In life, we restrict and control who has access to almost anything you can imagine; from the keys to your home to the time of day, the kids are permitted into the cookie jar! Access control is a fundamental part of life, but it is often disregarded when it comes to IT. It is all too easy to assume our computer systems and the private information which they hold, are safe.
In reality, without the correct measures protecting your computer systems they will be vulnerable to breaches. People consider themselves safe because they have a password or anti-virus software when in reality these measures simply aren’t enough.
Controlling access is one of the most important data security preventions available. Legally, data protection is of the utmost importance. Worryingly, without proper access controls you could be leaving your company or staff open to serious problems; data loss or theft, breach of privacy or damage to the infrastructure, to name just a few.
The importance of choosing your team’s access to files and deciding who the trusted members of the team are couldn’t be more important. Human error has a well-documented history of causing a data breach. According to a CybSafe analysis of data for the UK Information Commissioners Office (ICO), human error was the cause of approximately 90 percent of data breaches in 2019¹.
Access should be on a need to know basis and should permit access only to those that require it for their job role and remove it for those that do not.
The Baseline Security controls of Cyber Secure Canada
Maintain tight control over your digital real estate by enforcing the most secure authentication procedures. Consider using 2-factor authentications (where multiple access criteria are required to be met) to ensure that only trusted personnel are able to gain access to your network.
Strong authentication protocols
Staff are authorized access when given an active user account, this allows the staff to use devices, apps, and also gives the staff access to potentially confidential business information. By ensuring staff have accounts that allow access to the point they need it to, can reduce the risk of information being stolen or damaged.
The accounts with special access privileges are the ones that need the most protection when an account with access to devices, apps or perhaps sensitive information is hacked this can jeopardize the business altogether. These are the accounts that when exploited can provide a platform for a large-scale attack aimed at information or devices, this would cause severe disruption to most businesses.
Make revised decisions on who you allow access to the ‘privileged’ accounts. If the user is untrained or unaware of the risks and opens a malicious email attachment, for example, any viruses are normally executed to the same level of privilege of the account that the user is signed into, meaning potentially severe damage to a business infrastructure you can’t afford to be damaged.
James is the user logged into a ‘privileged’ account (accounts, administrative), he opens what he sees to be a harmless email, unbeknown to him it is a malware virus.
The malware needed James’ ‘privileged’ access to infect the system with a type of malware known as ransomware, it encrypts all data on the network and demands a ransom to get it back.
‘Sandbox’ access is sometimes the best way to protect your system from attack as mentioned in another blog.
Cyber Secure Canada requires different levels of access control for its accreditation, including passwords, they say “Organisations should have clear policies on password length and reuse, the use of password managers, and the conditions that a user must meet to physically write down and store a password” and user authentication policies, “Whenever possible, use two-factor authentication”. I hope this has highlighted the importance of Access control within your business in regards to the Cyber Secure Canada certification.
Get advice, service and products that fit your unique needs. KDI is an expert partner for complete IT Services and Networking Support based out of the Greater Vancouver area. We are your one-stop IT solution, uniquely combining aspects of information technology, software development, and accounting expertise to make your work life easier.