Remote working has been rapidly increasing due to the current situation. This is a golden opportunity for threat actors. Each remote connection to the network creates a new access point that hackers can exploit.
Active Directory (AD) is the most popular identity and access platform and is used by organizations all around the world. 95% of fortune 1000 companies use AD. Knowing that, the best approach to secure your remote workers is to secure the remote use of these AD credentials.
A flood of phishing targeting the most vulnerable
New phishing email campaigns have emerged with the recent coronavirus outbreak. Like the epidemic itself, the attackers are focusing on the most vulnerable – your new remote users. They’re using public fear to lure their victims with URLs or document downloads of safety recommendations and infection maps. The probability of employees clicking on a link or opening an attachment is higher than ever, and they know that.
If hackers are able to compromise a set of credentials, they can then move laterally within your network until they find something valuable they can exploit. Similar to the coronavirus itself, you might not even know you’ve been infected. The Ponemon Institute says the average data breach discovery time is 191 days.
The threat surface is bigger than ever
Generally, and especially right now, an insufficient protection of Active Directory logins can put your business at high risk. Since most organizations have recently been forced to work from home, the threat surface is bigger than ever.
The majority of companies didn’t even have time to prepare for what happened and for remote working which makes the risk even higher. Most of them just rushed to allow Microsoft remote desktop (RDP) access so that employees would be able to access desktop resources without being physically at work.
The continuation of operations has been the priority, which left very little attention for cybersecurity.
Active Directory login security
The problem with remote desktop access is that it’s not really secure since it’s only protected by a single password. To ensure those connections are secure, here are three recommendations:
Use a Virtual Private Network (VPN) for all remote sessions
Enable two-factor authentication on these remote sessions
This will significantly improve the security of your remote users.
For better security, here is a list of recommendations written by experts to help you fully minimize the risk:
Clear equipment policy for remote users: Use the equipment available, secured and controlled by your company when it’s possible. If this is not an option, give clear usage and security instructions to your remote workers.
Ensure external access security: Use a VPN (Virtual Private Network). If you can limit VPN access to only authorized devices it’s a great way to strengthen your security. If anyone tries to connect from an “unauthorized” device, login must be denied.
Strong password policy: To ensure security, a password must be long enough, complex and unique. To address passwords’ vulnerabilities, enable two-factor authentication on your RDP sessions, especially for connections to the corporate network.
Strict security update policy: Deploy on all device as soon as it’s available. Threat actors can quickly exploit those vulnerabilities.
Backup of data and activities: If you get attacked, it might be the only way for your organization to recover its data. Perform backups regularly and test them to make sure they are working.
Install professional antiviral solutions: They protect your company from common viral attacks, but also sometimes from phishing, or from some ransomware.
Log activity: Systematic logging of all access and activities of your workstations and equipment helps understand a cyber-attack, the extent of it and how to remedy it.
Monitor the activity of external access: Monitoring your remote sessions and file and folder access can help you detect a suspicious behavior which could be the sign of an attack. Having real-time alerts and immediate response in place allows you to act before damage is done.
Raise users’ awareness: Make sure to give clear guidance on what remote users can or cannot do. They are often the first barrier in avoiding/detecting attacks.
Get ready to be attacked: Whatever its size, no business is fully protected against cyber-attacks. When you assess the possible scenarios of a cyber-attack, you can then anticipate the measures to take to protect your business.
Manager’s implication: Managers must be involved and responsible when it comes to security procedure in order to ensure employees’ adhesion.