By François Amigorena, CEO and founder, IS Decisions
Organizations across the world have seen their way of working changed from face to face to remote working. This big change is a golden opportunity for hackers. So many new remote connections mean so many access points that they can exploit.
Active Directory (AD) is used by organizations all around the world. In fact, 95% of fortune 1000 companies use AD. Knowing that the best way to achieve security for your remote users is to ensure the remote use of these AD credentials is secure.
Targeting the most vulnerable
New phishing email campaigns have surfaced with the coronavirus outbreak. Like the illness itself, the attacks are focused on the most vulnerable – your new remote employees. Attackers are using public fear to tempt their victims with links or downloads of safety instructions and infection maps. The likelihood that employees will click on a link or open an attachment is higher than ever.
Their objective is to be able to compromise corporate credentials so that they can access the network and start moving laterally to look for anything valuable to exploit. The problem is that, like with the coronavirus, you may not even know you have been infected. The average discovery time for a data breach is 191 days, according to the Ponemon Institute.
A threat surface bigger than ever
Generally speaking, insufficient security of Active Directory logins can be a high risk for your company. Now that most companies have recently moved to remote work, this threat surface is bigger than ever.
Most companies didn’t have any time to prepare for remote working which increases the risk even more. They just rushed to allow Microsoft remote desktop (RDP) access so that their users would be able to access work resources without being physically at the office.
Understandably enough, most companies have prioritized the continuation of operations, leaving little attention for IT security.
Securing Active Directory logins
Remote desktop access is a great way to implement remote working but it’s not fully secure. It is often only protected by a single password. To make sure those remote connections are better secured, here are three recommendations:
- Strengthen passwords
- Use a Virtual Private Network (VPN) for all remote sessions
- Enable two-factor authentication on these remote sessions
With this, you will significantly improve the security of your employees working remotely.
In order to fully minimize the risks, here is a list of recommendations written by experts:
- Clear device policy for remote users: Use the device available, secured, and managed by your organization whenever it’s possible. If it’s not possible, give clear usage and security rules to your employees working from home equipment.
- Make sure external access is secure: First, use a VPN (Virtual Private Network). Then, if possible, you should limit VPN access to only authorized machines to strengthen security. If a person tries to log in from an “unauthorized” machine, login should be denied.
- Strong password policy: All passwords must be complex, long enough, and unique. To address the vulnerabilities of passwords, you need to enable two-factor authentication on your remote connections, especially for the ones to the corporate network.
- Security updates policy: It needs to be strict. You have to deploy them on all devices as soon as they’re available. External threat actors can quickly exploit such vulnerabilities.
- Backup of data and activities: If you are a victim of a cyber-attack, backups might be your only chance to recover your data. Perform and test them regularly to ensure they work.
- Use professional antiviral solutions: They can keep your company safe from viral attacks, but also sometimes from phishing and ransomware.
- Log activity: Logging of all access and activities of your workstations and devices will help you understand a cyber-attack and how to remedy it.
- Monitor the activity of external access: Monitoring your remote connections and shared file and folder access will help you detect an unusual behavior which could be a sign of an attack. If you can have real-time alerts and immediate response in place, you can act before damage is done.
- Users’ awareness: It is important to give clear rules to your remote users on what they can or can’t do. They often constitute the first barrier in avoiding/detecting attacks.
- Get ready to suffer a cyber-attack: Whatever your size, you’re not fully protected against cyber-attacks, no business is. By evaluating the possible cyber-attack scenarios, you can estimate the measures to take to secure your company.
- The Manager’s responsibility: Managers’ involvement and responsibility must be exemplary when it comes to security policy to make employees adhere to it.
About the Author
François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues.
IS Decisions software makes it easy to protect against unauthorized access to networks and the sensitive files within.
Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies, and save time and money for the IT department.