By Euan Henderson
Cyber Security Apprentice
Using remote working solutions may make it easier for employees to collaborate but with it come new risks.
These risks come in many forms and a few examples include password spraying (a term to describe attackers trying to log into multiple accounts using a single password) and phishing to try and gain access to personal details for later use.
It is recommended by NCSC that organisations enable (where possible), and choose services that offer, two factor authentication for services that are internet connected and/or cloud based.
This recommendation attempts to limit attacks that are aimed at stealing and using passwords to gain access to the systems of the organisations. If using a service that allows the use of multifactor authentication, all users should use this, however, administrator accounts must make use of this.
This is a defence-in-depth technique that allows more security for administrators and could prevent an attacker from having full access on a system. This is vital for all business, especially if the service contains personal data or business critical data.
Extra factors can be used in different ways to verify users. However, this depends on the system you want in place.
For single sign-on systems, organisations could configure their cloud systems to allow only computers/laptops that are within their trusted enterprise network, meaning that any device not on the trusted network, or connected via a VPN to the trusted network, can gain access to the system.
Other form of multifactor authentication include using a trusted device, app, a separate factor like smartcards, using a piece of knowledge e.g. characters from a memorable phrase.
There are also issues created by implementing multifactor authentication that would require an organisation’s help desks to offer more services in order to support users.
If users were to lose their extra factor their needs to be a way to allow the users to report the loss and be able to replace it, this could be done through the service directly or a portal.
However, there must be a process in place to ensure that attackers cannot exploit the account reset and multi factor authentication token replacement process.
There should also be consideration of how emergency administrative accounts would be utilised should administrators not be able to use their multi factor authentication.
A solution to this is to allow the emergency accounts to have single signon, however the emergency accounts should be better monitored in order ensure any misuse of accounts is detected.
Whilst multifactor authentication can raise issues, and some companies view it as unimportant, it provides an extra layer of security and could help reduce threat to many systems.
Below is the link to the original NCSC article on which this BLOG is based.