Remote work is exponentially growing as companies respond to the COVID-19 pandemic. Although the increase in remote work has shifted attacker’s focus on Virtual Private Networks (VPNs) and cloud services, passwords are one of the top weaknesses exploited to compromise systems. As a result, the implementation of credential security mechanisms is critical to preventing user enumeration.
Password management is an essential first step to thwart password attacks. Cybersecurity experts recommend the use of strong, unique, and frequently changed passwords. Strong passwords are at least 15 characters long and contain a combination of uppercase and lowercase letters, numbers, and symbols. Unique passwords are used with only one user account, preventing a malicious threat actor from reusing an exposed password to gain access to additional user accounts. Rather than relying on each remote user to securely store and practice strong passwords, utilizing machine-generated strings with a password management tool is recommended.
There are a few additional security practices to take into consideration to ensure company data is safe and secure when accessed remotely. First, remote users use a variety of devices and physical locations to access company resources. Consequently, password spraying attacks can go undetected. One solution to this vulnerability includes adding a blacklist check to password security. In other words, defenders can proactively identify all weak and leaked passwords currently in use. Secondly, multi-factor authentication neutralizes the risks involved with compromised passwords by enforcing access requirements of two or more pieces of evidence, such as a one-time password (OTP) or biometrics. Lastly, all user devices used to remotely access a companies’ network and data should be protected by a solid security product to verify the devices are not compromised by malware.
Technology has allowed an abundance of remote work to occur in response to the current pandemic. Investing in data security and password management solutions is a must to protect your organization’s digital assets.
References: