Key Takeaways
- Cyberattacks increase significantly during holiday periods.
- Inform your team about security risks and best practices while travelling or working remotely.
- Identity and access management (IAM) is essential to secure user credentials, identities, and data while working from home, office, or remotely.
- With geofencing, adaptive multifactor authentication (MFA), and advanced threat detection, Okta’s IAM delivered through ZeroTek offers a highly secure, low-friction solution to keep data safe no matter where you are.
Sections
- Digital security can’t take a holiday
- Cyberattacks increase during holidays and vacations
- How staff can protect their data while travelling
- Additional safeguards to help organizations protect their information
- ZeroTek | Okta can help
- How ZeroTek | Okta protects organizations and identities on the road
- Recipe for travel security with ZeroTek | Okta
- Don’t be fooled when things are quiet
Sections
- Digital security can’t take a holiday
- Cyberattacks increase during holidays and vacations
- How staff can protect their data while travelling
- Additional safeguards to help organizations protect their information
- ZeroTek | Okta can help
- How ZeroTek | Okta protects organizations and identities on the road
- Recipe for travel security with ZeroTek | Okta
- Don’t be fooled when things are quiet
Key Takeaways
- Cyberattacks increase significantly during holiday periods.
- Inform your team about security risks and best practices while travelling or working remotely.
- Identity and access management (IAM) is essential to secure user credentials, identities, and data while working from home, office, or remotely.
- With geofencing, adaptive multifactor authentication (MFA), and advanced threat detection, Okta’s IAM delivered through ZeroTek offers a highly secure, low-friction solution to keep data safe no matter where you are.
Digital security can’t take a holiday
As Thanksgiving approaches, millions of Americans are busy planning: decorating their homes, discussing the feast-day menu, figuring out seating arrangements, and deciding who gets the guest room. Whether it’s across town or across the country, travel is also top of mind for many, but who is thinking about their digital security?
Small and medium-sized businesses (SMBs) would be wise to confirm that whoever looks after their IT security has a comprehensive plan and the right tools in place. And Managed Service Providers (MSPs) should make sure their tools and solutions provide the kind of security their customers expect and need.
Cyberattacks increase during holidays and vacations
According to Darktrace, a British cyber security company, the average number of attempted ransomware attacks increases by 70% during the November and December holiday period compared to January and February.
During the holidays, people often increase their online activity, may be more easily distracted or stressed, and travel more. Thanksgiving week is one of the peak travel times in the US. Just over half of travellers surveyed in an IBM/Morning Consult study worry their digital information could get stolen while travelling, yet over 70% engage in risky behavior like connecting to public Wi-Fi or pairing their phones with rental car Bluetooth despite warnings from the FCC and various media outlets about the dangers of doing so.
This behavior isn’t just risky for individuals, it’s also risky for the organizations they work for—and not just during holidays, but any time someone travels.
How staff can protect their data while travelling
As a first step, organizations should make sure their staff understand how to mitigate security risks while travelling:
- Update your devices to ensure you have the latest and most secure operating system and software.
- Make sure you have a known good backup. Create a restore point before you leave.
- Don’t use unencrypted public Wi-Fi.
- Don’t use shared or public computers.
- Don’t pair with Bluetooth-enabled rental cars. If you do, make sure you delete stored data and remove your phone from the list of paired devices.
- Don’t use charging stations (even in your hotel room). Plug directly into an electrical outlet.
- Turn off auto connect.
- Use multi-factor authentication (MFA) on devices, applications, and accounts.
If your organization doesn’t already have a list of best practices your employees can refer to, consider creating one, and make sure everyone has read it. There are many excellent online sources that discuss security while travelling.
Additional safeguards to help organizations protect their information
Of course, people don’t always follow security best practices, so what can organizations do to ensure their digital security no matter where their employees are or how they behave?
Effective security recognizes and protects what’s vulnerable. Ten years ago, when network infrastructure and apps were mostly or entirely on-premises, firewalls could protect a company’s resources. Now that most—or all—apps and network infrastructure are in the cloud, the new security perimeter consists of all the login credentials staff members use every day to access those resources.
Cyberattacks targeting user identities and credentials have become unrelenting—password spraying, brute force attacks, and phishing are now daily occurrences. In fact, user logins and passwords are the top vector for successful cyberattacks (Verizon 2024 Data Breach Investigations Report). Protecting them through robust identity and access management (IAM) is now central to securing digital assets.
As Gartner explains, “[IAM] is a security and business discipline that includes multiple technologies and business processes to help the right people or machines to access the right assets at the right time for the right reasons, while keeping unauthorized access and fraud at bay.”
ZeroTek | Okta can help
Okta’s industry-leading IAM technology is used by top global enterprises including Zoom, Hubspot, Virgin Media O2, and FedEx to protect against identity-based attacks. But the smaller and mid-sized businesses MSPs support are equally vulnerable to the same kinds of attacks—and often less protected.
That’s why SMBs need Okta, and the MSPs who serve them need ZeroTek. ZeroTek is a SaaS platform deeply integrated with Okta, designed to make it easy for MSPs to deliver Okta’s enterprise-class IAM to multiple SMB customers from a single dashboard.
With sophisticated threat detection, a powerful and intuitive policy engine, and granular control, Okta delivered through ZeroTek makes it easy to protect customer identities and data with the best technology available.
How ZeroTek | Okta protects organizations and identities on the road
Let’s look at three essential ways ZeroTek | Okta delivers the security required to protect a customer organization while employees travel:
Geofencing
You need to be able to define security rules based on where users are logging in from.
