Security News > 2020 > March > Cybersecurity risks grow as thousands of federal employees shift to telecommuting
The Trump administration has ordered hundreds of thousands of federal employees to be prepared to work from home full time and use VPNs to connect to government systems.
Many security analysts said these VPNs are designed for a small percentage of employees and not the thousands who will now need to access them repeatedly throughout the work day.
"This creates a major security threat as most employees will opt out of VPN access because it will be slow at best, or refuse the connection all together, leaving many employees using collaboration apps to continue on their day to day activities; personal email, cloud hosted email, cloud apps; Slack, Box, etc. When employees are working remotely, the biggest threat is the user identity. Bad actors are targeting government employees with sophisticated phishing attacks to steal credentials," Nassar said.
"When employees return to the office, they may be doing so with potentially compromised devices. This now puts the company's central network in jeopardy. With the move to teleworking, employees are more vulnerable to email phishing or business email compromise. In addition to many more employees being at home, with the closure of schools their families will be there as well. It may become difficult to get work done at home and some employees may try and brave a local coffee shop or library to get work done. Public WiFi networks are significant threat vectors and should be avoided, especially without using a VPN.".
"The federal government is such a monster bureaucracy with so many moving parts that it is going to be-and has been-vulnerable wherever its people work. Different departments have different levels of security, but most federal employees are not used to working in a fast-changing, flexible environment. Getting a web meeting to work with a federal government department can be a frustrating experience, so I think they are going to have a lot of problems maintaining effective communications when most employees are working from home," said Colin Bastable, CEO of security awareness training provider Lucy Security.