Following the impact of COVID, a significant portion of the IT industry has embraced a flexible work policy to foster a more balanced work-life culture. These policies encompass various options like 'Work from Anywhere,' 'Remote Work,' and 'Work from Home,'. This marks a profound shift when compared to the traditional work culture.
Such substantial transformations bring both advantages and risks. The remote work culture, in particular, has had a profound impact on the field of cybersecurity, as attackers are continuously devising new methods to compromise systems and corporate networks.
Concurrent login gives users extra flexibility by allowing them to log onto the network from multiple locations in a short period.
Simultaneous logins might result in various security risks such as the abuse of the user's personal information or resources to carry out unlawful acts, credential leakage, and system compromise.
Whether you want to allow or disallow concurrent logins will very much come down to the threat model of your application. However, it’s recommended that you should block the concurrent logins OR at least set up some security controls to monitor and mitigate it in case of any incident. Typically for higher-risk applications (e.g. online banking or anything else transactional) disallowing concurrent logins is likely to be warranted.
There might be a valid scenario where either the user is traveling, leading to a change in the IP address location, or the account has been compromised. The current challenge lies in distinguishing between these two events and implementing the appropriate course of action.
1) Investigate the alert and check for the time difference, location distance, IP address and ISP details, device ID, etc
2) Check if recently a new device has been assigned to the user
3) Set up auto email notification to the user if logged in from a new device
4) If the location is unexpected, immediately lock the user account for 30 mins
5) OR According to the corporate policy, you can expire the old login session or block the new login
6) Lastly, contact the user and verify the login event
Telivy serves as the ultimate platform for addressing and preventing all cybersecurity issues and attacks within your organization. It comprehensively encompasses all critical aspects of cybersecurity, leveraging a diverse array of security tools to conduct thorough scans of both your internal and external networks.
This approach grants you unparalleled visibility into your security posture, identifying areas for enhancement.
If you are interested in a demo of how our services can help you manage this concern and many more, please email email@example.com and we will reach out to schedule some time with you!
Image by Freepik
Risk assessment in cybersecurity involves identifying, analyzing, and evaluating potential risks and vulnerabilities related to an organization's digital assets, information systems, and technological infrastructure. It aims to assess the potential impact of cyber threats and attacks, as well as the likelihood of those threats occurring.
Malware, short for malicious software, is a term used to describe any software designed to harm, exploit, or gain unauthorized access to computer systems, networks, or data. It is created with malicious intent and aims to compromise the confidentiality, integrity, and availability of the targeted systems or data.