For starters, don’t use outdated or vulnerable virtual private networking software (VPN) or other edge access tools that are easily attacked. It’s critical to have some sort of process in place to identify security issues in your remote access software and to be prepared, if necessary, to make the hard decision to shut down remote access should a vulnerability be identified for which there is no readily available patch.

Ensure you have methods to communicate such hard decisions and ensure that stakeholders understand why you are pulling the fire alarm and limiting access if needed.

Consider getting rid of SSL or web-based VPN

If you don’t have the ability to manage or maintain remote nodes, at least make sure you are moving to some sort of mechanism to manage and maintain this remote access software. If you only have access to an on-premises patching tool such as Windows Software Update services, you may need to invest in cloud solutions such as third-party patching tools or Intune in order to maintain remote assets.