News

Compromised passwords are one of your biggest liabilities. For many companies with low password management maturity, a compromised password can have devastating outcomes. Our multi-factor authentication best practices are helping you increase security against your password vulnerabilities.

It’s important to attach more security to your credentials. It’s not uncommon for password sharing and using the same password across devices to take place, especially when there is a large amount of devices involved. While it’s important you adhere to password best practices in general, following MFA best practices will help you secure against common vulnerabilities and challenges.

What is Multi-factor Authentication

Passwords today are an easy entry point for bad actors. Multi-factor authentication is a method of authentication that requires more than just a user’s password to authenticate the user. It is an enhanced version of two-factor authentication, which also requires more than just the user’s password to complete the authentication.

Multifactor authentication will include at least two authentication methods, though it can include more. These authentications are focused on three areas: something you know, something you have and something you are.

Something you know is typically the user ID and password. This is then layered in with something you have, generally a security token that is generated that only the user will have. With the something you are method of authentication, this will also authenticate based on biometric data of the user.

Additionally, MFA might require additional contextual factors, such as location or time to finalize authentication.

What Are the Benefits of Multifactor Authentication

MFA makes you a harder target. It’s part of CISA’s Shields Up and is used in Zero Trust architectures as a security measure. NIST as well recommends MFA whenever possible. As passwords are often targeted by attackers, you want to make sure that you are doing your best to secure them.

By implementing more authentication requirements, you are making yourself a more difficult target. While a password may end up compromised, the additional authentication factors act as an additional wall of defense against the threat gaining entry through the compromised account.

Multi-factor Authentication Benefits

• Improve the security of your credentials
• Support more advanced cybersecurity measures like Zero Trust
• Flexibility to choose various methods of authenticating a user
• Meet compliance or regulatory needs

Multi-factor Authentication Best Practices

Implement Multi-factor Authentication Across the Business

Any unsecured password is a vulnerability. The last thing you want to do is secure part of your house by locking the doors, but still leave the windows open. This should be one of your top multi-factor authentication best practices that you follow. When you are ready to secure your passwords and business with this implementation, be sure to go all the way and make sure every user is authenticating this way.

Leverage the “Multi-factor” Functionality

Determine what authentication factors are best for you and the business. As we mentioned above, there are various methods a user can take to authenticate their selves and you can choose two or more, depending on needs.  You want to choose the best form of authenticating that doesn’t introduce friction into the process and also keeps you as secure as possible. Be sure to review your options for authentication and then settle on the options that make the most sense.

Combine Your MFA With Other Security Tools

While following these MFA best practices will help you become more secure, you still have many additional tools and approaches you can leverage to further enhance your security. You should be considering other things like secure remote access that offers least-privileged access at the right time, only when it is needed. While implementing your MFA, it is a good time to start considering these additional approaches as well.

Make Implementation Frictionless

ConsoleWorks already supports multi-factor authentication in addition to enabling other critical Zero Trust traits and features. When considering your implementation, evaluate your roadmap and see what is on the horizon. You don’t want to have technology silos, so make sure you’re picking a technology that can do more for you. This is why our security platform helps with secure remote access, logging and monitoring, baseline configuration monitoring and password management. You are able to plan your security within an ecosystem that you grow into, not out of.

Go Beyond MFA Best Practices to Enhance Security with Zero Trust

While these multifactor authentication best practices will enhance your security and make it harder for a bad actor to gain entry, it is not without its vulnerabilities. For a true network defense that is ready to defend against today’s threats, we recommend going beyond and attaining a Zero Trust defense.

You can see our Zero Trust maturity model, which shows you where you are in your journey to achieving this defense. If you have any questions about where you are now or where you want to go with your cybersecurity, we are right here to talk with you.

Privileged access management makes you more secure by permitting least-privileged access to your most important information and endpoints at the right time and only when it is needed. It is a fundamental element in the Zero Trust architecture. To maximize your security and investment in PAM, we are reviewing common privileged access management mistakes that you should avoid.

Every business has users who need privileged access to its data and endpoints. These can be your employees, partners or contractors. Protecting these credentials and implementing best practices makes sure that your business reduces its security risks. Committing the PAM mistakes outlined below undermines your security and investments. In some cases, these mistakes remove the strengths of having it in the first place.

What are the Risks of PAM Mistakes?

