Security Alert: If Your Work Uses Fortinet VPN, Ask Your IT Team About This Issue

CISA, the federal agency that protects computer networks, has warned about a widespread problem affecting business security devices made by Fortinet. Hackers have obtained login credentials (usernames and passwords) for approximately 74,000 devices, including VPN gateways that many people use to connect to their work networks from home. This problem is being called FortiBleed. Both government agencies and private companies are affected. This mainly affects people who connect to their workplace remotely using a VPN (virtual private network). If your employer uses Fortinet devices for remote access, the credentials you use to log in from home may have been compromised.

Hackers could potentially use these stolen credentials to access your company's network and the information stored there. If you work from home and use a VPN to connect to your office network, here is what to do right now:

1. Contact your IT department or help desk immediately and ask if your company uses Fortinet devices.
2. If they do, ask whether you need to change your VPN password or take any other security steps.
3. Watch for any unusual emails claiming to be from your IT department. When in doubt, call them directly using a known phone number, not one from the email.
4. Do not click links in emails about security updates unless you have verified them with your IT team first. For ongoing protection, make it a habit to use strong, unique passwords for your work accounts. Enable two-factor authentication whenever your company offers it. This adds an extra security step beyond just your password. Stay alert to messages from your IT department about security updates, and follow their instructions promptly. If something seems suspicious about your work computer or network connection, report it to your IT team immediately rather than ignoring it.