Latest News


Keep up to date with us.... always


Call +353 1 8827 600

REQUEST YOUR MEETING TODAY

MFA (multi factor authentication), PASSWORDS – PROTECT YOUR BUSINESS FROM CYBER THREATS – simple measures

RMcH comment: whilst some of this article from Integrity 360 latest newsletter may ‘go over your head’ (& mine), the key to all data protection is MFA (multi factor authentication), as in make sure your homeworkers are utilising all password functions on ‘log in software’ and to change the passwords regularly. Also make sure you have a ‘fire wall’ above your router and in fact the firewall has been tested.

 

Privileged Account Management (PAM) has been placed at #1 for last two consecutive years (2018 & 2019) in Gartner’s Top 10 Security Projects. This is due to the fact that nowadays, with an ever-expanding infrastructure like on-premises, cloud, IoT, DevOps, mobile devices and SaaS Business Applications, classical Perimeter Security is not as effective as it used to be due to so many control points and gateways. Furthermore, privileged accounts exist on every asset and system out there, not forgetting about Non-Human Privileged Accounts that are even more difficult to monitor and track (e.g. vulnerability scanners, RPA, or Secrets in Jenkins, etc.)

Define your privileged accounts

The very first step to begin securing privileged accounts is to decide which accounts are privileged and uncover where they live. Many organisations struggle to define their privileged account because one size does not fit all. It's different in every company but the best approach is to stick to the rule that ‘any account with the ability to change or modify the confidentiality, integrity and availability (CIA) of an asset or system will qualify as a privileged account.

Think outside of just IT infrastructure

The pitfall a lot of businesses fall into is thinking that privileged accounts exist only at an IT Infrastructure level, e.g. domain admin, local server/workstation admin, root or enable accounts on Cisco devices, etc. The reality is that this list of privileged accounts is just the tip of the iceberg. Business application admin accounts like Salesforce, SAP or financial application accounts are also privileged. Furthermore, social media accounts are always forgotten about for corporate Twitter, Facebook and Instagram. Hacked social media accounts can be a huge embarrassment for a business and could cause serious reputation damage, making it difficult to regain customer trust.

Approaching the problem

Below are a number of questions which might help you to understand the Privileged Account Security posture of your organisation:

  1. How many privilege accounts do you have?
  2. Where do your privilege accounts exist?
  3. What actions are they used for? E.g. in application servers, Windows services, B2B applications, etc.
  4. Are the passwords for privileged accounts rotated frequently?
  5. Who knows the passwords for them?
  6. What happens when an employee leaves the organisation? Do you change all the passwords they had access to?

Even with answers to all of the above questions, putting in the right preventive and detective control is a strenuous task, while also maintaining a proper balance between business operations and security. Trying to ensure that with so many privileges you can still prevent your employees from privilege abuse/misuse (intentional or unintentional) this task becomes even more challenging.

My recommendations would be to focus on the below 9 areas:

  1. Implement a Privilege Account Management solution
  2. Assess your separation of privileges (Secondary or -A accounts) and duties (e.g. refrain from using single domain admin accounts for day to day tasks)
  3. Follow Least privilege model
  4. Enforce password expiry, complexity and history (UNICODE characters, too, including emoji)
  5. Introduce access certification policy (quarterly/half yearly)
  6. Enforce service accounts to be non-interactive
  7. Introduce stronger technical and administrative controls like multifactor authentication (MFA) (specially for Internet/Cloud facing apps)

8   Educate users

9   Monitor and audit usage of Privileged Account Management.

If you’d like assistance deciding where to start your journey towards discovering and managing your privileged accounts please get in contact. We have a specialist team who would be happy to discuss your unique environment and offer guidance in line with privileged account best practices.

More information: www.cyberark.com

 

Click to go back

 

 

 

So what are you waiting for? Call Today and talk to us about how we can make a real difference to your business. Arrange your Meeting using the form below or call us direct on +353 1 8827 600.

ARRANGE YOUR MEETING TODAY! JUST FILL OUT OUR QUICK AND EASY FORM...

At the FREE, No-Obligation Meeting You Will Receive:

  • 3 proven and easy-to-apply strategies which could add hundreds (even thousands) of value to your business
  • Powerful solutions to your most pressing financial challenges (cash flow, cost management, profitability, etc).
  • €100 to your favourite charity if you do not consider our meeting to be of immense value to you





Still Not Convinced? Why not take a moment to watch this video and see the difference a Super Accountant can make to your business!

Remember, you can call us with any questions direct on +353 1 8827 600 OR you can find our contact details here