DHS has warned that the expansion of telework due to the Coronavirus pandemic—including by large numbers of employees who normally work remotely only rarely, if at all—means greater vulnerability to phishing and other attempted intrusions into agency IT systems.
“Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network . . . As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors,” says an alert from the DHS Cyber Infrastructure Security Agency.
“Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords” and agencies should alert employees to the possibility, it says, referring to guidance on recognizing phishing attempts, Avoiding Social Engineering and Phishing Attacks: https://www.us-cert.gov/ncas/tips/ST04-014.
Organizations that do not use multi-factor authentication for remote access are more susceptible to phishing attacks, it adds.
It also noted that agencies “may have a limited number of VPN connections, after which point no other employee can telework.”