As remote working is becoming the new normal, hackers are seeing a huge opportunity. This new way of working is necessary of course but also brings a number of IT security concerns. Each remote connection is a new access point that can be exploited.
In order to secure your network, you need to secure the remote use of Active Directory (AD) credentials. Why is that? Well, Active Directory (AD) is used by companies all around the world, including 95 per cent of fortune 1000 companies.
Phishing focused on the most vulnerable
What these hackers are looking for is a set of corporate credentials to be able to access the network. Once they are within the network, they will move laterally in search of sensitive data, or anything valuable that they can exploit. Those attacks are pretty similar to the coronavirus itself, once it happens you may not even know you are infected. The average time to discover a data breach is 191 days, according to the Ponemon Institute.
New phishing email campaigns started emerging with the recent coronavirus outbreak. Like the virus itself, the cyberattacks are targeting the most vulnerable – your employees working from home. Malicious threat actors tempt their victims using public fear. They send links or downloads of safety instructions and infection maps knowing that the urge to click is stronger than ever.
The threat surface is becoming bigger
Poor Active Directory login security can be a high risk for your company. Now that most companies have been forced to move to remote work, the threat surface is even bigger.
Most organisations didn’t have time to prepare. They just had to start working remotely without any preparation, which further increases the risk.
The majority rushed to allow Microsoft remote desktop (RDP) access. The Remote Desktop Protocol (also known as RDP) is used to allow remote access to a computer so remoter workers can access desktop resources without physically being at the office. After logging in, you can control that computer remotely in almost the same way you control your own computer. RDP is very easy to use and widely implemented. It helps prevent the common issues that might arise for employees working remotely, such as not having enough computing power, or not having access to the files and applications they need.
Most companies have given priority to the continuation of operations, leaving little or no attention for IT security.
How do you secure Active Directory connections?
Remote desktop access is a great way to implement remote work but it’s not fully secure. It’s often only protected by a single password which is not enough. If you want to make sure those RDP connections are secure, follow these three recommendations:
- Strengthen passwords
- Use a Virtual Private Network (VPN) for all remote sessions
- Enable two-factor authentication on these remote sessions
It will help you significantly improve the security of your employees working from home.
In order to fully minimise the risks, here is a full list of recommendations written by experts:
- A clear BYOD policy for remote employees: If you can, the best thing to do is to use the device available, secured and managed by your organisation. If you can’t, you have to give clear usage and security recommendations to your employees using personal devices. However, you need to understand that their personal equipment can never have a verifiable level of security (or even may already be compromised by their personal use).
- Ensure external access is secure: The first thing to do is to use a VPN (Virtual Private Network). Secondly, if possible, you should limit the VPN access to only authorised devices if you want to strengthen security even more. Whenever someone tries to connect from an “unauthorised” device, connection should be denied.
- Have a strong password policy in place: For a password to be strong, it must be complex, long enough and unique. To further address the vulnerabilities of passwords, you can enable two-factor authentication on your remote sessions, especially for the logins to the corporate network.
- Implement a strict security updates policy: It’s important that you deploy them on all device as soon as they become available. Malicious threat actors can quickly exploit these vulnerabilities. Failure to update equipment is often the cause of an intrusion into the corporate network.
- Perform backups of data and activities: They’re important for the simple reason that if you are ever victim of a cyberattack, they might be your only chance to recover your data. To make sure they’re working, perform and test them regularly.
- Adopt professional antiviral solutions: Those solutions can protect your organisation from viral attacks, but also from some phishing or ransomware attacks.
- Implement logging of activities: You need to set up logging of all access and activities of your workstations and infrastructure equipment (servers, firewall, proxy…). It might be the only way for you to understand how a cyberattack happened, the extent of it and how to remedy it.
- Follow the activity of external access: You should monitor your remote connections and file and folder access, as it will help you detect an abnormal behaviour which could be a sign of an attack. You should also have real-time alerts and an immediate response in place, to act before damage is done.
- Raise awareness: It is important that you give clear instructions to your employees working remotely on what they can or can’t do. This must be done with pedagogy to ensure their adherence and therefore the effectiveness of the instructions. Users will often constitute the first barrier to avoid/detect cyberattacks.
- Be prepared to suffer a cyberattack: Whatever the size, all companies are at risk of suffering a cyberattack. If you evaluate the possible cyberattack scenarios, you can then determine the measures to take to protect your company.
- Leader’s responsibility: Security is always a constraint that must be accepted in line with the challenges that can prove to be vital for businesses. To ensure employees’ adherence to security policy, manager’s implication and responsibility must be exemplary.
François Amigorena, founder and CEO, IS Decisions