It's been an active season for criminal hackers and rogue employees with vindictive motives and the ability to exploit weak cyber security systems. Let’s recap with a look at a few of the IT security disasters over the past year or so:
- Hackers accessed up to 143 million customer account details from Equifax. Information stolen included names, social security numbers, and credit card numbers.
- WannaCry ransomware targeted businesses in more than 150 countries that were running outdated Windows software, and locked down more than 300,000 machines.
- It was announced that every one of Yahoo's 3 billion accounts (three times the original estimate) had been hacked back in 2013.
I could easily list a dozen more examples. But, since you’re reading this blog, you’re already aware of the risk that determined criminal hackers, as well as malicious (and mistake-prone) insiders, pose to your confidential data, regulatory compliance status and reputation.
I think we all realize that we’re past the age when IT could run antivirus software, put up a firewall, apply patches and thereby maintain a solid level of security. So here are five tips for maintaining tight control over critical systems in the modern enterprise:
Employee Only Access
Just because you terminate a troublesome IT administrator doesn’t mean you’ve seen the last of him. Dismissing a wayward employee is more than an HR formality. Particularly for IT staff, once you decide to part ways with an employee you must immediately revoke any logins to your systems. Pay particular attention to privileged account access that IT personnel use to install applications, change configuration settings, and obtain free reign throughout the infrastructure. Here’s one example of the damage you risk when you don’t revoke privileged access from former employees.
Document Access Points
Shutting off access to former employees and contractors is one thing. Knowing exactly what to shut off is a different matter. Privileged accounts reside on almost every system, line-of-business application, Web service, and hardware device. Yes, there a lot of them. If you’re in a large organization, you likely have many thousands of such accounts. And that includes some that you probably don’t even know are there. But each one of these accounts represents a potential point of vulnerability into your network. So find all of them. Here’s one way to do it – download the free Password Discovery Tool.
Beyond Password Management
You probably have a password policy for user logins – complexity, change frequency and so on. That’s important. But if you’re not managing privileged passwords (the logins for the powerful privileged accounts described above), you’re not going to prevent the types of criminally organized data breaches mentioned at the beginning of this post. You need to document where the privileged accounts reside in your infrastructure. And you need to set up each account with its own unique and cryptographically complex password. Then, continuously change those passwords.
Prove It
How can you prove who is accessing your privileged accounts? With detailed reports that show which IT admins use privileged passwords, when and for what purpose. By maintaining this level of oversight on privileged access, you’re not only discouraging abuse of these accounts, you’re providing an audit trail leading back to the precise cause if a problem does occur. These reports should be available to IT management and executive staff. And they should be accessible on demand to regulatory compliance auditors.
Link Exposure
Keep your privileged account passwords available only to delegated, audited users on a need-to-know basis. With time-limited, least privilege access and frequently changing credentials, there are no static passwords available on sticky notes, shared spreadsheets or in an IT admin’s memory. And that means no tricky social engineering exploits or rogue IT personnel can use a known privileged password to wreak mayhem in your network.
Some of this may seem daunting, but with the right cyber security solution it’s really not. (Of course, I’d be remiss if I didn’t mention that Bomgar’s privileged access management solution can automate the functionality described above.)
No one can predict the target of the next cyber attack. But incorporating these measures into your existing security practices could save you from a lot of turmoil down the road.
