* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Five Remote Access Securi...

# Five Remote Access Security Risks And How To Protect Against Them

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F04%2Fcortex-remote-access-security-risks%2F)  
[](https://twitter.com/share?text=Five+Remote+Access+Security+Risks+And+How+To+Protect+Against+Them&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F04%2Fcortex-remote-access-security-risks%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F04%2Fcortex-remote-access-security-risks%2F&title=Five+Remote+Access+Security+Risks+And+How+To+Protect+Against+Them&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/04/cortex-remote-access-security-risks/&ts=markdown)  
\[\](mailto:?subject=Five Remote Access Security Risks And How To Protect Against Them)  
Link copied  
By [Kasey Cross](https://www.paloaltonetworks.com/blog/author/kasey-cross/?ts=markdown "Posts by Kasey Cross")  
Apr 20, 2020  
6 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[NGFW](https://www.paloaltonetworks.com/blog/tag/ngfw/?ts=markdown)  
[Prisma Access](https://www.paloaltonetworks.com/blog/tag/prisma-access/?ts=markdown)  
[remote access](https://www.paloaltonetworks.com/blog/tag/remote-access/?ts=markdown)  
[URL filtering](https://www.paloaltonetworks.com/blog/tag/url-filtering/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)

COVID-19 has upended our way of life, and in doing so, has unleashed a Pandora's box of new cyber threats. Security teams not only face the universal challenges imposed by this crisis, but must also overcome unique obstacles such as protecting a newly remote workforce and stopping pernicious attacks targeting remote users. Here are five top security risks that teams must deal with, as well as technology and user education best practices to keep users and data safe:

1. Weak remote access policies

------------------------------

Once attackers get access to a virtual private network (VPN), they can often penetrate the rest of the network like a hot knife through butter. Historically, many companies deployed VPNs primarily for technical people needing access to critical technology assets. Not so much the case anymore -- VPNs are often encouraged for all users as a more secure connection than home or public networks. The problem is that many legacy firewall rules enable access to practically everything in the network. [We've shared examples of this type of vulnerability being exploited by disgruntled former employees](https://www.paloaltonetworks.com/blog/2019/12/cortex-busted-by-xdr/), and it can just as easily be exploited by attackers.

**Recommendation:** It's critical that companies enforce access based on user identity, allowing specific groups access to only what they need to get their jobs done, and expanding access from there on an as-needed basis. You can also reduce an attacker's ability to move laterally through the network with network segmentation and Layer 7 access control, patching internal servers and clients and leveraging advanced threat prevention capabilities and antivirus to block exploitation attempts. These Zero Trust principles can help limit your exposure.

**Resources:** Learn the [5 Steps to Zero Trust](https://start.paloaltonetworks.com/5-steps-to-zero-trust.html) and extend this methodology to your remote access policies.

2. A deluge of new devices to protect

-------------------------------------

Global "stay at home" policies have forced many organizations to purchase and ship new laptops and other devices to their newly remote workforce. Some organizations are allowing employees to temporarily use personal home devices for business purposes. This surge in new devices presents unique challenges for security teams. Teams must ensure that these devices are protected against malware and viruses. With a geographically distributed workforce, they need to make sure they can install, manage and support security products remotely.

**Recommendation** : If you haven't done so already, start by extending endpoint security -- both endpoint protection as well as detection and response capabilities -- to all of your remote users. Consider endpoint and network security solutions that are designed for geographically distributed workforces, such as cloud-native approaches. These solutions should block endpoint threats such as malware, exploits and fileless attacks, but also detect risky behavior, such as employees using unauthorized desktop sharing applications at home. Limit corporate network access to only trusted devices (e.g., those who meet defined criteria through host information profiles).

**Resources:** Find out how [Cortex XDR](https://www.paloaltonetworks.com/cortex/endpoint-protection) provides the best protection available against endpoint attacks, and see how [Prisma Access](https://www.paloaltonetworks.com/prisma/access) extends network protection to remote devices.

3. Lack of visibility into remote user activity

-----------------------------------------------

With the sudden explosion in remote workers, security teams must monitor a new host of endpoint devices for malware, fileless attacks and a flurry of threats targeting remote users. However, many security teams lack visibility into remote user activity and into east-west traffic inside the network, so they can't detect advanced threats from remote users or identify an attacker jumping from a compromised user's machine to hosts inside the network. [Security analysts -- like the rest of the workforce -- are often also working from home](https://www.paloaltonetworks.com/blog/2020/03/cortex-remote-soc/), which exacerbates existing SecOps challenges such as managing siloed detection and response tools and pivoting from console to console to investigate threats. This combination of problems makes it easier for adversaries to slip under the radar and carry out their attacks.

