Call (716) 373-4467

 

Ever since passwords have been around, they’ve been a major source of security concern. Eighty-one percent of security incidents happen due to stolen or weak passwords. Additionally, employees continue to neglect the basics of good cyber hygiene.

For example, 61% of workers use the same password for multiple platforms. Plus, 43% have shared their passwords with others. These factors are why compromised credentials are the main cause of data breaches.

Access and identity management have become a priority for many organizations. This is largely due to the rise of the cloud. As well as the practice of people needing to only enter a username and password to access systems.

Once a cybercriminal gets a hold of an employee’s login, they can access the account and any data that it contains. This is especially problematic when it’s an account like Microsoft 365 or Google Workspace since these accounts can access things like cloud storage and user email.

Below, we’ll explain what conditional access is, as well as how it works with multi-factor authentication (MFA). We’ll also review the advantages of moving to a conditional access process.

 

What Is Conditional Access?

Conditional access is also known as contextual access. It is a method of controlling user access. You can think of it as several “if/then” statements, meaning “if” this thing is present, “then” do this.

For example, conditional access allows you to set a rule that would state the following. “If a user is logging in from outside the country, require a one-time-passcode.”

Conditional access allows you to add many conditions to the process of user access to a system. It is typically used with MFA. This is to improve access security without unnecessarily inconveniencing users.

Some of the most common contextual factors used include:

  • IP address
  • Geographic location
  • Time of day
  • The device used
  • Role or group the user belongs to

Conditional access can be set up in Azure Active Directory. It can also be set up in another identity and access management tool. It’s helpful to get the assistance of your IT partner. We can help with setup and the conditions that would make the most sense for your business.

 

The Benefits of Implementing Conditional Access for Identity Management

 

Improves Security

Using conditional access improves security and allows you more flexibility in challenging user legitimacy. It doesn’t just grant access to anyone with a username and password. Instead, the user needs to meet certain requirements.

Contextual access could block any login attempts from countries where no employees are. It could also present an extra verification question when employees use an unrecognized device.

 

Automates the Access Management Process

Once the if/then statements are set up, the system takes over. It automates the monitoring for contextual factors and takes the appropriate actions. This reduces the burden on administrative IT teams. It also ensures that no one is falling between the cracks.

Automated processes are more accurate and reliable than manual processes. Automation removes the human error component. This helps ensure that each condition is being verified for every single login.

 

Allows Restriction of Certain Activities

Conditional access isn’t only for keeping unauthorized users out of your accounts, you can use it in other ways as well. One of these is to restrict the activities that legitimate users can do.

For example, you could restrict access to data or settings based on a user’s role in the system. You can also use conditions in combination. Such as, lowering permissions to view-only. You could trigger this if a user holds a certain role and is logging in from an unknown device.

 

Improves the User Login Experience

Studies show that as many as 67% of businesses don’t use multi-factor authentication. This is despite the fact that it’s one of the most effective methods to stop credential breaches.

One of the biggest reasons it is not used is because of the inconvenience factor for employees. They may complain that it interferes with productivity. Or say that it makes it harder for them to use their business applications.

Using conditional access with MFA can improve the user experience. For example, you can require MFA only if users are off the premises. You can put in place extra challenge questions on a role or context-based basis. This keeps all users from being inconvenienced.

Interested in learning more about MFA and how it can increase cybersecurity for your business? Click here to read more.

 

Enforces the Rule of Least Privilege

Using the rule of least privilege is a security best practice. It means only granting the lowest level of access in a system as necessary for a user to do their work. Once you have roles set up in your identity management system, you can base access on those roles.

Conditional access simplifies the process of restricting access to data or functions. You can base this on job needs. It streamlines identity management. This is because it contains all functions in the same system for access and MFA rules. Everything stays together, making management simpler.

 Click here to read more about local admin privileges and the associated risks.

 

Get Help Implementing Conditional Access Today!

Once conditional access is set up, the automated system takes over. It improves your security and reduces the risk of an account breach. Contact Databranch today at 716-373-4467 x115, info@databranch.com, or fill out the form below to request a consultation to enhance your cybersecurity. 

 

Article used with permission from The Technology Press.

Whether you work remotely or in an office, the line between personal and work tasks can become blurred when working on your company computer. If you’re in front of a computer for most of your time during work, then it’s not unusual to get attached to your desktop PC.

