By David Higgins, Senior Director, Field Technology Office at CyberArk who looks at Workstations and the best way to secure them.
Hybrid employees still 42% of “remote capable” workers
As the world of hybrid work becomes our new normal, companies globally have widely accepted that location doesn’t impact the productivity and potential of their employees. According to Gallup, 42% of ‘remote-capable’ employees continue to work in a hybrid fashion today.
Let’s unpack the term ‘remote-capable’ a bit further. To you, it may mean someone who is able to do their job anywhere. To me, it means someone who is able to do this securely. Security though, has become more difficult in the hybrid world.
6 Ways to Secure Remote Employee Workstations
Hybrid working has put employees and their workstations far beyond the ‘walls’ of traditional corporate networks. This has made workstations incredibly easy endpoint targets for attackers, and one of the simplest places for hackers to hijack identities, conduct ransomware attacks, use privileged credentials, advance toward key IT systems, and steal private information.
During an attack – usually by the time incident response specialists are called in – the environment has already become overrun by threat actors. There is, though, a way to harden endpoints in such a way that recovery efforts are accelerated. It has been discovered time and time again that organisations can speed up their recovery efforts by putting the following fundamental Identity Security rules in place at the endpoint. These safeguards include:
Creating policies for application control: The endpoint must be able to defend against ransomware and other attacks in addition to being able to allow and deny known applications. To lessen the risk of ransomware, organisations must be able to; “greylist” apps, such as sandboxing an unidentified application and allowing it to run without access to the internet; and implement advanced control policies so workers can use trusted applications safely.
Secure Local admin Accounts: Administrator accounts are used to install and update workstation software, set up system preferences, and manage user accounts. Attackers target these privileged accounts to run ransomware and other malicious software, disable antivirus software, and block disaster recovery tools. The quickest and most straightforward method for securing employee workstations is to move local admin powers away from normal users and into a secure digital vault with credential rotation. Doing sosignificantly reduces an adversary’s ability to move through a network while also lessening the effects of unintended (but unavoidable) employee mistakes, such as clicking on phishing links.
Remove Admin Rights and Enforce least privilege: Employees frequently have a valid reason to carry out an action requiring administrative privileges. Just-in-time privileged access enables employees to carry out certain tasks in accordance with policy, at the appropriate time, and for the appropriate cause, without end-user or help-desk interaction or without the user having to be given local administrative rights, that could be abused by an attacker.
Keeping cached credentials secure: The greatest risk to organisations today is credential theft. Credentials can be saved in memory by many common business apps, and many web browsers and password managers store application and website credentials locally. An essential endpoint security layer is the capability to automatically detect and deny credential harvesting attempts. This is because threat actors can frequently get cached credentials without ever requiring admin capabilities.
Setting up traps: While we’re on the subject of detection, endpoint protection technologies that supportprivilege deception functionality, such as the capability to generate phoney “honeypot” privileged accounts, can help identify potential attackers right away.
Tracking privileged activities: Attackers frequently sneak up on targets while they test defences. By proactively monitoring privileged workstation activity, organisations can automatically detect and stop adversaries before they move laterally, elevate privileges, or do significant harm. Complete logs of privileged workstation activity are also essential for speeding up forensic investigations and compliance audits.
Too often, inadequately protected employee workstations end up being the perfect vulnerability for attackers to exploit. Businesses that want to strengthen security against ransomware and other harmful assaults need to act right away to protect these endpoints, before they fall victim to a breach – this is where the aforementioned safeguards can help.
Heeding this advice – adhering to key risk mitigation steps, separating workstations from services, and embracing a layered defence-in-depth strategy – will assist organisations to better isolate attacker activity, reduce impact, regain control of their environments, and restore trust quickly and effectively should they fall foul to attackers exploiting their endpoints.