The Swiss National Center for Cyber Security (NCSC) is currently warning against using private computers to access company networks. Even when using a VPN connection, this is not secure.
The trigger was apparently malware on an employee’s personal computer, which spied on the access data for the VPN connection. In this way, the attackers were able to gain access and then spread through the company network.
Private computer as a weak point
When describing the case, the NCSC emphasizes that the employee did not use a company computer for VPN access, but his private device. This is questionable. Because privately used computers are not under the control of the company and therefore there is no guarantee that the company’s security standards are followed, that the updates are installed or that software installations, including malware, are blocked, the center points out.
According to the NCSC, the risk increases further if the computer is also used by other family members. Another problem is that the log files needed and helpful for the company IT in the event of an incident are not available or only incomplete, since they are not or not completely recorded on the private device.
You must log in to post a comment.