Over time, this can lead to doing personal things on a work computer. At first, it might just be checking personal email while on a lunch break. But as the line continues to get crossed, it can end up with someone using their work computer just as much for personal reasons as work tasks.

In a survey of over 900 employees, it was found that only 30% said they never used their work PC for personal activities. The other 70% admitted to using their work computer for various personal reasons.

Some of the non-work-related things that people do on a work computer include:

  • Reading and sending personal email
  • Scanning news headlines
  • Shopping online
  • Online banking
  • Checking social media
  • Streaming music
  • Streaming videos/movies

It’s a bad idea to mix work and personal, no matter how much more convenient it is to use your work PC for a personal task during the day. You can end up getting reprimanded, causing a data breach at your company, or possibly losing your job.

Here are several things you should never do on your work PC.

1. SAVE YOUR PERSONAL PASSWORDS IN THE BROWSER

Many people manage their passwords by allowing their browser to save and then auto-fill them. This can be convenient, but it’s not very secure should you lose access to that PC.

When the computer you use isn’t yours, it can be taken away at any time for a number of reasons, such as an upgrade, repair, or during an unexpected termination.

If someone else accesses that device and you never signed out of the browser, that means they can leverage your passwords to access your cloud accounts.

Not all older PCs are stored in a storeroom somewhere or destroyed. Some companies will donate them to worthy causes, which could leave your passwords in the hands of a stranger if the PC hasn’t been wiped properly.

Contact Databranch today to learn more about our Password Management Solution. We make it simple for your business to use strong passwords and increase your security while enhancing your productivity.  

2. STORE PERSONAL DATA

It’s easy to get in the habit of storing personal data on your work computer, especially if your home PC doesn’t have a lot of storage space. But this is a bad habit and leaves you wide open to a couple of major problems:

  • Loss of your files: If you lose access to the PC for any reason, your files can be lost forever
  • Your personal files being company-accessible: Many companies have backups of employee devices to protect against data loss. So, those beach photos stored on your work PC that you’d rather not have anyone else see could be accessible company-wide because they’re captured in a backup process.

3. VISIT UNSECURE WEBSITES

You should assume that any activity you are doing on a work device is being monitored and is accessible by your boss. Companies often have cybersecurity measures in place like DNS filtering that is designed to protect against phishing websites.

This same type of software can also send an alert should an employee be frequenting an unauthorized website deemed dangerous to security.

You should never visit any website on your work computer that you wouldn’t be comfortable visiting with your boss looking over your shoulder.

4. ALLOW FRIENDS OR FAMILY TO USE IT

When you work remotely and your work computer is a permanent fixture in your home, it can be tempting to allow a friend or family member to use it if asked. Often, work PCs are more powerful than a typical home computer and may even have company-supplied software that someone wouldn’t purchase on their own.

But allowing anyone else to use your work computer could constitute a compliance breach of data protection regulations that your company needs to adhere to.

Just the fact that the personal data of your customers or other employees could be accessed by someone not authorized to do so, can mean a stiff penalty.

Additionally, a child or friend not well-versed in cybersecurity could end up visiting a phishing site and infecting your work device, which in turn infects your company cloud storage, leaving you responsible for a breach.

At least 20% of companies have experienced a data breach during the pandemic due to a remote worker.

5. TURN OFF COMPANY-INSTALLED APPS LIKE BACKUPS AND ANTIVIRUS

If you’re trying to get work done and a backup kicks in and slows your PC down to a crawl, it can be tempting to turn off the backup process. However, this can leave the data on your computer unprotected and unrecoverable in the case of a hard drive crash or ransomware infection.

Company-installed apps are there for a reason and it’s usually for cybersecurity and business continuity. These should not be turned off unless given express permission by your supervisor or company’s IT team

HOW SECURE IS THE DEVICE YOU USE TO WORK FROM HOME?

Whether you’re working remotely and worried about causing a data breach or are a business owner with multiple remote team members to secure, device protection is important. Contact Databranch today at 716-373-4467 x 15 or info@databranch.com if you would like to enhance your security and want to discuss your options.

Request your free security risk assessment and consultation with a Databranch Security Expert here:

Article used with permission from The Technology Press.