Oct 25, 2017Industry insights,
What's the point of user access control?
User access control is one of the core criteria that is outlined in the Governments Cyber Essentials Scheme. User access control refers to the process of managing user accounts, and especially the users with special access privileges such as administration. This process will protect the business from incorrect and unauthorised accesses to the businesses applications, computers and network.
If a business fails to understand the importance of user access control and doesn’t implement a robust management policy, it’s likely to leave the business vulnerable to cybercrime. Hackers will be able to infiltrate IT systems such as PC’s, laptops and servers much easier, and when you add in the threat of Brute Force attacks, which will try to access the administrative user by hitting it with a barrage of random password combinations, the risks are very real.
In addition to the threat of hackers, another risk to the business is the one that’s posed from ex-employees. Without an effective user access control management process, it’s likely there is no real policy that surrounds the correct procedures for off-boarding. This could mean that ex-employees remain with access to any number of business applications such as CRM platforms, email and even business files. It can lead to information being unintentionally lost or even maliciously stolen.
What can you do to manage this effectively?
- Implement a robust user access control management process and procedure
- Restrict special access to those individuals that actually need it
- Any information and details of people with enhanced access privileges needs to be stored securely
- Administrative accounts should only be provided for specific role related duties and not for non-administrator activities
- Privilege access should be removed or restricted once the employee no longer requires the access. This includes the removal of access for ex-employees.
- Implement a unique username and strong password policy that ensures passwords are changed regularly.
If you are interested in finding out more about the cyber essentials scheme, we’ve developed Cyber Security: The minimum standard a handy guide that demonstrates all five key areas of the scheme and what IT professionals can do to keep their business cyber secure.