Of the four privileged access management mistakes we review below, you will notice that many are procedural in nature. These procedural mistakes create vulnerabilities in your security and undermine your PAM implementation and its efficacy. These are particularly important to avoid if you are striving to attain cybersecurity architectures like Zero Trust.

Other PAM mistakes revolve around mistakes a privileged user their self may commit. Mistakes can happen anywhere, but when a user with privileged access commits a mistake that opens you up to a security breach, the outcome is much more devastating.

That’s why following best practices and avoiding the privileged access management mistakes below are good first steps to take to make sure your implementation is leveraging all of its strengths and avoiding weaknesses that undermine your implementation’s benefits.

Common Privileged Access Management Mistakes

Your Roles are Assigned Based on Job Title

This is an easy mistake to make. As you are developing your implementation and determining roles, it’s common to start with your job titles. It’s easy to assume that job titles should equal your privileged roles. These are not the same thing.

Your Systems Administrators may have very different scopes between their roles, for example. Especially if one is a Windows systems admin versus the other, who might be a Linux system admin. Do they really need the same access to the same things? Or should their access only be permitted to something deeper about their roles and performing the important elements of their role within the business?

Determining these roles and what is different about them, beyond just the job title, are key elements to define. By committing this mistake, you are not enabling the least-privileged access needed for the assigned roles and are giving up the benefits of a strong PAM implementation.

You are Sharing Your Privileged Account Credentials

Credential sharing is common. We’ve discussed the issues with it in the past, but sharing of credentials among your most privileged accounts is an even greater security risk. If your credentials are shared across your plant, for example, what happens when an employee or contractor no longer works there?

In many cases, businesses do not change the credentials of these privileged accounts. It can be difficult and time consuming to do, especially when there are many. Instead of doing anything, these former users retain all of that knowledge of how to access your network while also having all of the privileges to your most important endpoints and data that this knowledge grants them.

It’s a considerable security risk and makes it very difficult to understand who did what, should a breach occur.

Not Protecting Your PAM Accounts with Additional Authentication Factors

Your most privileged accounts need additional verification measures attached to them to authenticate the user gaining access. One of those additional measures should be an MFA solution to ensure that simply having user credentials is not sufficient enough to gain access to your most important information or endpoints.

If you’re committing the privileged access management mistake mentioned above, in conjunction with this one, you have very little in the way between a user knowing how to access your endpoints and you being able to stop them.

Using a Privileged Account for Everything

Your privileged accounts should be to access and perform the role as necessary, when necessary. Part of enabling least-privileged access as a best practice is providing it only when it is needed. If a user is using their privileged account to surf the web, check email or do other functions that don’t pertain to that role’s requirements specifically, they should not be using that account anymore.

If a user accesses email on their privileged account, for instance, and falls victim to a phishing attempt, then one of your company’s most critical accounts is now compromised. These accounts should be kept as secure as possible.

Avoid Common PAM Mistakes and Follow Best Practices for Heightened Cybersecurity

By avoiding this common role based access mistakes, you will be one step closer to achieving a Zero Trust-worthy cybersecurity implementation. We’ve written extensively about the importance of privileged access management. For continued reading, we suggest our Secure Remote Access Maturity Model as well as our RBAC Best Practices posts as your next resources.

If you have any questions about your implementation or want to know where to start, you can always contact us here.

Companies suffer from cyber attacks every day, testing their defenses and their preparation. How to respond to a cyber attack is a key step in reducing damage or fallout from these attacks.

A poor response can result in harming your reputation, loss of life or injures in the event of an OT attack, loss of money, or all of these things. While avoiding attacks by establishing a Zero Trust-level defense should be your goal, you need to prepare for the event that something happens.

To borrow from the Zero Trust mindset – you must always assume a breach has happened or will occur. In that case, knowing how to respond to a cyber attack is an important step in achieving your Zero Trust mindset and preserving the future of your organization.

Responding to a Cyber Attack

Having an incident response plan should be something you have clearly defined from the beginning. The last thing you want is to be outlining how to respond to a cyber attack as it is happening. This will result in confusion, poor communication and loss of critical time and information that can help contain the current attack or prevent the next one.

This response plan will include people, processes and technologies that you will rely on to act quickly and confidently when responding to a cyber attack to mitigate further damage. With this in mind, we’ll cover the important pieces below that you need in place to make sure your response to a cyber attack is effective.

Develop Your Incident Response Plan

When responding to a cyber attack, you want a designated crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business.

