Hackers are using lax passwords to gain access to sensitive corporate data in brute force attacks. Follow these steps to keep your privileged accounts secure.
Earlier this year, Citrix Systems had its network compromised — and sensitive documents downloaded — by a foreign-linked hacking group.
The hackers reportedly used a brute-force method known as “password spraying” to gain access for as long as a decade, authorities note. During that period, the intruders may have stolen extensive data related to sensitive projects for the FBI, the U.S. military and numerous businesses.
As this type of brute-force attack increases in frequency and harm, what steps can you take to protect your privileged accounts?
Lance Stone, owner of San Francisco IT Services company, On Time Tech shares insights into keeping your corporate network secure.
Practice Careful Monitoring
Privileged accounts come in many forms, and inadequate protection of these critical access methods can result in significant security breaches. Whether your organization relies on local administrative accounts, service accounts, application accounts or others, sound monitoring and record-keeping play a vital role in maintaining the integrity of your network.
Your IT team should keep current, complete logs of all your privileged accounts. As employees join and leave your company, logs should be updated to reflect any changes in permission status and other details. Periodically, administrators should audit your records to ensure the prompt removal of any unneeded or inactive privileged accounts from your system.
Grant Only the Access Needed
To help keep your privileged accounts secure, consider using the concept of least privilege, which reduces access levels to the minimum necessary for each individual employee. By using least privilege, you limit the sensitive data that can be compromised in a breach, and you simplify the process of monitoring activity on your privileged accounts.
In addition, consider granting access to users only within their areas of responsibility — making it harder for hackers to spread an intrusion into other areas of your network.
Work with a qualified vendor to ensure use of the right technologies and policies to safeguard privileged accounts. You’ll want to carefully monitor security procedures such as blacklisting and whitelisting applications, recording and monitoring sessions, and managing requests for access.
Prohibit Sharing of Accounts
Your team members likely can describe many understandable reasons for sharing account passwords. A manager with an administrator account may provide access for an employee to complete a specific task, for instance. A worker planning a vacation may leave her password on a sticky note under her keyboard to make life easier for co-workers in her absence.
Sharing personal passwords is commonplace; a study from password management company LastPass found that 95 percent of people share as many as six passwords for social media, financial, business and entertainment sites.
However, allowing any sharing of passwords in your organization puts your network and your sensitive data at risk. For maximum security, make sure your employees understand that passwords must not be shared under any circumstances. Employees who need additional access should request updated privileges from your IT department.
Use Best Practices for Passwords
It should come as no surprise that for personal accounts, most people use simple passwords that hackers can guess easily. It may alarm you, however, to learn that many of your employees will apply that same lax attitude toward passwords used to access your organization’s sensitive networks and data.
Poor password practices stand as a contributing factor in many data breaches, with employees using the same passwords for multiple accounts as well as using obvious passwords like “password,” “123456” or “admin.”
If you allow employees to create their own passwords, consider implementing a formal policy requiring complex passwords that are changed frequently.
Brute-force attacks like the one that compromised Citrix Systems’ data find success because so many users neglect security. To keep intruders at bay and out of your network, carefully monitor your privileged accounts, grant access only as needed, prohibit account-sharing and implement password best practices.