Insider Threat Management

Coachable Moments: Secure VPN Use and Insider Threats

Share with your network!

Virtual private Network (VPN) technology has been around for decades, but its usage among remote workers isn’t as widespread as you’d think it might be today. We recently conducted a survey focused on travel and remote work, and only 17 percent of employees said they always use a VPN when they’re away from the office. With the rise of cloud-based collaboration tools, that statistic may not seem surprising, but accessing corporate data without the use of a secure VPN could increase accidental insider threat risk.

Here’s why: when employees access corporate systems using free or unsecured WiFi connections (which 77 percent of employees in our survey admitted to doing) these connections can often be intercepted by malicious threat actors. Any data that’s been accessed or transmitted via these connections could be at risk of exfiltration.

To contrast, when an employee uses a secure VPN connection, the risk of data leakage decreases dramatically. However, cybersecurity teams should still be vigilant about VPN use, because malicious insider threats can use these connections to access unauthorised files, folders, or administrative controls.

Here are a few tips on how to help enforce the use of a secure VPN for remote employees, and how to tell if these systems are being abused by malicious insider threats.  

Encouraging Secure VPN Use Among Remote Employees

More often than not, employees will choose the simplest and fastest solution to get their jobs done in a timely manner. When they’re working remotely, they may be tempted to use unsecure connections because they’re easy and readily available. However, with the right coaching in place, you can enforce the use of a secure VPN for all workers when they’re away from the office.

  • Create a clear remote work policy: Remote working is on the rise, and shows no signs of slowing down. According to data from Global Workplace Analytics, 20 to 25 percent of U.S. workers telecommute at least some of the time. If you haven’t done it already, it’s time to create a remote work cybersecurity policy, with secure VPN usage at the center of it.
  • Ensure the VPN is configured properly: If employees think a VPN is too difficult to configure or use, they’re far more likely to circumvent it. In reality, most VPN applications are extremely easy to set up and use (as easy as a WiFi connection, even, once the initial setup is completed). An easy-to-follow IT self-service guide can aid in the process for most users, but it may be worth spending additional time with frequent business travelers or remote workers to ensure these connections are properly configured on their devices.
  • Leave room for feedback: One of the main reasons employees may skirt the use of a VPN is if the connection is slow or cumbersome. An annual or biannual assessment may show that certain technologies just aren’t working for employees, and that feedback may help the IT team find a better solution.

Monitoring for Malicious Insider Threats on VPN Connections

Unfortunately, criminal or malicious insiders with remote VPN access may think they can get away with risky user activity, since this technology is sanctioned by IT. There have even been some documented cases of former employees obtaining unauthorised VPN login credentials to exfiltrate data, send emails, and delete critical information.

For these reasons, it’s critical to implement a user and data activity monitoring solution like Proofpoint ITM that can monitor VPN logs, as well as remote applications that do not generate logs. Proofpoint's library of insider threat indicators help cybersecurity teams detect both malicious and unintentional incidents. These alerts include unauthorised remote access, privilege escalation, configuration mistakes, and more.

If suspicious user activity is detected, ITM provides much-needed context so teams can quickly investigate a potential incident before the damage is done.

What are Your Coachable Moment Tips for Remote Workers?

How does your team handle secure system access for remote workers? Is it easy or difficult to enforce the use of a secure VPN? We’d love to hear from you on Twitter @Proofpoint.