Additionally, you want to make sure you know who in law enforcement you should be contacting and they know who you are as well. This will include anyone from the local police up to the FBI, depending on the type of threat.

Next, you’ll want to assure the availability of key personnel. Not only should your personnel be identified and know what their role is for responding to a cyber attack, you must make sure they are available to respond. You may also need to identify means to provide surge support for responding to an incident.

You must be ready to act decisively. Identifying your team, making them aware of their roles and practicing your response plan will ensure you know how to respond to a cyber attack. Time is critical when responding to a cyber attack, as even small mistakes or confusion can cost you greatly.

Know How to React to a Cyber Attack

In addition to planning your team, your plan must consider and account for the various types of attacks you could receive. Practicing responses to these attacks and knowing what to do for each will help you remain confident and act decisively when responding to a cyber attack.

If you suffer a DDoS attack, you should know the proper steps and procedures, such as contacting your ISP and telling them you’re under attack or recognizing that it could be that the attackers are trying to break in during this attack. Look at the machines that were under attack and examine them carefully.

However, if it’s a malware attack, unplugging the machine and removing the disc drive, then isolating and removing the files is a better response. If you suffer a trojan attack, removing the infected system out of your network to contain the virus should be your action.

Your goals will always be to isolate, to contain and to stop the spread of the threat, while preserving the evidence and documenting exactly what you did and when. Any response must be controlled, planned, audited and have a clear and complete set of logs of all human activity, dates, times and responses from that activity.

This provides clear guidance to more than the person remediating the attack, it also shows all resources from internal, contracted third party and government, about what was done, how, by whom and the order of events and their associated actions. Of course, the control of access to affected assets is critical to forensic understanding of the adversary and your response execution.

Preparing Your Defenses

While knowing how to respond to a cyber attack is critical to reducing unwanted outcomes for your business, preventing them in the first place is your most ideal step. That’s why we discuss how to achieve Zero Trust and have maturity models based around its architecture. It’s also why our cybersecurity platform is ready to help you enable a Zero Trust architecture.

If you need assistance in attaining this level of security or don’t know where to start, you can talk to us here to learn what you can do to increase your security.

Supply chain security is a cybersecurity challenge with multiple touch points between vendors and partners, contractors and others. It’s important that you are doing what you can to enforce proper supply chain security best practices. Being able to support vendors while protecting your data and processes is critical to your business.

We’ve previously discussed the importance of supply chain security and how you must account for it in order to go beyond a Zero Trust cybersecurity baseline. Today, we’re taking that further by providing the top supply chain security best practices.

Why is Supply Chain Security Important

Supply chains are becoming ever more complex. As technology has introduced incredible efficiencies into supply chains, it also brought new risks as new touchpoints within the chain were created. Therefore, mitigating these risks that are introduced is critical to maintain the security of your network.

Maintaining this security can feel like a moving target, however. As supply chains grow and include even more third parties, all needing certain levels of access to your network in order to perform their role, it makes a potentially easy point of weakness in your defenses. That increased integration with your partners and the network access and data being shared, on top of unknown disclosures around security practices, can feel like a difficult combination to secure.

This is why we stressed the importance of evaluating your supply chain in our beyond Zero Trust series. Evaluating your supply chain cyber security means considering more than the product itself of a company you are considering, or how a partnership can add value to your business. You need to consider what those businesses are doing to ensure they are safe from an attack and are protecting those involved in their supply chain. You are only as strong as your weakest link in this chain.

How to Protect Your Supply Chain

It’s important to remember three key things when securing your supply chain:

• Your defense should be based on Zero Trust. Never trusting connections or devices, and assuming that a breach can happen any time.
• Breaches result from a lack of cybersecurity knowledge or proper security. Ensure that your supply chain is taking cybersecurity as seriously as you are, educating their employees with cybersecurity training and doing assessments like the SOC for Supply Chain
• Every link in your supply chain must be strong. You are only as strong as the weakest link within it.

With these principles in mind, let’s look at the supply chain security best practices you should be following to make sure that you are on your best defense against a potential breach.

Supply Chain Security Best Practices

Assess Your Partners – We’ve stressed the importance of this before, but you are truly only as strong as the weakest link in your chain. You should make sure before accepting anyone into your supply chain that you are evaluating how they manage their own security. Do they train their team on cybersecurity best practices and penetration test their product and company? Security requirements must be an important part of these discussions. Once they have been officially accepted into your supply chain, your team should be working to address vulnerabilities or security gaps that could be introduced.

