Authored by Mr. Farrhad Acidwalla, Founder, CYBERNETIV DIGITAL
Global enterprises and organizations have year on year inscribed an increase in cybersecurity-related incidents. We repeatedly hear of them in the headlines and customarily assume malicious hackers and external agents are the usual culprits. However, recent research infers nearly half of global incidents are results of internal employee actions. For brevity and focus in this article, we will not enumerate on the whole ecosystem and complete statistics; we will fundamentally be concentrating on diminishing internal threats within any organization.
Some of the most critical security breaches are not the ones that are perpetrated by lone hackers outside a corporate environment; most violations are carried out by malicious or unknowing users within an organization. These are people who already have physical and digital access to the IT infrastructures of an organization. Moreover, it is not uncommon for hackers from outside to fool, use or cooperate with users within an organization to gain unauthorized access to data and network resources. The solution to this security hazard is to establish strict and redundant access level security for various personnel within an organization. The teams should only have access to the resources required to perform their job scope and nothing more.
The following strategies can be used to implement access level security in a corporate environment:
Implement Physical Access Restrictions: The best way to implement access restriction in a corporate environment is the confinement of physical access. Not only should the CEO and leadership offices be restricted; team members should not have access to a location within an organization that does not involve their job designations. An organization can use a Smart Pass or biometrics for access restriction or a waiting room in all departments where unauthorized personnel can wait.
Use IP to segment your network: Similar to physical access restrictions, computers of various departments should be on separate subnets. Only devices that need to communicate together should be on the corresponding network. With this type of settings, it dramatically reduces the possibility for a user to attempt to access devices in a separate department.
Use a Domain Controller: The use of a domain controller is an excellent solution for an enterprise network. All the computers use a centralized authentication from the domain controller which gives each user the appropriate privilege to files and computer resources. However, implementing a domain controller will require administration and overwatch of the same.
Limit Admin Access to Administrators Only: If an organization cannot implement a domain controller, an alternative is to give the staff "user access" and restrict Administrator access to the relevant personnel only. This type of access will prevent users from installing unnecessary applications and intentionally or inadvertently modifying resources in ways that can cause security breaches.
Use a Central File Sharing Server: Anomalous sharing of files can become confusing and allow unauthorized access to potentially essential documents. For easy administration, a central server should serve shared resources and give centralized access to users and computers, as per their defined privileges.
Do not share login access: As a matter of principle, users within an organization should not distribute their login details with other team members. A shared login implies sharing privileged access to shared files and resources.
Revoke redundant login access: More often than not, employees who have been with the organization for a long period or have switched roles internally, have access to various listed information. When a member of the staff is on vacation, leave, transferred or relieved of duties, the login access should be immediately disabled or deleted as appropriate. Redundant logins posture a threat and can be used to gain unapproved access to restricted resources within a corporate environment.
Implementing and reviewing access policies: Policies, procedures, and processes that assure that only necessary access privileges are granted to employees are to be formed. These also have to be evaluated on a regular basis to ensure that users only have entree to data that they require access to.
Internal Penetration Testing: Administering internal penetration testing is imperative so that vulnerable access controls can be recognized and the extent of information that is at risk in case of a breach can be determined.
Defining access privileges for employees is key to an organization. One slip up could compromise other processes, technological or otherwise, designed to protect and prevent unauthorized data access.
