FEATURE then delivered to a server hosted by the attacker on the Internet , where the stolen data can be easily reassembled .
Rising threat # 4 – Non-compliant website access
While this is not technically an attack or a malicious campaign launched by bad actors , companies could still be faced with the problem of their work from users accessing websites and destinations not in compliance with their policy during working hours using corporate provided devices . This could include websites related to social media , violence and adult content . While it ’ s second nature for employees working in the office to know that such access is not appropriate or compliant , at home those same employees may have more of a lax attitude .
Virtual Private Networks ( VPNs ) have been touted by some as a solution to the challenge of securing employee ’ s access to the corporate network . VPNs encrypt a user ’ s web traffic and send it through a private connection to the corporate network , allowing employees to access corporate data and applications with some measure of security and privacy .
Today , however , due to the proliferation of cloud-based applications like Office
365 , SFDC , Google Drive , and others , it is uncommon for organisations to rely solely on VPN-based access to corporate resources .
Instead , VPN is usually used to access just a small subset of internal corporate platforms , leaving remote users unprotected when accessing these cloud-based applications and exposed to threats on the Internet .
Furthermore , VPNs may not provide the level of security that ’ s necessary in today ’ s threat environment . Malicious cyberactors are finding and targeting vulnerabilities in VPNs as employees increasingly use them for telework amid the pandemic . And since VPNs are considered 24 / 7 infrastructure – they are always on to facilitate secure connection to the enterprise network – organisations are less likely to keep them updated with the latest patches .
Finally , since many VPN providers charge by the user , many organisations may have a limited number of VPN connections available , meaning that any additional employees can no longer telework or securely access corporate data .
In this environment , one of the best and most cost-effective ways enterprises can secure such a large-scale teleworkforce is by using DNS as a first line of defence . Every connection to the Internet goes through DNS – those working from home are typically using either public DNS or DNS provided by their Internet service provider , both of which seldom do security enforcement on DNS . Companies are increasingly interested in implementing secure DNS services that can quickly start protecting their remote workforce .
A recommendation is to use secure DNS services that can extend enterprise-level security to teleworking employees , their devices and corporate networks , no matter where they are located . u
One of the best and most cost-effective ways enterprises can secure such a large-scale teleworkforce is by using DNS as a first line of defence . www . intelligentciso . com
39