Role-based Access Controls – Secure, least-privileged access needs to be emphasized. You should know how your supply chain accesses your network and you should only be granting access that allows them to accomplish their role and nothing else. You should always be verifying their identity, just like in the Zero Trust model, no inherent trust should be permitted to any partners.

Know your assets and who is accessing them – In addition to access control policies, it’s important that you know the assets on your network. You won’t be able to properly define who should be accessing what without the knowledge of what those assets are and how they are configured. More important, this is something you should be doing all the time, not just once and then moving on. If you do not know where the front door of your business is, then you can not set a proper perimeter to defend it.

Incident Response Planning – We talked about critical elements in an incident response plan, and it extends to your supply chain as well. You must be prepared in the event of a breach and have protocols in place to act fast. Any time wasted with confusion can mean drastic impacts to your business. Everyone must be prepared and know their role should an incident occur that needs your team to react quickly.

Steps for a Better Defense

These supply chain security best practices will get you started on the path to better security and help you manage the ever-evolving complexities within it. As partners in our customer’s supply chains, we ensure that we are doing our part to not only help them enforce their cybersecurity needs, but penetration test our product and company. It’s also why we completed our SOC for Supply Chain examination.

To make sure you’re meeting your Zero Trust needs and going beyond them, you can talk to us here about your cybersecurity requirements and how ConsoleWorks can help you achieve your IT and OT security requirements.

Passwords are an important part of your security and also one of the easiest ways that hackers gain entry into your network. User credentials are constantly under attack. That’s why we’re talking about common password security mistakes and what you should do to avoid them.

We’ve discussed password security best practices before. We also talked about having regular cyber security training in your company. But even with these in mind, it’s important to highlight the common password security mistakes that you might be committing.

What are the risks of password mistakes?

The risks from committing these password mistakes are great. A compromised account, especially one without least-privileged access, can result in your most important information or devices being stolen or attacked. With the rise of ransomware attacks as well, we’ve highlighted in the past how compromised credentials can result in millions of dollars lost for companies whose credentials are compromised.

If you are committing the password security mistakes below, your risks increase more. Some of the mistakes below, though common, open you up to easily being compromised, from lack of barriers or because of reused or shared passwords.

Common Password Security Mistakes

Changing Passwords Too Often

Many companies have the routine of changing their passwords at regular intervals, even when there is no evidence that a password has been compromised. This presents various challenges for the user having to change the password. They need to remember something new, because it can’t be an old password, and it needs to be sufficiently complex.

This means many people have difficulties remembering their new password. Employees can end up forgetting, locking their selves out, or compensate by writing their passwords down to remember them, which compromises security of the password. All of these are bad outcomes.

A better solution is to have a password vault that will manage these complex passwords for you and remove the challenges and shortcuts people will take to login with their credentials as easily as possible.

Not Using Passphrases

Requiring a password to be more than 15 characters long and have a mixture of letters, numbers or characters is a big task for someone to remember. This is why passphrases should be used to remember such lengthy requirements. Instead of a mixture of random letters, numbers and characters, using a phrase, while substituting letters in the phrase with numbers, is far easier to remember and makes for a strong password.

Avoiding using passwords based on your personal information, like birthday, phone number, address or other personal information that is easy to discover should be avoided. These are too easy to crack, along with simple words that a dictionary-style attack could quickly discover.

Sharing Passwords

Sharing of passwords is common. It’s also a big password security mistake. When everyone has the same credentials, your endpoints are not secure. It also amplifies issues of password management. If a person is terminated, you can not simply deactivate an account associated with that individual. Your problems instead become amplified and, in many cases, you may not even know what endpoints that individual even knew the passwords to when sharing is so rampant.

Not Using Multi-Factor Authentication

Passwords are too important to not protect with additional layers of authentication. If you aren’t implementing least-privileged access, you should at least be putting MFA to authenticate users. Make sure you aren’t committing this mistake by not protecting your passwords with additional methods of authentication.

Reusing Passwords

There are a few reasons users commit this password security mistake. It’s hard to remember complex passwords, especially when you are in an organization that makes you change your passwords frequently (one of our other password security mistakes). To combat this issue, users may reuse their password across devices and accounts. Of course, this means that once one of them is compromised, the rest of them are compromised.

