Businesses today are dealing with the reality that the workforce and the work environment will never be the same post-pandemic. Even still, many organizations are attempting to get back to normalcy with how employees carry out business-related activities with most businesses adopting a hybrid back-to-work model that may include time both in the office and working remotely.
The new flexibility can lead to security challenges, as has already been seen with the pandemic so far. In addition, businesses may be struggling with answers to security-related questions, such as what the hybrid back-to-work model means for password security. So how can businesses tackle password security challenges in the hybrid workforce?
What is a Hybrid Work Model?
The case of workers splitting their time between the office and home is expected to become the “new normal” for the post-pandemic era. Many have adapted to the routines and benefits of working from home and even feel more productive.
This hybrid back-to-work model creates challenges for both employers and employees. One of the areas of challenge for both parties is cybersecurity. Both employers and employees alike are thought to be much more susceptible to cybersecurity risks when working from home due to the often less stringent cybersecurity controls, greater distractions, and other challenges that face at-home workers. One of the critical areas of concern is password security, with cybercriminals heavily targeting the credentials of remote workers.
Why is password security is important?
There is no question that attackers are using compromised credentials more than ever. For example, in the 2021 Data Breach Investigations Report published by Verizon, it was stated:
“Phishing continues to walk hand-in-hand with the use of stolen credentials in breaches as it has in the past. Admittedly, we expected to see an increase here due to a larger remote workforce.”
The report also stated:
“As we have pointed out in previous reports, Credentials remain one of the most sought-after data types…”
What’s more, the costs to businesses when credentials are compromised are tremendous. For example, note the following from the IBM Cost of a Data Breach 2020 report:
“Stolen or compromised credentials were the most expensive cause of malicious data breaches. One in five companies (19%) that suffered a malicious data breach was infiltrated due to stolen or compromised credentials, increasing the average total cost of a breach for these companies by nearly $1 million to $4.77 million.”
Cybercriminals have capitalized on businesses having to shift to a remote workforce and have primarily been using phishing emails and other tactics to compromise credentials. With these facts present, password security must be a priority for businesses moving into a hybrid back-to-work model for employees.
What a hybrid back-to-work model means for password security
With users working remotely, users may not be “connected” in a way that allows centralized password change policies to synchronize immediately. Users may be working with cached credentials in some cases. If changes are made to password policies in Active Directory, the users and their end-user systems may not receive policy updates promptly. Additionally, organizations must decide how they deal with password expiration for remote end-users. If the end-users have issues changing their passwords and experience account lockouts, how are these triaged?
The right password security tools are needed
Businesses adopting hybrid back-to-work models for employees post-pandemic must think about the new challenges of employees working remotely. These include securing and enforcing password policies for remote employees and how remote users can have password or account lockouts triaged, as mentioned earlier.
Specops provides many robust password security solutions that help organizations meet the challenges of the post-pandemic era where hybrid back-to-work models are implemented. Specops Password Policy allows businesses to enforce modern password policies that offer features and capabilities not found in native Active Directory functionality. These features include:
- Breached Password Protection
- Multiple password dictionaries
- Length-based password expiration
- Regex password filtering
- Dynamic password change feedback to end-users
Specops Password Policy
With Specops Password Policy, organizations can implement and enforce modern password policies with rich cybersecurity features suited for hybrid back-to-work and other work configurations.
Specops Password Policy Breached Password Protection
For service desks supporting remote employees, password change issues and account lockouts can take a significant amount of time and prove highly challenging. Specops uReset provides businesses with the tools needed for remote users to unlock their account and reset a password using a self-service mechanism secured with multi-factor authentication (MFA).
User prompted for mobile code verification to reset an account using Specops uReset
In addition, Specops Secure Service Desk is a robust tool that allows service desks to have a verification mechanism to verify the identity of end-users whose accounts they are triaging over the phone.
Verifying a user with Secure Service Desk
Specops uReset and Secure Service Desk provides the following features:
- 15+ MFA identity providers to enable authentication choice and increase security
- Updates the locally cached credentials for remote users
- Use any browser, the Windows login screen, or the uReset mobile applications
- Helpdesk interface for verifying end-users, unlocking user accounts, and setting temporary passwords
- Enforce user enrollment and auto-enrollment options
- Usage and audit reporting to view usage and track system events
- User interface available in multiple languages including German, French, Spanish, Japanese, simplified Chinese, and many more
- Customizable user interface
- Real-time compromised password check at password reset/change (when used with Specops Password Policy)
- Block/allow self-service password resets by geographical location (country), or specific IP address
Using Specops uReset to reset a lost password or unlock an account
Wrapping Up
Businesses today need to consider how they can meet the challenges associated with increased cybersecurity risks, especially with the hybrid workforce. Cyber-attacks commonly use compromised credentials as a primary way to attack business-critical data with malicious attacks, often involving ransomware. With hybrid back-to-work models becoming the new normal, businesses must bolster the password security used in the environment. Specops Password Policy, uReset, and Secure Service Desk are all robust tools that help meet the various remote work password security challenges.
Learn more about Specops tools that can help your business with today’s hybrid work challenges.
