While it’s true that cybercriminals are eager to hack any account, they are especially interested in discovering and compromising what are known as “privileged accounts.” These are typically assigned to Admins, and which provide access to critical devices, software systems, and networks. However, in many organizations — and especially in small and mid-sized businesses (SMBs) — many employees, contractors, and even vendors are given access to privileged accounts. Why? There are two basic reasons.
The first reason is that it can be more practical, convenient, and expedient. Think of it like giving multiple tenants (employees) of a building a master key (access to privileged accounts) that unlocks the front door. This makes life easier and more efficient for everyone.
The second reason isn’t that inspiring, but it is nevertheless the truth: many organizations (and again, this is particularly common in SMBs) simply have no idea that different employees and third parties have access to privileged accounts in the first place.
Both of these reasons are understandable. However, when it comes to preventing a cyberattack, they are not just a bad idea: they are a potential catastrophe waiting to happen. Nearly 40% of data breaches involve privileged accounts. Fortunately, there is a way to lock down privileged accounts in a way that makes sense for both security and efficiency, and it’s called the principle of least privilege (POLP).
What is POLP?
POLP is a policy in which employees, contractors, and any other individual or group is only given the level of access they need to carry out their authorized tasks — and nothing more. And if greater access is temporarily required to complete a specific objective, then this must be requested and approved.
What Accounts Should be Included?
There are several types of accounts that should be governed by POLP, including:
- Domain Admin Accounts
- Domain Service Accounts
- Local Administrator Accounts
- Emergency Accounts
- Service Accounts
- Application Accounts
- Privileged Data User Accounts
- Root Accounts
- Accounts Used to Access Security Solutions
- Wi-Fi Accounts
- Hardware Accounts (e.g., BIOS and vPro)
- Firewall accounts
- Shared privileged accounts (see note below)
Note: In many cases, privileged accounts are not assigned to a specific user, but they are instead shared across administrators. Basically, any account that grants users anything more than a standard account qualifies as a privileged account and therefore should be managed and monitored accordingly.
Keeping an Eye on Rogue Insiders
So far, we have highlighted that POLP can help organizations guard against cyberattacks carried out by external hackers. But there is another front that POLP can help defend as well: internal threats. Approximately 60% of data breaches are attributable to rogue users.
POLP Best Practices
There are several best practices that make implementing POLP faster, easier, and more effective. These include:
- Evaluate all roles to decide the right access level.
- As discussed earlier, if temporary privileged access is required, use one-time-use credentials that are granted at the last possible moment, and then revoked immediately after use. This is known as privilege bracketing.
- Separate administrator accounts from standard accounts.
- Separate higher-level system functions from lower-level system functions.
- Track all logins and activity.
- Regularly audit user privileges to confirm that access is appropriate.
- Have a process to remove access for all employees and contractors who have left the organization.
- Have the option to revoke privileged access in the event of an emergency.
The Problem for SMBs
Just like large enterprises, all SMBs need to enforce POLP. Unfortunately, for many SMBs this is much easier said than done. Auditing, analyzing, and then assigning access to all accounts is complex and time consuming. What’s more, determining who should get access to what can be confusing and problematic. The good news is that there is a proven way for SMBs to get the protection and peace of mind they need: partner with SRSS Technology.
The SRSS Technology Advantage
SSRS Technology specializes in ensuring that SMBs are secure and productive. We give our clients the clarity and peace of mind they need to focus on growing their business — while we take care of their comprehensive POLP, and associated cybersecurity/IT security objectives and obligations. And of course, we are affordable. We are not just an ordinary vendor, we are a dedicated long-term partner!
