Security firm CyberArk has conducted a study on the protection of privileged accounts. Such accounts have increased access to corporate networks and are therefore very important to control.
According to CyberArk, privileged accounts play an important role in almost all major data leaks. Especially with the shift to remote working, major security gaps appear to have appeared. That is why CyberArk presents a number of best practices to ensure that attackers cannot abuse privileged accounts.
CyberArk insists on the principle of strong authentication. The company recommends checking each account’s rights and at least enabling multi-factor authentication for accounts with elevated access rights. It is important to choose a technique that is appropriate for the way employees work. Various options include keys, tokens, push notifications, texts and biometrics.
Deploying a VPN
The use of a VPN is not always the most secure approach for companies. According to CyberArk, if a VPN is not implemented properly, an attacker can actually take advantage of this by breaking into the VPN. If the attackers manage to take over an account with elevated access, they immediately have free access to the entire company network.
One gap in the security of corporate networks with a VPN is that other members of a household are often also allowed to use the work computer. Sometimes, the home router is set up to connect to the company VPN, allowing all devices to access the work network. This makes the attack surface much larger for a potential attacker. After all, there are multiple devices that can potentially be broken into.
Isolate connection sessions
CyberArk also stresses that logging into systems and applications should be as simple as possible. Remote desktop connection managers are an option for this, but they also create blind spots for security departments. To maintain visibility and minimise risk, the company therefore recommends isolating, monitoring and recording each connection session. This should prevent end-user irritation and give security teams the information they need to maintain a complete audit trail.
Renske Galema, regional director of CyberArk: “In addition to these best practices, we also need to support administrators wherever possible. Working from home creates a different work rhythm than 9-5. To prevent people from being in an ‘always on’ mode, it is wise to work with push notifications and offer administrators the possibility to receive direct requests on their smartphones. End users are helped quickly, while administrators are given more flexibility. It’s about finding the balance between security and business agility.”
CyberArk is an American security company that focuses on the security of privileged accounts. This is a branch of user management that focuses primarily on keeping accounts with higher access rights secure.