Geofencing specifies virtual boundaries on geographical areas, such as restricting access based on an organization’s state or country of operations. Correctly setting up multi-level geofencing and travel-friendly security protects you, your employees, and your customers, particularly during business travel.
Using a combination of rules, groups, and policies, MSPs can specify different levels of access, which get progressively more restrictive depending on the user’s location:
- Physical office location
- City, state, or country
- Locations outside of these zones
In ZeroTek, you simply add a user to the appropriate group when they are travelling, and the authentication policies you have configured for that group apply whenever they log in from the geofenced area. You can also configure time-limited geofencing, so travel-specific rules don’t become the new normal.
For example, when someone travels from the US to Europe, you can add them to a “Europe-Travel” group that requires users to meet higher authentication requirements and restricts them from accessing sensitive HR and financial resources while they are overseas.
Multi-factor authentication (MFA)
When credentials are the target, you need to be sure that a person logging in really is who they say they are.
With multi-factor authentication (MFA), users must prove their identity in more than one way when they sign in. Okta categorizes three different types of authenticators:
- Knowledge – something the user knows, such as a password or the answer to a security question
- Possession – something the user has, such as a phone or access to an email account
- Biometrics – something the user is, meaning a physical attribute of the user that a device can scan, such as the user’s fingerprint or face
At a minimum, MFA in Okta requires two authenticators where each is from a different category. MSPs can configure MFA at the organization or application level. When configured at both levels, users are prompted to confirm their credentials when signing in to Okta, and again when accessing the applications that have been configured to require it.
Some users are concerned that MFA will be a burdensome process that wastes time, but ZeroTek | Okta makes it easy to deliver a low-friction authentication experience for legitimate users while being strong enough to stop threat actors in their tracks.
Automated threat detection
Not all logins are alike. The protection required must be appropriate to the context and the level of threat.
That’s why Okta’s Behavior Detection lets MSPs configure how to handle login requests based on changes to typical patterns of user behavior.
For example, you can configure a policy that requires users to provide an additional form of authentication if they log in from a different location than they normally do.
You can track the following types of behavior:
- Location – login from a different location
- IP address – login from a new IP address
- Device – login from a device that has not been used before
- Velocity – impossible travel. A distance that would be impossible to log in from based on the location of a user’s previous login (for example, Los Angeles an hour after logging in from New York).
Once you define the types of behavior to track, you can add the behavior to a sign-in policy to require multi-factor authentication.
Behavior Detection is an excellent supplement to geofencing, as it is not based on a hard-coded location, but rather a change in established locations, ideal for MSPs who want to provide travel security for their customers’ employees.
People who travel at Thanksgiving could go anywhere, making it difficult to geofence beyond country level. Being able to automatically detect that someone is trying to log in from a different location, IP address, or device without having to provide a specific value for those criteria makes travel security management easy and effective.
For example, if Sara has logged in from New York City the most recent 20 times, but then starts to log in from Boise, Idaho, ZeroTek | Okta requires her to provide additional authentication. The same policy works for all users whose established login location has changed, regardless of where they are.
Recipe for travel security with ZeroTek | Okta
Step 1: Specify network zones …
… areas from which you allow or deny login access. These zones can include country of operations, region of operations, office network, blocked zones, and so on.
Step 2: Add and configure authenticators …
… that allow you to set up MFA that is easy to use and highly secure.
Step 3: Configure Okta’s general security settings …
… including Okta ThreatInsight, which uses a detected threat level from across the entire Okta ecosystem to limit or block authentication requests from suspicious IP addresses, and reduce risks associated with malicious activity without blocking legitimate users’ access. In cases where Okta ThreatInsight suspects malicious activity and detects a high threat level, it blocks authentication requests from the IP address.
Step 4: Create groups and password/authenticator policies for employees …
… which specify different levels of access for the users in the group. Someone in the Office Network group who logs in from a physically secured office may have less restrictive access than someone who is in the Travel-Europe group, where the policy may include additional authentication factors and more frequent re-authentication prompts.
Step 5: Enable multi-factor authentication …
… so users need to prove who they are in more than one way, ideally using both possession and biometric authenticators that are more secure and lower friction for legitimate users.
Step 6: Configure Okta Behavior Detection …
… to leverage Okta’s ability to handle login requests differently based on changes in typical patterns of user behavior.
Step 7: Have a disaster recovery plan.
You have everything in place to make the likelihood of a breach vanishingly small, but it’s still a best practice to have a disaster recovery plan you communicate to your customers. Make sure to include your contact information and after-hours/holiday support hours in your SLA.
As a courtesy, consider messaging your customers around holiday times to remind them about your hours/contact information and how they can stay safe while travelling.
Of course, it will be especially important for MSPs using ZeroTek | Okta to leverage ZeroTek’s caller ID verification tool to make sure help desks aren’t fooled by threat actors who might convincingly impersonate legitimate users.
Don’t be fooled when things are quiet
Vacations and holidays are often quiet times for MSP help desks. Employees are either not working or working fewer hours. IT security teams may be under resourced, which is attractive to cyber criminals, according to a report from Barracuda. Weekends, overnight, or during holidays are prime times to target organizations. (Source: Cyber threat severity rises during the holidays says research.)
With ZeroTek | Okta, MSPs have the best tool to mitigate the risks organizations face during vacations and holidays, for both their own business and employees, and their customers.
The first day back after a holiday is busy enough. Don’t let dealing with the aftermath of a cyber security breach add to your workload. Happy Thanksgiving to those celebrating—and may threat actors find no way to your table.