Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

5 Ways to Avoid Being the Next Data Breach Headline

September 19, 2018

  • Blog
  • Archive

It's been an active season for criminal hackers and rogue employees with vindictive motives and the ability to exploit weak cyber security systems. Let’s recap with a look at a few of the IT security disasters over the past year or so:

  • Hackers accessed up to 143 million customer account details from Equifax. Information stolen included names, social security numbers, and credit card numbers.
  • WannaCry ransomware targeted businesses in more than 150 countries that were running outdated Windows software, and locked down more than 300,000 machines.
  • It was announced that every one of Yahoo's 3 billion accounts (three times the original estimate) had been hacked back in 2013.

I could easily list a dozen more examples. But, since you’re reading this blog, you’re already aware of the risk that determined criminal hackers, as well as malicious (and mistake-prone) insiders, pose to your confidential data, regulatory compliance status and reputation.

I think we all realize that we’re past the age when IT could run antivirus software, put up a firewall, apply patches and thereby maintain a solid level of security. So here are five tips for maintaining tight control over critical systems in the modern enterprise:

Employee Only Access

Just because you terminate a troublesome IT administrator doesn’t mean you’ve seen the last of him. Dismissing a wayward employee is more than an HR formality. Particularly for IT staff, once you decide to part ways with an employee you must immediately revoke any logins to your systems. Pay particular attention to privileged account access that IT personnel use to install applications, change configuration settings, and obtain free reign throughout the infrastructure. Here’s one example of the damage you risk when you don’t revoke privileged access from former employees.

Document Access Points

Shutting off access to former employees and contractors is one thing. Knowing exactly what to shut off is a different matter. Privileged accounts reside on almost every system, line-of-business application, Web service, and hardware device. Yes, there a lot of them. If you’re in a large organization, you likely have many thousands of such accounts. And that includes some that you probably don’t even know are there. But each one of these accounts represents a potential point of vulnerability into your network. So find all of them. Here’s one way to do it – download the free Password Discovery Tool.

Beyond Password Management

You probably have a password policy for user logins – complexity, change frequency and so on. That’s important. But if you’re not managing privileged passwords (the logins for the powerful privileged accounts described above), you’re not going to prevent the types of criminally organized data breaches mentioned at the beginning of this post. You need to document where the privileged accounts reside in your infrastructure. And you need to set up each account with its own unique and cryptographically complex password. Then, continuously change those passwords.

Prove It

How can you prove who is accessing your privileged accounts? With detailed reports that show which IT admins use privileged passwords, when and for what purpose. By maintaining this level of oversight on privileged access, you’re not only discouraging abuse of these accounts, you’re providing an audit trail leading back to the precise cause if a problem does occur. These reports should be available to IT management and executive staff. And they should be accessible on demand to regulatory compliance auditors.

Link Exposure

Keep your privileged account passwords available only to delegated, audited users on a need-to-know basis. With time-limited, least privilege access and frequently changing credentials, there are no static passwords available on sticky notes, shared spreadsheets or in an IT admin’s memory. And that means no tricky social engineering exploits or rogue IT personnel can use a known privileged password to wreak mayhem in your network.

Some of this may seem daunting, but with the right cyber security solution it’s really not. (Of course, I’d be remiss if I didn’t mention that Bomgar’s privileged access management solution can automate the functionality described above.)

No one can predict the target of the next cyber attack. But incorporating these measures into your existing security practices could save you from a lot of turmoil down the road.

Chris Stoneff

VP Security Solutions, Development

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.