We’ve put together tips to help organizations identify cybersecurity gaps when using a VPN.

Published on

October 1, 2020

Copied!

71% of Canadian organizations have reported experiencing at least one cyber attack that impacted operations in some way.

You’ve seen the headlines. Data breaches here, phishing attacks there. It seems we’re always hearing about some company or organization that’s been the unwilling victim of a hacker’s latest conquest (CRA credential-stuffing attack, anyone?).

As an IT professional, your ultimate goal is to naturally avoid headlines such as these at all costs.

Yet, depending on your role within IT (i.e. whether you work for or provide services to an organization), you’ve most likely seen some close calls. Perhaps you’ve even been on the other end of an eleventh hour cybersecurity hack that you had to resolve.

But here’s the thing; how, in 2020, are companies still so vulnerable to attack?

More importantly, how do companies become better at leveraging IT within their organizations to protect their systems, their people (i.e. staff, clients, customers), and their reputations? To answer these questions and provide us with the ultimate IT insider’s perspective, we called on two experts: Enzo Logozzo of 365 iT SOLUTIONS and Sean Jennings of CIM Solutions.

Tip: Beware of using a VPN

When COVID hit, many companies didn’t have secure methods in place to accommodate staff for remote access. Since the seismic shift from ‘work office’ to ‘home office’ happened so quickly, a number of businesses opted to set up their staff through a VPN.

But here’s the thing, an improperly configured VPN can be a significant security risk.

Sean Jennings of CIM Solutions explains why: “The issue with employees using a VPN when working from home is that it opens up the office network to attack from their home network. This is because the person working from home isn’t using their computer or internet strictly for work purposes. They’re probably streaming movies in the evenings and on weekends. The kids are downloading games, music, and who knows what else. Everyone in the household is clicking on dozens, even hundreds of links. And all are completely oblivious to the fact they’ve most likely clicked on something that has opened the door to a hacker. If that’s the case, you can bet any home computer is infected with some kind of malware or hacking tool.”

This is where remote staff unwittingly set the stage for a horizontal/lateral attack.

According to Sean, that’s because most computers have reduced security and firewall policies when connected on a trusted (i.e. ‘home’) network. The moment a home-worker connects to the VPN, they’ve just provided wide-open access for anyone to slide right behind the firewall, using Joe or Jane’s computer as the gateway. Nothing gets filtered. Nothing gets blocked. Cybercriminals can just spend the entire day hacking corporate computers and servers to their heart’s content. All while intercepting any company data flowing in between.

Our IT insider’s tip for improving security when using a VPN:

  • Equip staff with a dedicated work computer/laptop:  This way the IT department can ensure the device meets proper company specs/protocols (which includes having the right security software).
    • Possible caveat: Even a dedicated work computer with strong antivirus software is not impenetrable to horizontal attacks (if a remote employee is connecting that device to the office using their home Internet).
  • Possible solution (no cost): Add a level of security by configuring/locking down the VPN to only allow network traffic (over the VPN). If the VPN connection is unavailable, outbound network traffic is blocked—decreasing the chances of infiltration by a would-be hacker.
  • Possible solution (low cost): There are now corporate firewalls that can be easily plugged into the work-from-home (internet) connection. These devices act as an independent network, encrypting all information going back to the corporate network (through the household VPN), providing an increased level of security.
  • Possible solution (high cost): Having a unique ‘work’ Internet connection installed into the employee’s home with a corporate-managed firewall connected to it is the ultimate level of security. This will keep the work-from-home computer completely separate (which equals zero exposure to possible hacks and attacks from/through the home network).

Share this post
Copied!

Read on.

For Job Seekers
Unlock opportunities at the Altis Talent Expo!

Three days. Three cities. Countless opportunities.

For Job Seekers
Debunking the myths of working with recruiters

We’re clearing up the top five misconceptions for job seekers!

Company News
Celebrating thirty-five years of staffing

From analog to AI and paper to cloud, a look back over the decades

Here is where the next path begins.

Find Your Next Job
Hire Talent
Recruiting
Find workHireServices
Resources
LearnCandidate FAQsClient FAQs
Company
AboutDiversityJoin the teamContact
Follow Us
Facebook
LinkedIn
© Altis Recruitment #
Accessibility PolicyPrivacy PolicyHow We Use AI at Altis

Altis Technology honours the First Nations, Métis and Inuit peoples on whose land we gather, and respectfully acknowledges that our head office is located upon traditional and unceded Algonquin territory.

Our positions and applications are received in English. To speak with a bilingual consultant, please email bilingual@altis.com