Protect Your Data Now: A Guide to Assessing Concurrent Login and Mitigating Risks

Assessing concurrent logins

Following the impact of COVID, a significant portion of the IT industry has embraced a flexible work policy to foster a more balanced work-life culture. These policies encompass various options like 'Work from Anywhere,' 'Remote Work,' and 'Work from Home,'. This marks a profound shift when compared to the traditional work culture.

Such substantial transformations bring both advantages and risks. The remote work culture, in particular, has had a profound impact on the field of cybersecurity, as attackers are continuously devising new methods to compromise systems and corporate networks.

What is concurrent login?

Concurrent login gives users extra flexibility by allowing them to log onto the network from multiple locations in a short period.

Simultaneous logins might result in various security risks such as the abuse of the user's personal information or resources to carry out unlawful acts, credential leakage, and system compromise.

Should concurrent logins be allowed?

Whether you want to allow or disallow concurrent logins will very much come down to the threat model of your application. However, it’s recommended that you should block the concurrent logins OR at least set up some security controls to monitor and mitigate it in case of any incident. Typically for higher-risk applications (e.g. online banking or anything else transactional) disallowing concurrent logins is likely to be warranted.

• Critical businesses handling customer-sensitive information, PII Data, and Financial data should mandatory block the concurrent logins

• An organization that is compliant with cyber laws like- HIPPA, PCI, SOX, GDPR, etc. It’s recommended to use the best security control and restriction to protect the organization from any financial exposure

Preparation against concurrent logins

There might be a valid scenario where either the user is traveling, leading to a change in the IP address location, or the account has been compromised. The current challenge lies in distinguishing between these two events and implementing the appropriate course of action.

• Define the remote work policy and restrict via VPN login

• Set up the MFA to access the VPN, network, and devices

• Configure the security use cases to monitor such unusual logins with the genuine time gap

• Use the session ID, IP address, location metadata, and device ID to create the robust use case 

Plan of Action

1) Investigate the alert and check for the time difference, location distance, IP address and ISP details, device ID, etc

2) Check if recently a new device has been assigned to the user

3) Set up auto email notification to the user if logged in from a new device

4) If the location is unexpected, immediately lock the user account for 30 mins

5) OR According to the corporate policy, you can expire the old login session or block the new login

6) Lastly, contact the user and verify the login event

How Telivy Can Help

Telivy serves as the ultimate platform for addressing and preventing all cybersecurity issues and attacks within your organization. It comprehensively encompasses all critical aspects of cybersecurity, leveraging a diverse array of security tools to conduct thorough scans of both your internal and external networks.

This approach grants you unparalleled visibility into your security posture, identifying areas for enhancement.

If you are interested in a demo of how our services can help you manage this concern and many more, please email support@telivy.com and we will reach out to schedule some time with you!

‍

Reference

Image by Freepik