Written by Denis Kayes, Head of Hybrid Infrastructure & Security
Cyberattacks have been on the rise and, considering recent events, the focus on essential security of your organisation becomes imperative. Therefore, it is vital to ensure that the security posture of your organisation has you in the best, most prepared position in case the organisation is targeted. All it takes is one compromised credential or legacy application to cause a data breach and affect even the most risk-averse of companies.
The importance of password security and authentication across organisations has become evident. Whilst there is a variety of solutions available to protect your networks, applications, and data, there are a few things that you can do for your organisation – regardless of size and sector – to protect from a potential attack.
Where and how might you be targeted?
Protect yourself from the following ‘pain points’, where your company and its data may be compromised.
A classic form of a breach and cyberattack is whereby the attacker gains access to a corporate email account – through phishing or spoofing techniques by “convincing” people to input their login details – and uses it to steal data, or other types of compromise. Often, this is an easier point of attack for those with just a User ID and a password.
Applications that use old, basic protocols – like Simple Mail Transfer Protocol (SMTP) – can increase vulnerability since they are not designed to use modern security technologies like Multi-Factor Authentication (MFA). Despite having MFA enabled, applications that use legacy protocols are still vulnerable to attack as a result of outdated browsers or email applications which require less secure methods of access.
By using the same password across various accounts, once the breach has occurred in one area, you may be at risk of other accounts being taken over. Therefore, if a member of staff has a password that they use across a range of personal accounts, and is also the same as their corporate account, a compromise of one will provide access to all. It is commonly misconstrued that whilst one password is complex and secure (including a mix of letters, numbers, and symbols) that it is secure enough to be used across all accounts. However, as mentioned earlier, access to one gains access to all in this regard.
Naturally, cyber risks fluctuate depending on the day-to-day environment within the space. Whilst an organisation can do little to influence the level of threat that may be coming for them, it is crucial that steps are taken to protect against and reduce vulnerability to attacks.
What can you do to minimise risk?
Elevating your basic account and security hygiene is a great first step. One can do that by going through your list of administrators, preventing the use of ‘bad’ passwords (through Azure AD policy for example), blocking legacy authentication and providing training to spread awareness of common phishing attacks.
Another place to start is by enabling Multi-Factor Authentication (MFA). The extra layer of protection acts as an added barrier to gaining access to an account. Even if the user shares their credentials during a successful phishing attack, since the user will be challenged to enter a code, respond to a text, or approve via an app or device that they have in their possession, the attacker will fail to gain an access to data.
Depending on your organisation’s choice of MFA technology and the level of licensing that they have in place, services such as MFA can be used in conjunction with Risk-Based Conditional Access (RBCA) – a feature included within Azure Active Directory.
Risk-Based Conditional Access looks at several different risk factors to determine what and how to allow a user to gain access to resources. In the MFA example, RBCA can be configured to bypass MFA when users are on a corporate device and in the office but enforce MFA whenever users are remote or on a non-corporate or non-encrypted device.
One can continue by following recommendations provided by the National Cyber Security Centre:
- Checking system patching – both on devices and third-party software, in addition to firmware on the devices.
- Verify access controls – ensure that users’ passwords are unique to the business systems and change any that aren’t immediately. Enable MFA and review and remove any old, or unrecognised accounts.
- Antivirus software – ensure that it is installed and active on all systems and that firewalls are working as expected.
- Monitor logs and backups – know where your logs are stored and for how long, where possible keep them for at least one month. Additionally, perform test backups and check that there is an offline copy of your backup that is always kept recent enough in the event of a cyberattack.
- Incident plan – similarly, check that the incident response plan is up to date, as well as escalation routes and contact details.
- Monitor third-party access – understand the level that third parties have to your systems, and who has them. Remove access that is no longer required.
- Training – make sure that your staff and the company’s user base is aware of phishing emails and how to report them should any come to their inbox.
Want to learn more about Multi-Factor Authentication? Read more from our CTO Rob Quickenden as he evaluated SC Magazine report from Proofpoint researchers who studied hundreds of thousands of unauthorised logins. Click here to read the summary.
For more information on how Cisilion can help your company stay protected against cyberattacks, register below for our Security workshops, or naturally get in touch using the contact us form.
Aspects of this article include content from Melanie Maynes, Microsoft Security