Interviews

Securing employee workstations

by Mark Rowe

David Higgins, Senior Director, Field Technology Office at identity security product and IT access company CyberArk, offers his top six practices for securing employee workstations.

Hybrid working has become the new norm since the covid-19 pandemic. Work is now centred around ‘productivity anywhere’ as 63 per cent of high-growth companies have already implemented a hybrid work model, according to a recent Accenture study. It allows for people to reach their full potential at work, no matter where they are. While this has had a hugely positive impact on the work-life balance of many people, the move puts employee workstations at the edge, far beyond the ‘walls’ of the traditional corporate network. This paves the way for attackers to breach cybersecurity by launching ransomware, compromising identities, abusing privileged credentials, and make their way into vulnerable corporate networks.

This is a very vulnerable situation for organisations to be in, and, often, during an endpoint attack, by the time incident response specialists are called in, the environment has already become overrun by threat actors.

Endpoints – especially workstations – must be protected before inevitable assaults. To do this, and speed up recovery efforts, the following fundamental identity security rules and safeguards should be adhered to:

1. Eliminate admin rights and verify least privilege – Employees frequently need to carry out an action which requires administrative privileges. While these are usually legitimate and necessary tasks, just-in-time privileged access enables teams to safely carry out work, but only in accordance with policy, at an appropriate time, and for the appropriate cause. This prevents users from having local administrative rights that could be exploited by an attacker.

2.Ensure local admin accounts are protected – Administrator accounts are used to install and update workstation software, set up system preferences, and manage user accounts. These are privileged accounts which attackers target with the aim of running ransomware and other malicious software, disabling antivirus software, and blocking disaster recovery tools. Moving local admin powers away from normal users and into a secure digital vault with credential rotation is the quickest and most straightforward way to secure employee workstations. This can lessen an adversary’s ability to move through a network and minimises the impact of employee mistakes, for example, falling for a phishing scam.

3.Implement control policies for applications – The endpoint must be able to defend against attacks, as well as allow or deny known applications. To lessen the risk of ransomware, organisations must be able to “grey list” apps and implement advanced control policies to ensure workers only use secure and trusted applications.

4.Secure cached credentials – Credential theft is one of the greatest risks to organisations today. They can be saved in memory by many common business apps, and many web browsers and password managers store application and website credentials locally. Because threat actors can frequently get cached credentials without ever requiring admin capabilities, having an endpoint security layer is essential.

5.Making traps – Endpoint protection technologies that support privilege deception functionality, such as the capability to generate phoney “honeypot” privileged accounts, can help identify potential attackers right away.

6.Tracking privileged activities – Attackers often fly under the radar while they test a network’s defences. By proactively monitoring privileged workstation activity, organisations can automatically identify and stop adversaries before they move laterally, elevate privileges, or do significant harm.

Unfortunately, poorly protected employee workstations are the ideal weakness for attackers to manipulate. This means that organisations should act quickly to protect endpoints in order to improve their security against increasingly damaging attacks.

We can use the previously mentioned safeguards to prevent this occurring, as well as adhering to the key mitigation steps and incorporating a layered defence-in-depth strategy. Businesses can therefore better isolate attacker activity, lessen the impact of a breach, and also recover control.

Related News

  • Interviews

    New BSIA section

    by Mark Rowe

    The British Security Industry Association (BSIA) has launched the trade body’s newest section of membership – the Specialist Services (SpS) Section. It’s…

  • Interviews

    Institute deputy chair

    by Mark Rowe

    The Security Institute (SyI) reports that Mahbubul Islam, pictured, has become Deputy Chair. He’s one of only 200 Chartered Security Professionals (CSyPs…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing