Ensuring Cyber-security by Managing Access and Privileges for Users

Your organisation’s data and intellectual property are invaluable resources, but they also present a tempting target for cyber-attacks. If your systems are compromised, there may be irreparable harm done to your organisation’s finances, reputation and future. One of the most important steps in addressing cyber-risks is regulating what information is accessible, and by whom.

Many cyber-attacks occur due to a user’s account being hacked or compromised. With that in mind, your organisation should take steps to limit how much access each user on your network has. By doing this, employees and other users will not be able to access information that they should not be privy to and, if hacked, the attacker will not have as much access to your systems.

Take the following steps in order to maintain proper user access:

  • Account management—Accounts and their respective access permissions should be managed and updated regularly. Redundant accounts provided for testing or temporary staff should be deleted or inactivated after having served their purpose.
  • Authentication policies—Organisations should establish a password policy that ensures employees will be using strong passwords in order to access data. For accounts with certain permissions, additional authentication steps should be considered.
  • Limited access—All users should only be granted access and permissions that are necessary to perform their job.
  • Limited privilege—The number of accounts with in-depth access to important systems and sensitive information should be strictly limited. Administrative accounts with a high amount of access should be used sparingly. Those with access to them should also have normal accounts that are used for everyday business.
  • Surveillance—It is important to be aware of what is going on in your network. Monitor the activity of users and respond to any suspicious activity.
  • Separate logs—Access to activity logs should be limited. Activity logs should be sent to an accounting and audit system that is kept separate from your core network.
  • User awareness—Make sure that your users are aware of how they are allowed to use their accounts, what permissions they have and their personal responsibilities as they pertain to the organisation’s overall cyber-security.

 

This blog is for informational purposes only. It is not intended to be exhaustive nor should any discussion or opinions be construed as compliance or legal advice. In relation to any particular problem which they may have, readers are advised to seek specific advice. Further, the law may have changed since first publication and the reader is cautioned accordingly. Content by Zywave, Inc. provided by TH March.

Read our other posts

Deciding Who Should Work From Home During COVID-19

Deciding Who Should Work From Home During COVID-19

As organisations across the UK continue reopening and the threat of a second wave of COVID-19 cases looms, employers are facing difficult decisions regarding work-from-home arrangements. Some employers are opting to extend work-from-home arrangements until next year, others are asking all employees to return to the office and some are offering a hybrid of the […]

Public Liability Insurance Scenarios

Public Liability Insurance Scenarios

For businesses and organisations, there is often a long list of risks and loss factors that must be managed. Even small errors can lead to large legal problems, significant financial losses or other irreparable damage. But, with the right insurance policies, these potential pitfalls can be covered. Public liability insurance is one of the most […]

Steven Clemence receives the Chartered Insurance Institute 2020 Distinguished Award

Steven Clemence receives the Chartered Insurance Institute 2020 Distinguished Award

Steven Clemence, Chartered Financial Planner at TH March and Fellow of the Personal Finance Society (FPFS) has received the Chartered Insurance Institute 2020 Distinguished Award, in recognition of service to the insurance industry and the CII. Each year nominations are submitted and out of over 120,000 members worldwide Steven’s particular dedication to the profession is […]

Preventing Sprains and Strains at Work

Preventing Sprains and Strains at Work

Sprains and strains are common injuries for employees across industry lines. Sprains result from stretches or tears to a ligament (tissue that connects multiple bones at a joint), while strains are caused by stretches or tears to a muscle or tendon (tissue that connects muscle to bone). Both sprains and strains can happen suddenly or […]

Protecting Employees Who Work Alone

Protecting Employees Who Work Alone

As an employer, you are responsible for the safety and well-being of your employees. It is not uncommon for safety precautions in the workplace to depend on employees looking out for each other or formalised buddy systems. Under the Management of Health and Safety at Work Regulations, employers are responsible for managing risks to employees […]