How to Secure Remote Access to Company Resources

To all vendors, contractors and IT staff... this basic #cybersecurity stuff applies to ALL of us. The recent #Powerschool mayhem is a reminder of the damage a compromised contractor IT user/device can do. IT users (and IT contractors) accounts and devices often have exceptional rights and access across your organization (or multiple organizations), and could do great harm if compromised. If the device is compromised, even MFA may not be enough to stop the potential harm. PLEASE - a) IT folks and contractors need to stop browsing the web, playing games, and reading email using an account that has local administrator rights on those support devices. b) Make SURE any device you authorize for VPN access has appropriate controls on it, for example, it should be impossible to disable the antivirus/XDR controls, even with admin rights (we call that tamper protection). Consider prohibiting personal use devices for VPN support activities. c) Make sure IT and contractor support devices are setup on an aggressive patching schedule. Patch within 14 days, for both operating system and applications. If you are a developer, make sure the update hash matches the download, and PLEASE don't randomly search the web for a missing driver. d) Stop reusing credentials across clients, AND stop reusing administrator passwords on systems and machines. If one ring can rule them all, and the ring gets stolen, it's game over. e) Minimize the access to least priv for all roles. I suspect a LOT of attacker intel can be gathered from your helpdesk ticketing system. Does EVERYONE need rights to ALL the tickets? Do developers need access to ALL the databases or just a few? Do they need admin rights on all ALL the servers or just run-as admin rights for certain tools. Yes it's more work, but the consequences of NOT limiting access have gotten a lot worse. I have a template signature document I have vendors and contractors sign when they request our zero-trust VPN. I will be modifying that template to include these explicit callouts (and probably a few more).

This article highlights a St. Louis federal court indicted 14 North Korean nationals for allegedly using false identities to secure remote IT jobs at U.S. companies and nonprofits. Working through DPRK-controlled firms in China and Russia, the suspects are accused of violating U.S. sanctions and committing crimes such as wire fraud, money laundering, and identity theft. Their actions involved masking their true nationalities and locations to gain unauthorized access and financial benefits. To prevent similar schemes from affecting you businesses, we recommend a multi-layered approach to security, recruitment, and compliance practices. Below are key measures: 1. Enhanced Recruitment and Background Verification - Identity Verification: Implement strict verification procedures, including checking legal identification and performing background and reference checks. Geolocation Monitoring: Use tools to verify candidates’ actual geographic locations. Require in-person interviews for critical roles. - Portfolio Validation: Request verifiable references and cross-check submitted credentials or work samples with previous employers. - Deepfake Detection Tools: Analyze video interviews for signs of deepfake manipulation, such as unnatural facial movements, mismatched audio-visual syncing, or artifacts in the video. - Vendor Assessments: Conduct due diligence on contractors, especially in IT services, to ensure they comply with sanctions and security requirements. 2. Cybersecurity and Fraud Prevention - Access Control: Limit access to sensitive data and systems based on job roles and implement zero-trust security principles. - Network Monitoring: Monitor for suspicious activity, such as access from IPs associated with VPNs or high-risk countries. - Two-Factor Authentication (2FA): Enforce 2FA for all employee accounts to secure logins and prevent unauthorized access. - Device Management: Require company-issued devices with endpoint protection for remote work to prevent external control. - AI and Behavioral Analytics: Monitor employee behavior for anomalies such as unusual working hours, repeated access to restricted data, or large data downloads. 3. Employee Training and Incident Response - Cybersecurity Awareness: Regularly train employees on recognizing phishing, social engineering, and fraud attempts, using simulations to enhance awareness of emerging threats like deepfakes. - Incident Management and Reporting: Develop a clear plan to handle cybersecurity or fraud incidents, including internal investigations and containment protocols. - Cross-Functional Drills and Communication: Conduct company-wide simulations to test response plans and promote a culture of security through leadership-driven initiatives. #Cybersecurity #HumanResources #Deepfake #Recruiting #InsiderThreats

No OT/ICS network is 100% secure. Many are far from being considered secure at all. Very far. Plenty of reasons exist on why. -> Misisng budget -> Lack of awareness -> No technical training -> False belief in the airgap -> Downtime isn't an option -> Incompatible legacy systems -> No clear owner for OT cybersecurity The SANS 5 ICS Cybersecurity Critical Controls can help though. These were created when looking across all known ICS cyber incidents. And asking the question - "What controls would help in all of these situations?" Hence the list was born! 1. ICS Incident Response “It’s not a question of IF, it’s only a question of WHEN.” Just like in IT, every OT/ICS environment needs to be prepared for when its comrpomised. Know the scenarios you’re defending for. Have a dedicated IR plan. Practice with table tops. Know who to call when it hits the fan. 2. Defensible Architecture Segmenting the network can effectively limit the majority of cyber risk. Leverage an IT/OT DMZ to securely control allowed traffic between networks. Use additional segmentation within OT to slow down attackers. Ideally we can slow them down to give us more time to detect them. Though we have to be looking... 3. ICS Network Visibility Monitoring How can we know if an attacker is in the environment? Espeically if we’re not looking for them? Unfortunately, less than 5% of OT networks are looking. Leverage passive monitoring tools. Watch firewall traffic (allowed AND blocked). Examine other event data to detect suspicious activity that needs to be investigated. 4. Secure Remote Access Nearly every OT/ICS environment allows for remote access. Whether it is considered “secure” is a whole other story. Use MFA with on-demand access. Leverage secure jumpboxes with session recording. And other layered controls to limit the damage if an attacker gains access to an outside party's system. 5. Risk-based Vulnerability Management Vulnerability managemen in OT/ICS is VERY different than IT. Before any patch or other fix can be applied, the associated vulnerability needs to be evaluated. With the appropriate team members such as engineers and plant technicians. Those that can help determine the true risk the vulnerability presents to the plant. Do we need to patch NOW? Do we wait to the NEXT patch window in a year? Or is there no risk to safety and availability so we NEVER patch? While you might not be able to apply this all in your plant right away, start where you can. And work to improve bit by bit each day. Will you ever be 100% secure? No. No one is. But you'll be more secure than you were yesterday! Download the 5 SANS ICS Critical Controls at https://lnkd.in/eDTx2rZy. P.S. What would you add? A HUGE thank you to Robert M. Lee and Tim Conway for building the SANS ICS Cybersecurity Critical Controls for the community! 🔔 Follow Mike Holcomb for more OT/ICS cybersecurity ♻️ Share to help others!

