It’s been an active season for criminal hackers, rogue employees and others with vindictive motives and the ability to exploit weak cyber security systems. Let’s recap with a look at a few of the IT security disasters we’ve seen so far this year:
- Hackers accessed up to 143 million customer account details from Equifax. Information stolen included names, social security numbers, and credit card numbers.
- A misconfigured setting on a cloud server led to phone numbers, names and pin codes of six million Verizon customers being posted online.
- Chipotle’s payment systems were hacked when malware which accessed payment card data was installed on point-of-sale terminals.
I could list a dozen more examples. But, since you’re reading this post, you’re most likely aware of the risk that determined criminal hackers outside your organization, as well as malicious (and mistake-prone) insiders can pose to your confidential data, regulatory compliance status and reputation.
5 Cyber Security Best Practices
I think we all realize that we’re well past the age when IT could run antivirus software, put up a firewall, update Windows patches and thereby maintain a solid level of security. So here are five tips for maintaining tight control over critical systems in the modern enterprise:
Employee Only Access: Just because you terminate a troublesome IT administrator doesn’t mean you’ve seen the last of him. Dismissing a wayward employee is more than an HR formality. Particularly for IT staff, once you decide to part ways with an employee you must immediately revoke any logins that can access your systems. Pay particular attention to privileged account access that IT personnel use to install systems and applications, change configuration settings, and generally obtain free reign throughout the IT infrastructure.
Document Access Points: Shutting off access to former employees and contractors is one thing. Knowing exactly what to shut off is a different matter. Privileged accounts reside on almost every system, line-of-business application, database, Web service, and hardware appliance in the IT infrastructure. Yes, there a lot of them. If you’re in a large organization, you most likely have many thousands of such accounts. And that includes some that you probably don’t even know are there. But each one of these accounts represents a potential point of vulnerability into your network. So find all of them.
Beyond Password Management: You probably have a password policy for user logins – complexity, change frequency and so on. That’s important, but if you’re not managing privileged passwords (the logins for the powerful privileged accounts described above), you’re not going to prevent the types of criminally organized data breaches mentioned at the beginning of this post. Once you’ve documented where the privileged accounts reside in your infrastructure, you need to set up each account with its own unique and complex password. And then continuously change those passwords with a network password management system.
Prove It: How can you prove who is accessing your privileged accounts? With detailed reports that show which IT admins use privileged account passwords, when and for what purpose. By maintaining this level of oversight on privileged access, you’re not only discouraging abuse of these accounts, you’re providing an audit trail if a problem does occur. These reports should be available to IT management and executive staff. And they should be accessible on demand to regulatory compliance auditors.
Limit Exposure: Keep your privileged account passwords available only to audited users on a need-to-know basis. With time-limited access and frequently changing credentials, there are no static passwords available on sticky notes, shared spreadsheets or in an IT admin’s memory. And that means no tricky social engineering exploits or rogue IT personnel can use a known privileged account password to wreak mayhem in your network.
All this may seem daunting. But consider the ramifications if you are involved in one of the high-profile data breaches discussed at the top of this post. No one can predict the target of the next cyber attack. Incorporating these measures into your existing security practices could save you from a lot of turmoil down the road.
Of course, I’d be remiss if I didn’t mention that our privileged identity management tools can automate all the functionality described above. You can learn more in our white paper, Using Automated Privileged Identity Management to Limit Intrusion Losses and Reduce Costs.
If you like this topic, please subscribe to our Cyber Defense Newsletter.
You can also follow us on Twitter.