We had a problem with one of our clients that has a Meraki Firewall. They have two workstations that use port forward to allow the employee to work remotely from home during Covid lockdowns. Neither of the port forwarding setups use the standard ports for RDP. Today a group of Russian hackers got in and installed ransomware on one machine and encrypted all their data files including the NAS Server Drive. We were able to restore backups from the nightly offsite backup that we do on the workstation, but when the NAS drive was put in, the installer didn't bother to let us know that the mapped drive was not on an actual server anymore - the problem was they used almost the same name for the NAS Drive as the old server name.
I know that you can specify which IPs can get in but in this case, the users have Dynamic IPs that change often.
