To learn more strategies for protecting your environment, watch my recent webinar "12 Strategies for Getting Your Password Game in Check". view nowAnother critical issue is that organizations commonly rely on many different applications to fulfill a variety of business needs. This is especially true of smaller companies where access management is often distributed across many business units or system owners. This model does not allow for a functional password management program, meaning it's virtually impossible to manage user access, privilege levels, and revocation in an easy manner. The process of securing your privilege accounts relies on a variety of factors, but two of the foremost is ensuring passwords are kept secure and enforcing a least privilege model—meaning employees have only the privileges necessary to perform their roles. Employee job functions and related access should be routinely reviewed to ensure that passwords managed sufficiently and that the privileged access reflects the most current job function. This accomplished easier when there is centralized management of those passwords. I would like to offer you some strategies that can help you sharpen your password game and keep your organization's critical systems safe.
12 Strategies to Protect Your Passwords from Unauthorized Users
- Adopt and implement security policies
- Limit admin access to systems
- Protect privileged account passwords
- Inventory your privileged passwords
- Ensure an individual, and not a generic user, is accountable for the privileged account
- Securely store your privileged passwords
- Adopt a staged approach to deployment
- Change embedded passwords
- Educate key stakeholders
- Provide greater visibility
- Automate management and security of privileged account passwords
- Apply and enforce change management policies to privileged passwords
Derek A. Smith, Founder, National Cybersecurity Education Center
Derek A. Smith is an expert at cybersecurity, cyber forensics, healthcare IT, SCADA security, physical security, investigations, organizational leadership and training. He is currently an IT Supervisor at the Internal Revenue Service. He is also owner of The Intercessors Investigative and Training Group (www.theintercessorgroup.com). Formerly, Derek worked for several IT companies including Computer Sciences Corporation and Booz Allen Hamilton. Derek spent 18 years as a special agent for various government agencies and the military. He is also a cyber security professor at the University of Maryland, University College and Virginia University of Science and Technology and has taught for over 25 years. Derek is retired from the US Army and also served in the US Navy, and Air Force for a total of 24 years. He is completing his Doctorate Degree in Organizational Leadership and has completed an MBA, MS in IT Information Assurance, Masters in IT Project Management, and a BS in Education. Derek has written several books including Cybersense: The Leaders Guide to Protecting Critical Information, and its companion workbook, and he has contributed to several other books as an author and technical adviser.