Working from home used to seem something of a luxury, reserved for those whose work might not rely on customer interaction or face to face meetings. But since April of this year, the number of people working from home has dramatically increased, due to the risks associated with COVID-19. This trend has spanned most major sectors of the industry—education, healthcare, public works, finance—and it’s happened fast—maybe too fast.
The Adjustment Period
People want to keep working, and businesses want to keep trading; so, as we all moved indoors, and frantically rearranged our living room to have an appropriate video conferencing background, the priority was to continue operations as usual. Unfortunately, the urgency to keep things moving meant that cybersecurity around employees working from home was thoroughly neglected.
Every time an employee connects to a corporate network from home, it’s a new access point that can be targeted by bad actors. Most people working at home—many of whom who will be doing so for the foreseeable future—are still adjusting to their new set up. Employees may need to access files, accounts, and applications, and Windows for Active Directory (AD) is still the most commonly used platform for doing so.
However, Active Directory offers inadequate protection even within normally-functioning businesses; as companies and schools were forced to transition to at-home systems, they rushed to allow Remote Desktop (RDP) access. Remote desktop access allows employees to tap into resources they need, without having to be on-site, at a specific computer. Again, the need for business to continue as usual overtook the pressing need for cybersecurity.
The single best thing companies and individuals could do to improve security would be to protect the remote use of their Active Directory credentials.
The other threat that is thriving in the new COVID-world is a new onslaught of Phishing emails, many related to the coronavirus itself, or exploiting the reactions in some way. Bad actors are, as per usual, interested in targeting the most vulnerable: and now they have a population of newly-remote workers to focus on. Especially in a time of psychological vulnerability, the temptation to click-and-connect is intense; employees who are working at home alone, day after day, are yearning for distraction and are more likely to click a bad link.
By targeting remote desktop access points with weak security systems, bad actors/hackers can steal employee credentials. This is much more dangerous than it might sound to people who are merely accessing personal files, or low-security applications, to begin with. But attackers want to then escalate privileges, and move laterally within a corporate or scholastic network, looking for any data of value.
It’s also highly likely that if an individual has been hacked, or a whole system breached, no one will know about it. It often will take over six months for a company to even discover data breach – saying nothing about how long it might take to contain.
So, how can a business protect itself?
The most important thing a company could do is protect remote AD login credentials. While strong user passwords, the use of Virtual Private Networks (VPNs), and enabling multifactor authentication are the basic guidelines for security, most businesses are out of time, and employees have already been working from home for a few months.
4 tips to reduce the risk, right now:
Enzoic tools are the most efficient way to up system-wide credential security.
Enzoic for Active Directory enables password policy enforcement and daily exposed password screening to secure passwords in AD. With a fully automated compromised password detection, custom password dictionary, blocking of username derivatives, fuzzy matching with common character substitutions, and continuous ongoing monitoring, enterprises can easily adopt NIST password requirements and eliminate vulnerable passwords.
Our threat researchers continuously scour the public Internet and Dark Web to find credential leaks and immediately report details on any compromised username for a business’s customers, employees or partners. An enterprise can subscribe by domain or named account and receive exposure alerts about compromised accounts.
By: Bronwen Hudson