**Recommendation:** Rather than invest in point solutions, consider security platforms that maximize integration between systems, limiting the amount of switching between tools and providing visibility into all data -- including remote user activity. [Extended detection and response (XDR)](https://www.paloaltonetworks.com/blog/2019/12/cortex-what-is-xdr/) not only protects endpoints, but also applies analytics across all your data to find threats like unusual access or lateral movement, and simplifies investigations by stitching together data and identifying the root cause.

**Resources:** Find out how [Cortex XDR](https://www.paloaltonetworks.com/resources/whitepapers/cortex-xdr) can detect and stop attacks involving remote users by integrating with [Prisma Access](https://www.paloaltonetworks.com/prisma/access), [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall) and third-party security products.

4. Users mixing home and business passwords

-------------------------------------------

Users have a bad habit of reusing passwords over and over again. They are either unaware or negligent of the risk that one site gets hacked, their password gets published somewhere like pastebin.com, and boom -- attackers now have access to all of their accounts, including their corporate ones. With a remote workforce, this problem becomes exacerbated by employees using personal devices and networks with much lower standards of security than their corporate-controlled alternatives, making it easy for attackers to access company data.

**Recommendation** : If some on-premises network and email security mechanisms are no longer available, security teams should double down on educating users to identify phishing attempts and to choose strong, unique passwords, encouraging the use of a password manager. They should also implement client certificates and multi-factor authentication in order to prevent attackers from gaining access through unsecured devices.

**Resources:** Learn how [security profiles](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-profiles) in Next-Generation Firewalls and Prisma Access can help you enforce multi-factor authentication and block network-borne attacks. See how [User-ID](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id.html) and credential theft prevention can stop workers from using corporate passwords in non-corporate websites.

5. Opportunistic phishing attempts

----------------------------------

Phishing is still the number one way to gain access to corporate networks. A global pandemic provides the perfect conditions for phishing, as adversaries often use fear, urgency and panic as tools to pressure people into clicking malicious links. [Coronavirus-based spam](https://unit42.paloaltonetworks.com/covid19-cyber-threats/) is now being used as a lure and the over-communication and panic will cause some users to click practically anything.

**Recommendation** : Again -- [user education is paramount](https://www.paloaltonetworks.com/blog/2020/04/network-working-from-home/)! Make sure everyone in your company knows how to identify and report suspicious links and emails, and that they are being extra cautious during this time both with their business accounts and any personal accounts that they may be accessing on their work computers. Make sure your email security is up-to-date and that your endpoints are protected to help prevent and detect malware.

**Resources:** Learn how the cloud-delivered [WildFire® malware analysis service](https://www.paloaltonetworks.com/products/secure-the-network/wildfire) -- which is built into Cortex XDR and many other Palo Alto Networks products -- aggregates data and threat intelligence from the industry's largest global community to automatically identify and stop threats. Additionally, [URL Filtering](https://www.paloaltonetworks.com/products/threat-detection-and-prevention/web-security) blocks access to malicious sites to help prevent phishing attacks.

Learn more about how Palo Alto Networks can help you [secure and protect your remote workforce](https://www.paloaltonetworks.com/secure-remote-workforces).

*** ** * ** ***

## Related Blogs

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Best Practices for Video Conferencing Security](https://www2.paloaltonetworks.com/blog/2020/04/network-video-conferencing-security/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Call for Papers for Ignite 2020: Share Your Cybersecurity Expertise](https://www2.paloaltonetworks.com/blog/2020/08/call-for-papers-ignite-2020/)

### [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Build Endpoint Security into Your Zero Trust Strategy](https://www2.paloaltonetworks.com/blog/2020/06/cortex-build-endpoint-security/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Achieving End-to-End Zero Trust](https://www2.paloaltonetworks.com/blog/2020/05/network-end-to-end-zero-trust/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### How DNS Security Helps Secure Your Remote Workforce](https://www2.paloaltonetworks.com/blog/2020/04/network-dns-security/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Bringing Zero Trust SASE to Your Doorstep with SASE Private Location](https://www2.paloaltonetworks.com/blog/sase/bringing-zero-trust-sase-to-your-doorstep-with-sase-private-location/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language