Allowing employees to work from anywhere has many advantages, but it also comes with risks that businesses to need to protect themselves against. Data security being one of of those risks. Data breaches, identity fraud, and a list of other consequences can come from working remotely. Businesses need to think beyond crisis management and prepare for long-term, growth-oriented remote work with clear and comprehensive policies along with the software and tools to ensure the safety and integrity of company data.
CISA (Cybersecurity & Infrastructure Security Agency) along with other cybersecurity authorities from the United States and countries across the globe coauthored an advisory that identifies commonly exploited controls and practices along with the best practices to incorporate to help mitigate an initial access security breach.
10 Items Hackers Exploit
- Multifactor authentication (MFA) is not enforced. MFA, particularly for remote desktop access, can help prevent account takeovers.
- Incorrectly applied privileges or permissions and errors within access control lists. These mistakes can prevent the enforcement of access control rules and could allow unauthorized users or system processes to be granted access to objects.
- Software is not up to date. This is one of the most commonly found poor security practices and probably the easiest to implement.
- Use of vendor-supplied default configurations or default login usernames and passwords. These default credentials are not secure and may be physically labeled on the device or even readily available on the internet. Leaving these credentials unchanged creates opportunities for malicious activity, including gaining unauthorized access to information and installing malicious software. Network defenders should also be aware that the same considerations apply for extra software options, which may come with preconfigured default settings.
- Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorized access. Network defenders can reduce the risk of remote service compromise by adding access control mechanisms, such as enforcing MFA, implementing a boundary firewall in front of a VPN, and leveraging intrusion detection system/intrusion prevention system sensors to detect anomalous network activity.
- Strong password policies are not implemented. Malicious cyber actors can use a myriad of methods to exploit weak, leaked, or compromised passwords and gain unauthorized access to a victim system.
- Cloud services are unprotected. Misconfigured cloud services are common targets for cyber actors. Poor configurations can allow for sensitive data theft and even cryptojacking.
- Open ports and misconfigured services are exposed to the internet. This is one of the most common vulnerability findings. Cyber actors use scanning tools to detect open ports and often use them as an initial attack vector.
- Failure to detect or block phishing attempts. Initial infection can occur in a variety of ways, such as when a user opens or clicks a malicious download link, PDF, or macro-enabled Microsoft Word document included in phishing emails.
- Poor endpoint detection and response. Cyber actors use obfuscated malicious scripts and PowerShell attacks to bypass endpoint security controls and launch attacks on target devices. These techniques can be difficult to detect and protect against.
Best Mitigation Practices
- Adopt a zero-trust security model.
- Limit the ability of a local administrator account.
- Control who has access to your data and services.
- Harden conditional access policies.
- Verify that all machines, including cloud-based virtual machine instances do not have open RDP ports.
Implement Credential Hardening
- Implement Multifactor Authentication.
- Change or disable vendor-supplied default usernames and passwords.
- Set up monitoring to detect the use of compromised credentials on your systems.
Establish Centralized Log Management
- Ensure that each application and system generates sufficient log information.
Employ Antivirus Programs
- Deploy an anti-malware solution on workstations to prevent spyware, adware, and malware as part of the operating system security baseline.
- Monitor antivirus scan results on a routine basis.
Employ Detection Tools and Search for Vulnerabilities
- Implement endpoint and detection response tools.
- Employ an intrusion detection system or intrusion prevention system.
- Conduct penetration testing to identify misconfigurations.
- Conduct vulnerability scanning to detect and address application vulnerabilities.
- Use cloud service provider tools to detect overshared cloud storage and monitor for abnormal accesses.
Maintain Rigorous Configuration Management Programs
- Always operate services exposed on internet-accessible hosts with secure configurations.
Initiate a Software and Patch Management Program
- Implement asset and patch management processes
By implementing the above practices businesses can help to strengthen their network defenses against hackers that capitalize on common weak security controls and practices.
REACH continues to stay on the forefront of communications technology and works with you to evaluate your needs, provide and explain the solution that best fits those needs and can assist you in choosing and managing the best carrier to solve your work-from-anywhere challenges. We can help you with a cyber security risk assessment, develop a cyber security strategy and provide cyber security solutions to help keep your data safe. Connect with us today by calling Valerie at 715-330-4200 or filling out our contact form.