This highlights the importance again of using passphrases, so your passwords remain complex, but also easy to remember for yourself. It’s also another reason password vaulting is a great option to pursue as you look to increase your password management maturity.

Reduce Your Password Security Mistakes, Increase Your Cybersecurity

If you’re looking for quick security wins, examining how your business treats its passwords is a good place to start. Many of the mistakes we listed above are both common and easy to fix. If you’re looking to truly overhaul your password security and reach architectures likes Zero Trust, we have more resources for you.

Our Password Management Maturity Model and our Password Management Best Practices will help you see what you should be doing and also where you currently are on your journey to achieving a Zero Trust-worthy implementation in this area of your cybersecurity.

If you have any questions or want to know how we can help you, you can contact us here.

As you look to implement a Zero Trust architecture, it’s critical to move away from the inherent trust permitted in the traditional Castle and Moat architecture. Our network security maturity model will help clarify the different levels of implementations on your path to achieving more sophisticated network defense.

While working on your implementation, we also recommend reviewing our Network Segmentation Best Practices. This acts as a companion piece to the network segmentation maturity model. It will help you keep in mind important practices for your implementation and the benefits you receive from a mature implementation.

What is a Network Security Maturity Model

Our Network Security Maturity Model reviews three levels, from beginner to advanced, of implementations. We also review at what level you can attain a Zero Trust-worthy implementation of network security and why.

Each level builds on the previous, adding in new elements to your architecture and enhancing your security. We’ll especially be focusing on how a network is constructed or segmented, to hinder ease of movement for an attacker and to protect your most critical information or endpoints.

There are various network segmentation models and we have discussed the 62443 model previously, which you can also reference for approaches to your network segmentation as you move forward in this process.

Network Segmentation Maturity Model Stages

Network Security Level: Beginner

At the beginner level of network security, you have very few defenses or segmentation. At the edge of your network, you are allowing inbound and outbound traffic without examination or controls in place. This leaves you especially vulnerable, as you do not know where the traffic is coming from, do not know what it is doing or where it is going, and it can move laterally through your network both quickly and easily. This is due to a lack of segmentation or having security zones a user needs to pass through within the network. There is an inherent trust permitted at this level to your traffic.

Network Security Level: Intermediate

At the intermediate level you aren’t blindly permitting access into your network. You now have firewalls at the edge and restrict inbound and outbound traffic to your devices. While you might be restricting this access, your network still looks relatively flat.

This still means you are vulnerable to a bad actor who gains access. Much of the network’s assumptions about access at this point still revolve around trusting a user who has access. This also means once a user does gain entry, they are able to freely move around the network without challenge.

The other point that marks both a beginner and intermediate level of network security from an advanced level, is that these lower levels are very reactive in their defense. While an intermediate level might have more protocols in place to respond to a threat, they are not actively monitoring for them, nor do they have a network architecture that enables them to easily see what is happening inside of it. It also lacks a way to contain a threat to just one area within that network.

Network Security Level: Advanced

At an advanced level of network security, you are following strict access policies and functionally breaking up your network into segments. It now has various security levels, with the most important assets kept down at the lowest levels, with the fewest connections able to reach that point.

A solution like ConsoleWorks is also used to permit least-privileged access to these endpoints as well, layering in complexity to how the network is secured, and removing the elements of inherent trust from the network.

You’ve built your network security around the consideration of your deepest security levels, where your most important devices are kept first. This bottom-up approach helps you with securing user access at the other security zones.

This way you also begin to address challenges, like in OT, where aging assets that were never built with the intention of it being connected to a network, can still remain protected when they are introduced to that network and forced to interact with today’s environment.

Here now you are also proactive about detecting attacks. By having a well-defined architecture that doesn’t permit trust, you are constantly monitoring users and activity on your network. You are also more easily able to contain a breach to one area of your network rather than it spilling further, due to your various security zones and micronetworks.

The Road to Cybersecurity Maturity

It is important to remember that a fully mature cybersecurity architecture involves many pieces.  We recommend our Password Management, Secure Remote Access, Baseline Configuration Monitoring and Zero Trust maturity models to further explore reaching cybersecurity maturity. These posts elucidate the features and design needs to attain higher maturity levels across other areas of your cybersecurity.

Should you need any help or have questions about attaining higher levels of maturity, or want to go beyond Zero Trust security in your environment, you can always reach out and talk to us here.