When I first started working with a remote team, I realized that I needed to have a loss-prevention mindset. I couldn't afford to wait for something to go wrong. If confidential info were leaked or there was unauthorized access to your company's financial data, the consequences could be catastrophic. Trust would be eroded clients might leave, and  the financial loss could set you back months or years. I didn't wait for this to happen to me, and neither should you. I never want a situation where there's even a sliver of doubt because I don't want the added stress to distract me from my vision. So, it's important to plug in the holes before they become sinkholes. Here's what you can do: Secure Access ‣ Implement multi-factor authentication (MFA) for logins and regularly review and update access permissions. Regular Reviews ‣ Employees leaving the team or changing roles should have their access revoked or adjusted accordingly. Confidentiality Agreements ‣ Have all team members sign confidentiality agreements (NDAs). Open Communication ‣ Regularly discuss the importance of data security with your team. Data Encryption ‣ Encrypt sensitive data both in transit and at rest. Backup Systems ‣ Implement backup systems for your data. Education and Training ‣ Phishing scams and social engineering attacks constantly evolve, so keep your team informed. Create an access repository sheet ‣ This document should list all authorized users, their access levels, and the specific systems they can access. Take proactive steps now to protect your business before it's too late. Helpful?  ♻️Please share to help others. 🔎Follow Michael Shen for more.

Why Traditional VPNs Are No Longer Secure in 2025 VPNs were once the gold standard for remote access, but in today’s threat landscape, they are more of a liability than a security solution. Here’s why 👀 1️⃣ VPNs Trust Too Much (Lack of Zero Trust) ✅ The Problem: Traditional VPNs grant users broad access to the network once they authenticate. This means if an attacker steals credentials or compromises a device, they can move laterally and access critical systems. ✅ The Fix: Zero Trust Network Access (ZTNA)—which only grants access to specific applications and data, not the whole network. 2️⃣ VPNs Are Easy Targets for Cyberattacks ✅ The Problem: VPNs have been the target of ransomware groups and nation-state attacks because they expose an entry point to the corporate network. ✅ Example: VPN vulnerabilities (like those in Fortinet, Palo Alto, and Pulse Secure) have been actively exploited by hackers to gain unauthorized access. ✅ The Fix: Cisco Secure Access and ZTNA replace VPNs with identity-based, cloud-delivered security, making it harder for attackers to exploit. 3️⃣ VPN Performance is a Bottleneck for Hybrid Work ✅ The Problem: VPNs route all traffic through a central data center, leading to slow performance for remote workers accessing cloud apps (e.g., Office 365, Salesforce, AWS). ✅ The Fix: Cloud-delivered Secure Access Service Edge (SASE) provides direct-to-app security without the VPN backhaul lag. 4️⃣ VPNs Don’t Provide Granular Security Controls ✅ The Problem: VPNs lack real-time security policies based on user behavior, device posture, and risk level. ✅ The Fix: Cisco Secure Access dynamically enforces security policies, requiring MFA, blocking access, or limiting permissions based on real-time risk signals (e.g., new location, risky device). 5️⃣ VPNs Increase Compliance & Insider Threat Risks ✅ The Problem: A VPN doesn’t monitor what a user does after logging in. If an insider (or a hacker with stolen credentials) accesses sensitive data, there’s little visibility. ✅ The Fix: Cisco Secure Access provides full visibility into user activity and applies least-privilege access controls to minimize risks. The Future: VPN-Free Secure Access 🚀 🔹 Zero Trust Access (ZTNA) → Only grant access to specific apps, not entire networks. 🔹 Cloud-Native Security (SASE) → Secure access without the VPN bottleneck. 🔹 Adaptive Security Policies → Enforce MFA, device checks, and real-time risk-based authentication. In 2025, VPNs are no longer a secure option. Organizations are shifting to Cisco Secure Access and Zero Trust solutions to keep up with modern threats. Is your company still relying on legacy VPNs? Let’s talk. 🗣️ #ZeroTrust #VPNAlternatives #ZTNA #CiscoSecureAccess #CyberSecurity