Skip to main content
  • Claims Center
  • Contact Us
  • Español
  • Brokers & Agents
Hiscox Insurance
Menu Toggle
  • Home
  • Small Business Insurance Toggle Menu Toggle Menu
  • Why Hiscox Toggle Menu Toggle Menu
  • Resources Toggle Menu Toggle Menu
  • Policy Management Toggle Menu Toggle Menu
  • Claims Center
  • Contact Us
  • Español
  • Brokers & Agents
  • About
  • Get a Quote Get a Quote
  • About
  • Get a Quote Get a Quote
  • Blog Home
    Start Your Business
    Grow Your Business
    Protect Your Business
    Celebrate Courage
    Search

    Twenty-Four Seven

    Sign up to get the latest small business news delivered right to your inbox.
    Protect Your Business
    Man holding smart phone showing a VPN shield

    Is your small business at risk? Learn about VPN vulnerabilities

    Cyber | Claims
    By: Hiscox Blog

    Share Image

    Embed Image

    Copy

    Share Article:

    As a small business owner, you should be aware of growing risks related to VPN vulnerabilities. Although VPNs can be very useful to companies that allow employees to work remotely, business owners should stay protected by making sure they understand risks that have been on the rise since late 2019.

    What is a VPN?

    A VPN, or virtual private network, is commonly used to allow remote workers that are outside the corporate network to securely access corporate services from home or while travelling.  

    If you use a system like Citrix, Fortinet, Palo Alto, or Pulse Secure for employees working remotely, you should be alert to cyber attacks related to these VPNs.

    What makes VPNs susceptible to attacks?

    Since a VPN uses a public network to access a private one, they are more challenging to secure than an in-house network. 

    Here’s why VPNs are common targets for attacks:

    • VPN devices are internet facing, which makes it easy for attackers to scan the internet for their vulnerabilities.
    • VPN vulnerabilities give attackers remote access to a network without login credentials. In all cases, attackers can then run their own code to access internal systems, exfiltrate data, install ransomware (see Travelex below), and/or wipe devices (see Bapco below).
    • Research has found that as of January 3, 2020, there were 3,825 unpatched Pulse Secure VPN servers. Of those, 30% of them were in the U.S. (1,148).

    To avoid VPN vulnerabilities, make sure that your servers are ‘patched’. ‘Patching’, by technical definition, is a software or firmware add-on that’s designed to fix bugs and security vulnerabilities. It’s these vulnerabilities that a hacker is searching for as a way into a server. 

    Proper patching protocols will help you avoid vulnerabilities. 

    Attacks in the news

    One major company that has been publicly disclosed as a victim of this type of attack is Travelex. Travelex was hit with the Sodinokibi ransomware on New Year’s Eve after attackers were able to exploit their Pulse Secure VPN server. Travelex had been warned of the vulnerability as far back as September 2019. Two weeks after the attack, some systems were still offline. 

    The result of attack was that Travelex systems were offline for over two weeks causing widespread business interruption and loss of revenue.

    In a similar situation, Iranian state-sponsored hackers allegedly deployed a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company. This ZDnet article suggests that the attackers got in via a Fortinet VPN vulnerability.

    The outcome here was that the attacker got into an admin account and wiped many of the company’s servers clean, even deleting data. If Bapco hadn’t had the proper back-ups in place, they would have lost the data permanently.

    How to protect your business from VPN vulnerabilities 

    1. If you use a VPN service, it is crucial that you stay up-to-date on the latest security patches and install them asap. Further information on major vendors can be found in these links: Pulse Secure, Fortinet, Palo Alto and Citrix. You should also remain on high-alert and look for signs of compromise within your network. 
    2. If you run any of these services and your servers have not yet been patched, take them down to avoid being detected by internet scans. 
    3. If you experience an attack, you should reset the authentication credentials of the affected VPNs.

    For more information about how to protect your business from cyber threats, check out our cyber security insurance for small businesses.


    Protect Your Business

    Protect the business you’ve worked so hard to build. Get a fast, free quote and your business could be covered today.

    Get a Quote
    Get a Quote
    Subscribe to our newsletter

    Related Articles

    5 Min Read
    Small business owners in capes, protecting what they've built from impacts of recession

    Ideas on how to make your business recession-proof

    Management | Entrepreneur

    Here’s what you need to know about the recession and some things you can do to reduce its impact on your small business.

    Read More

    4 Min Read
    sole proprietor learning what insurance policies are best for her business.

    Useful information on the best insurance for sole proprietors

    Insurance 101 | Entrepreneur

    As a sole proprietor, were you aware that you should have business insurance? Get the details on what type of policies are best for your small business needs.

    Read More

    3 Min Read
    Man sits on couch with telehealth professional on laptop

    Telehealth: Risks and rewards for your healthcare business – and what comes next

    Management | Cyber

    Many health and wellness providers are offering their services virtually. Here’s what you need to know about the risks, rewards, and future of telehealth. 

    Read More


    We’re here to help.
    We provide tailored insurance for the specific risks you face, so you can take the right risks to grow your business.
    Get a Quote
    Get a Quote

    Footer menu 1

    • What We Cover
      • Business Insurance
      • General Liability Insurance
      • Professional Liability Insurance
      • Errors and Omissions
      • Cyber Security Insurance
      • Workers Compensation
      • Other Coverage
    • Who We Cover
      • Small Business Owners
      • LLC
      • Sole Proprietors
      • Entrepreneurs
      • Side Hustle
      • Contractors
      • Home Businesses
    • For Our Customers
      • Refer a Friend Program
      • Covid-19 Response
      • Claims Center
    • For Business Owners
      • Save with our Partners
    • About Hiscox
      • About Us
      • Careers
      • Contact Us
      • Hiscox Corporate
      • Investors
      • Foundation
      • Newsroom
      • We Stand Together
      • Affiliate Partner Program

    Footer menu 2

    • Accessibility
    • Site Map
    • Privacy Policy
    • Terms of Use
    • Legal Notices
    • Español

    Feefo Reviews: Hiscox rated 4.7/5 with 1,067 reviews between January 1, 2022 - January 1, 2023

    * Any cost, premium, or coverage stated before an official customer quote are estimates and an approximation and are not guaranteed. Actual cost, premium, and coverage are subject to the unique considerations of each individual risk. Customer quotes are based on the information provided to Hiscox, and are subject to required underwriting and rating factors. Until an official customer quote is provided, all communication on this website or advertisement is provided as an example for informational purposes only, and is neither an offer nor a guarantee of available premium or coverage. Any coverage afforded by the products described are subject to and governed by the terms and conditions of each policy issued. This information may not be used to modify any policy that might be issued. Any information provided to assist in understanding the coverage we offer does not modify any insurance policy, nor does it imply that any claim is covered.

    © 2023 Hiscox Inc. All rights reserved. Underwritten by Hiscox Insurance Company Inc., 30 N. LaSalle St., Suite 1760, Chicago, IL 60602. As of December 31, 2021, HICI had admitted assets of $1,250,758,353 and policyholders surplus of $332,792,666. Total liabilities were $917,965,687 (inclusive of $433,752,764 of loss reserves) and paid-up capital stock was $4,242,000.

    icon-facebook
    icon-youtube
    icon-twitter
    icon-linkedin