Many remote healthcare teams rely on virtual private networks to safely send and receive data. But the encryption service can be infiltrated by threat actors, as noted in a recent advisory from the Department of Homeland Security that predicts more VPN attacks are likely during the pandemic. Consider these tips to protect your VPN servers:
1. Deal with VPN Security Weaknesses Immediately
Any vulnerability in a VPN server’s operating system, services or other software could be used to attack other systems or to access and manipulate employees’ network communications. For software bugs, know when patches and updates are released; test and deploy them as quickly as possible. Continuously monitor security-related software configuration settings and alert your teams when a setting is altered without consent.
READ MORE: Learn how top hospitals have pivoted to support remote work and business continuity.
2. Limit VPN Direct Access to Approved Parties
Only authorized administrators should have direct access to VPN servers. Healthcare workers and other users don’t need it (their network traffic will flow through the VPN servers). To that end, only allow connections using secure protocols that encrypt all communications and require mutual authentication of the VPN server and the VPN administrator’s computer. Require multifactor authentication for all VPN administrators.
3. Practice Constant Security Vigilance with Servers
Because VPN servers are so important, especially now with increased use, it’s crucial to closely monitor the servers’ security at all times and to have incident handlers or other IT security personnel automatically contacted when suspicious activity is detected. This allows attacks to be identified and thwarted more quickly, thus reducing the amount of potential damage an attacker might cause.
4. Keep Watch for Subtle Threats to Your VPN
Beyond looking for obvious red flags, such as malware downloaded to a VPN server, keep watch for things that are more anomalous — a VPN server initiating connections to unknown IP addresses, for instance. Other risk factors may include unexpected protocols being used by a VPN server and unexplained administrator account lockouts. Any sign of compromise, however small, should be investigated immediately.