Protecting Active Directory logins for remote working | IS Decisions
The boom in working from home has become a bonanza for cyber attackers. Each time an employee connects to the corporate network from their home they create an access point that can often be exploited. With Windows Active Directory (AD) still being the core identity and access platform for businesses around the world, the single best thing you can do to improve security is to protect the remote use of these Active Directory credentials.
Phishing the most vulnerable
According to the Cyber Threat Alliance, there is a flood of new phishing emails devoted to the coronavirus. And like COVID-19 itself, the hackers are now interested in the most vulnerable, your new remote workers. Phishing doesn’t attack Active Directory directly but it takes advantage of the employee’s desire to click a link. As your employees are self-isolating and feeling uncertain, the desire to click and connect has never been stronger!
By looking to steal employee credentials, attackers want to then escalate privileges and move laterally within your network, looking for systems, applications and data of value that they can exploit. And what’s more, like coronavirus, you might not even know you are infected. According to the Ponemon Institute, the average time taken to discover a breach is 191 days.
The threat surface has rapidly expanded
In the best of times, the often inadequate protection of Active Directory logins puts businesses at significant cyber risk. And now, as the majority of business shift to working from home, this threat surface has rapidly expanded.
The risk is all the greater since we’ve all had to rapidly migrate to home working without the time to prepare. It has forced some companies to rush to allow Microsoft remote desktop (RDP) access.
Remote desktop access allows employees to access desktop resources that they need, without having to be on premise. This helps prevent the common issues that might arise for remote workers, such as not having enough computing power, or not having access to the files and applications they need.
Learn More about IS Decisions
Two-Factor authentication on Active Directory logins is a security enhancement that asks employees to present two pieces of evidence when logging into an account. UserLock makes this easy by working closely alongside Active Directory to offer 2FA and full access management on all Windows logins and RDP connections. It can be added to all remote access requests and involves the employee using either an application authenticator or token as their second factor.