COVID-19 pandemic has pushed millions of organizations all over the globe to quarantine their employees in work from home environments. While IT teams are busy trying to figure out how to keep the wheels turning, the new status quo presents an ideal opportunity for insider threats to materialize. Some people are bound to misunderstand extra security requirements associated with working from home and expose sensitive data on accident. Others are likely to become disgruntled in this time of economic and societal uncertainty and to do company harm on purpose. Despite that justifying IT security investment is extremely hard right now as the recession is looming.
Netwrix makes it easy to keep track of new insider threats born from working from home even when 90% of your time is dedicated to making sure that employees can work remotely productively. These solutions automate the bulk of tedious routine work needed to detect threats to the security of sensitive data so that your days don’t get even more frantic. It only presents you actionable intelligence, which can be acted upon immediately to stop insider threat.
(1) VPN logon attempts
As people working from home begin to use VPN to access corporate resources from their company-issued laptops or personal computers, the number of daily VPN sessions will skyrocket. While not inherently bad or undesirable, VPN sessions are still worth to keep an eye out for in case someone tries to access corporate data from unsecure devices, exposing company to new risks.
Netwrix Auditor monitors both successful and failed VPN logon attempts showing you clearly who is initiating the session, what IP was the authentication attempt made from and when it happened.
(2) Content Downloads from the Cloud
Many employees are turned off by the concept of working from home as the prospect of being disconnected from corporate resources due to VPN failure is haunting them. The temptation for them is to download all of the documents, sensitive or not, that they are working with from cloud collaboration platforms, such as Office 365 and store them indefinitely on their hard drives. While convenient, it also creates a magnitude of security concerns: is personal device well protected, is it infected by malware, how long will the data sit there?
Netwrix Auditor shows you exactly who is downloading content from SharePoint Online or Teams. If you see someone grabbing a lot of documents, you need to verify that there’s a business need and suggest an alternative course of action that would not result in sensitive corporate data being exposed in an unsecure location.
(3) Privilege Elevation in Teams
Modern cloud collaboration platforms, such as Microsoft Teams, play a huge role in facilitating work from home. They also grant regular users an unprecedented amount of power which can pose serious risk, given users’ tendency to prioritize convenience over security. For instance, if a team owner is asked to share access to a number of files with another employee, the easy way to do that is to just invite that employee into the team for a limited time period. Except of course barely anyone is bothered to check team memberships regularly, and that person can stay in the team indefinitely which goes against least privilege principle and poses a lot of unnecessary risks to sensitive corporate data. Something which used to be a well- documented process, involving approval, helpdesk ticket and an IT administrator’s help now can be done in a couple of clicks.
Netwrix Auditor makes it easy to catch inappropriate Office 365 group membership changes. It records all changes to these groups so that you can easily review them with team owners and either work out another way of giving employees the access they need or agree to follow up when the project is over and the person needs to be removed from the group.
(4) Failed Activity Trends
Perceived lack of oversight when working from home may urge employees to look for and try to access data that they are not supposed to work with. It’s only a matter of time before a developer stumbles upon HR files that were left unattended.
Netwrix Auditor brings to light all of the failed activity in your environment that you otherwise might have missed. Each spike warrants investigation as it can be an insider trying to get to sensitive data through trial and error or a user trying to read files they legitimately need access to. Either way Netwrix gives you opportunity to easily resolve this before there’s an incident.
(5) Access to Sensitive Data
When it comes to sensitive data and activity around it, you should always be vigilant. And even more so when everyone is working from home. Being away from the confines of the office buildings can create a sense of lack of oversight over their actions in many employees which can make them careless with sensitive information. Which is why you should constantly monitor who is doing what with sensitive data and also ensure that access to sensitive data is strictly in line with business requirements.
Netwrix Auditor gives you all the information you need about what’s going on with sensitive data in your environment so that you can easily keep an eye out for unauthorized activity without wasting hours and hours you don’t have on sifting through logs. You can also take a proactive approach and perform a review of sensitive data permissions in the early stages of work from home period to reduce the number of incidents involving sensitive data that you will have to investigate and respond to. With Netwrix this is as easy as opening up a report and sitting down with data owners to look through the list of accounts that have access to sensitive data.
original article brought to you by Netwrix
Download a free Security Risk Assessment from Netwrix so you can quickly spot the risks in your IT security that require your immediate attention and drill down to actionable details that enable prompt mitigation.