CISA outlines best corporate VPN best practices for work from home March 2020, which should include modern O/S & corporate VPN with very strict 2FA security

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Friday outlining virtual private network (VPN) best practices for organizations supporting remote work forces. VPN Requirements include

VPNs are required to support these remote workers, CISA’s alert contended, and proper VPN patching needs to be maintained.

“Remote work options — or telework — require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network,” the alert stated.

One catch is that organizations may have a “limited number of VPN connections, after which point no other employee can telework.” The alert also contended that employees using VPNs for teleworking can be susceptible to targeting by “malicious cyber actors,” including e-mail phishing attempts to steal user names and passwords.

CISA also stressed requiring multifactor authentication (a secondary means of verifying a user’s identity besides a password) for teleworkers, although that’s likely a soft spot for many organizations.