As Employees Work From Home, Visibility Is the First Step in Securing Your Remote Users
Many organizations have taken precautions by asking their employees to work from home and strictly avoid non-essential travel, due to the rapidly developing COVID-19 scenario. For IAM and IT professionals, this means that they have to enable seamless remote access for the entire organization. For security experts, the move poses a huge risk as hundreds or thousands of employees transition to unsecured private or public networks. Organizations have to strike a balance between quickly enabling remote access, and controlling the suddenly increasing attack surface.
Over the last few days, the World Health Organization (WHO) has issued warnings about scammers disguising themselves as WHO to steal money or sensitive information. Meanwhile, the U.S. Department of Health and Human Services has been the target of cyber attackers that aim to disrupt operations and information flow. The U.K. National Cyber Security Centre (NCSC), the cyber arm of Government Communications Headquarters (GCHQ), revealed a range of attacks being carried out online as hackers seek to exploit COVID-19.
Bad actors and cyber criminals are ramping up their efforts to take advantage of potential vulnerabilities, leaving those with unsecured work-from-home environments or inadequate security posture in the bind. Security researchers believe that this activity will increase over the next few months, along with the increase in remote users.
Working From Home en Masse: Sudden Increase in Need for Remote Access
Many companies have some form of remote management tools for employees who work remotely or travel frequently. However, the challenge IT security teams have to face when thousands of their employees work from home is daunting, since they have to make remote access secure on all of their systems.
Most people have their own laptops, desktops or mobile devices apart from workstations provided by their company, and some rely on these devices to access sensitive applications remotely. These devices with poor security posture pose an additional burden for IT since some don’t have essential anti-virus software to secure themselves from cyber attacks. In addition, securing all remote devices may take time which gives threat actors new opportunities to exploit and gain access to sensitive information by exploiting user credentials.
Getting Employees To Comply, Amid User Resistance
For IT teams, there is not enough time to manage all remote devices, and workers are left to configure their own systems and firewalls to install critical security updates. Attackers target those with poor cyber hygiene – including weak passwords – as they try to remotely login to business-critical applications from home, allowing hackers to gain access to secure data. Security experts today are urging organizations to take steps to fix security risks arising from the suddenly high number of employees that are now working from home.
For some organizations, using company VPN or ensuring strong firewall and password policies, and educating employees, can help mitigate some of these cyber threats. However, for those accessing company assets from home, just being vigilant doesn’t eliminate the potential downside of the negative impact, especially if you’re the target of cyber criminals using sophisticated tools to perpetrate an attack.
Common Challenges and How To Handle Them
Some of the common security risks that organizations moving to remote working conditions face include weak passwords, compromised credentials, and unauthorized remote login locations. Admins might give away too many privileges that are unnecessary for users to do their jobs, over a period of time that nobody now keeps track of. While enabling remote access, some of the areas that an organization should focus on should be:
- Weak Passwords – With a large number of employees now logging in remotely, having insights into weak passwords can help IT security teams proactively mitigate risks by forcing a password change or alerting the analysts
- Failed Logins – Getting insights into failed logins and understanding the reasons for failure can warn teams of a potential attack in progress
- Access Locations – Viewing access locations for all logins, such as application logins, workstation/server, domain, etc., on any network resource, and getting a holistic view of regular and abnormal user locations, including stale users or stealthy admins to the reduce attack surface
To authenticate and secure identities when employees work remotely, Preempt’s Conditional Access solution enables real-time access control and threat prevention to stop attacks before they impact the business. For instance, if there is an unusual attempt to RDP to crown jewel applications, based on behavior analytics, Preempt can immediately respond with adaptive policy-based responses – either block or trigger an MFA if already integrated with an MFA vendor. This helps in defending against attacks by validating the threat and preventing the attacker from gaining a foothold and accessing sensitive data.
With thousands of employees across many organizations transitioning to the new remote working model, this could very well become the new normal.
Download this white paper to know more about why it is important to visualize, monitor and secure your remote users.
Posted by Narendran Vaideeswaran on March 20, 2020 10:34 PM