Sign in Subscribe
Cyber Security

Cyber Security Hygiene - Identity

Alex from AskAlex.How

2 min read
Cyber Security Hygiene - Identity

One of the most common ways for Threat Actors to get into your network is through social engineering and phishing attacks. This can be significantly reduced if you have some basic controls in place in the way you manage identity:

  • Have Multi Factor Authentication on all user accounts.
  • Minimum 12 characters length for the password, with a combination of special characters, numbers, upper and lower case letters. Passwords need to expire every 90 days. Ideally if you can move to biometric authentication that is more secure and have lengthier password requirements. Block accounts after 10 unsuccessful logins.
  • Reduce your privileged/domain accounts to a minimum and for the privileged accounts introduce Privileged Identity Management to grant access to admin rights only when needed and for a limited period. This applies to service accounts as well, especially because their password does not expire and there's a big temptation in IT to setup systems under a privileged service account, to rule out permission issues in the installation and that's never revisited.
  • Separate admin accounts from regular user accounts for users: if someone is managing IT infrastructure, create a second user account as an admin and have them use that account only when executing privileged tasks. It's higher chances that their regular account gets compromised through phishing as it has an email associated and you can better protect the privileged account.
  • Integrate your HR system with you Active Directory system so that when terminations happen, accounts are deactivated automatically. No matter how good your team is, there is always that one account that is not turned off and doing audits of active accounts is not fun.
  • Try an avoid running an Active Directory server yourself and never have that server exposed over the internet. If you can, go for a managed Active Directory service from a cloud provider.
  • Consider if you really need to allow Bring Your Own Devices or you would like all logins to be done from corporate devices. By only allowing logins from corporate devices, you add another layer of authentication and reduce the identity risk.
  • Depending on the workspace licensing you have, some vendors offer Advanced Threat Protection for users and alert on things such as multiple logins from various geographical areas.
  • Depending on your budget and level or risk tolerance, consider a Managed Thread Detection and Response (MTDR) service from a 3rd party. This will go hand in hand with a Security Information and Event Management (SIEM) system. Sometimes this larger services come with an Identity component and can scan the Dark Web for compromised accounts.

You can subscribe if you'd like to stay up to date and receive emails when new content is published. If you'd like to work together on your IT posture, here is how I can help: askalex.how.