Active Directory Cybersecurity – Five Best Practices

The current world state in 2023 means that more companies have had to use technology resources to allow them to operate with remote employees. This has led to an increase in cyber-attacks and malicious actors targeting companies across all industries. There have also been more conversations about Cybersecurity. Active Directory cybersecurity (AD) should be a topic of conversation in your company. AD is critical to authorizing access and authorizing users. A compromise can quickly cause widespread damage that could prove difficult to repair. These five items will help you reduce that risk. 


Secure Active Directory Administrator Workstation


This system should be reserved for administrative tasks only. This device should not be connected to the internet. It shouldn’t have productivity tools, high-risk apps, or other applications that aren’t necessary for the secure admin role. 


Review Active Directory Cybersecurity Access

At a minimum, ensure that you review administrative access and superuser rights annually. Only employees with a job-related need for access should be granted this access. Non-administrative users should also be reviewed to make sure that they are not being used or have left the company. For larger organizations, this may be more challenging. We recommend that you implement a process to identify and remove inactive accounts after a specified time. This is common. 


Password policy for Active Directory

The 800-63 password guidelines of the National Institute of Standards and Technology (NIST), are a good source of information when you need to implement your password policy. These guidelines were first published in 2017 and last updated in 2019. These guidelines were published in 2017 and updated in 2019. @! ?&), The restriction of certain phrases (like an email address or username), restriction dictionary words and restriction of repetitive or consecutive characters (e.g. 1234, 1111, abcd). 


Management of Active Directory Vulnerability

It is important to quickly identify and fix vulnerabilities. Malicious actors will exploit vulnerabilities quickly so it is important to do regular vulnerability scans (at minimum once per month) and to complete remediation promptly. You should also ensure that you are installing automatic updates to operating system and third-party software. Your organization should also identify and update any software that is not being supported. 


Plan for Active Directory Disaster Recovery and Incident Response

Nearly 70% of businesses were affected by a cyber-attack in 2018, with more than half experiencing a breach. Even if you have everything in place, one employee can click on a fake email and cause your business to stop. This could cost your company millions to recover from. To limit damage to your network and minimize recovery time and costs, it’s vital to have a plan in place. These plans should include identifying leaders and response teams, communication procedures, priority servers, training plans, and training plans. These plans should be reviewed at least once a year. You should also test your data backups to make sure that they are reliable and usable. 


Our Risk Advisory Services team is available to assist you if you’re interested in increasing your organization’s security around Active Directory. To identify areas of weakness in your organization, our internal consultants will perform an assessment. We will recommend the right level of control and create systems to monitor, evaluate and update these controls. 

Share on social media:

Related articles