Security misconfigurations can create exploitable issues that can haunt us later. These include development permissions that don’t get changed when something goes live. Laptops that rarely ever connect directly to a company network may go for months without getting updates. VPN systems allow remote workers to access company data safely, but a large number of VPN clients default to an insecure configuration out-of-the-box. Split-tunnel VPN configurations route user traffic over the secure network only when protected systems are being accessed but send all other traffic directly to the Internet.
Source: https://thehackernews.com/2020/12/common-security-misconfigurations-and.html