There has been a rising number of reports involving enterprises falling victim to cyber
due to a lack of proper management of enterprise data and segregation of such data from employees' personal accounts.
Many people use their personal accounts (e.g. cloud storage, password managers) to store their enterprise data and credentials. If their personal accounts are compromised, it could lead to a credential or data leakage from their respective enterprise accounts
For instance, in a recent network breach incident reported by Cisco, cybercriminals were able to gain initial access to the enterprise Virtual Private Network (VPN). This was achieved by compromising an employee's personal account with the employee's enterprise account credentials synchronised from the victim's browser.
Enterprises should raise employees’ awareness and highlight the importance of segregating enterprise data from personal accounts or data. Enterprises can consider implementing a comprehensive acceptable use policy (AUP) that includes clear guidelines on proper segregation and management of enterprise data, and encouraging the adoption of good cyber hygiene measures by employees.
Comprehensive Acceptable Use Policy
An acceptable use policy (AUP) is a document stipulating constraints and practices that an employee must agree to for access to a corporate network or resources.
A comprehensive AUP should also contain enterprise data management policies to protect your enterprise against data loss and ensures security on all devices connected to the enterprise data system. Such policies should state clearly the Do's and Dont's when employees store and/or share documents online. Documents that are work-related (which may contain sensitive data) should not be stored/shared on any personal accounts.
In addition, enterprises should advise their employees against storing any enterprise credentials in their personal accounts. This will minimise the risk of your enterprise suffering from a data leak in the event that an employee's personal account is compromised.
Good Cyber Hygiene Practices
Errant Multi-Factor Authentication (MFA) Notifications
In the Cisco network breach incident, cybercriminals used a technique called MFA fatigue attack to send a high volume of push notifications to the targeted employee's mobile device until the employee accepts the notifications - either accidentally or simply in an attempt to silence the repeated push notifications they were receiving.
As such, enterprises should educate their employees on the necessary response measures to take should they receive such multiple push notifications on their respective devices requesting authentication. Enterprises should also ensure that employees report such incidents promptly to their respective IT security teams.
Educating Employees to Spot Signs of Compromise. Employees should be trained how to spot signs of compromise. Some non-exhaustive indicators of a possibly compromised account:
- Not being able to log in using the original password
- Receiving a ransom message
- Unknown application installed on devices
- Leakage of enterprise data
- Inexplicable device(s) behaviours
If an employee suspects his enterprise's account has been compromised, he should change his password and report the incident to the IT security team immediately.
Password Management Policy
As passwords are the first line of defence against any unauthorised access to enterprise accounts, enterprises are advised to implement a password management policy for employees to follow and to store and manage passwords securely.
To learn more about the Importance of Using Strong Passwords, and Ways to Safeguard Your Passwords and Accounts, read the advisory here.
Deploy partitioning service or sandboxing tools
Enterprises may consider deploying a partitioning service or sandboxing tools to protect corporate applications safe from potentially malicious consumer applications. This keeps corporate apps safe from potentially malicious consumer apps while also maintaining user privacy.
Do not make it easy for cybercriminals. Maintaining proper segregation and management of enterprise data will protect the enterprise from being an easy target for cybercriminals to gain unauthorised access to the enterprise's credentials and data. Additionally, enhancing employees' cyber awareness and enforcing good cyber hygiene measures could prevent unauthorised access to the enterprise accounts and limit the impact of a compromise.