Keeping your distance to keep secure

As we learned from the pandemic, it’s important to keep your distance from others when sick. When it comes to the security of your organization’s networks and assets, it’s similarly important to keep personal accounts and devices at a distance from corporate systems for network health.

Earlier this year, Cisco was infected with ransomware. The initial compromise? An employee’s personal email account.

The details of the incident illustrate common tactics used by attackers today: the employee had enabled password syncing in their web browser through their Google account, which stored the employee’s Cisco credentials.

The attackers then used the stolen Cisco credentials to sign in and bypass multi-factor authentication (MFA) through vishing (voice-phishing) and causing MFA fatigue, in which attackers send large volumes of notifications until the user accepts the requests.

This strategy eventually provided the attackers with access to the Cisco VPN. They then escalated privileges, logged in to multiple systems, added new devices, and exfiltrated data.

The damage hasn’t been limited to Cisco. Elliott Greenleaf law firm was victimized by its own employees in January 2021 when they deleted sensitive files on firm systems after downloading them to a personal USB. This incident demonstrates the importance of restricting personal devices, detecting USBs, and monitoring data exfiltration.

Cybersecurity tips for employees

The lesson for employees is that caution around how you manage your personal and corporate accounts can prevent cybersecurity incidents. Here are some tips to follow to ensure you make the best choice when connecting:

1. Avoid saving credentials to your web browser, whether on a corporate or personal device. Instead, use a password manager to handle your credentials. This reduces the likelihood of threat actors obtaining your credentials and using them to gain access to not only your personal accounts but your corporate ones as well.
2. Avoid emails between your personal and corporate accounts. Frequent communication between the two accounts can lead to inadvertent data loss or provide an opening for adversaries to an internal company network.
3. Do not use the same passwords created for company account access as for personal account access. If personal passwords are compromised, they can easily be used to gain access to company resources.
4. Avoid connecting personal mobile devices to company-owned or operated information systems. If your personal device is infected with malware, you are putting company networks at risk.
5. Remember that your employer’s IT services and managers will only contact you through established, official channels. Report any suspicious calls, texts, or emails to your employer’s IT or security department. Criminals will impersonate company leaders to gain access to employee credentials.

95% of cybersecurity issues can be traced back to human error. Keeping your personal devices and accounts far from corporate networks reduces the likelihood of cyberattacks at work. As with so many lessons, cybersecurity starts at home.