Access control
Protecting user accounts and helping prevent misuse of privileged accounts is essential for any cyber-secure system or network. User accounts, particularly those with special access privileges (e.g. administrative accounts), should be assigned only to authorised individuals, managed effectively, and provide the minimum level of access to applications, computers and networks.
Any organization whose employees connect to the Internet needs some level of access control in place. Access controls authenticate and authorize individuals to obtain information that they are permitted to see and use. Without appropriate access control there is no data security.
Why are access controls important?
Put simply, access control is the selective restriction of access to data. It consists of two elements:
- Authentication – a technique used to verify the identity of a user.
- Authorization – determines whether a user should be given access to data.
To be effective, access control requires the enforcement of robust policies. This can be difficult when most organizations operate in hybrid environments where data is mobile and moves between on-premises servers to the Cloud, offices and beyond.
Organizations must determine the most appropriate access control model to adopt based on the type and sensitivity of the data they are processing.
Privileged accounts
Accounts with privileged access are a prime target for cyber criminals. This is because they offer more access compared to normal users, enabling unrestricted access to sensitive information as well as administrative rights to gain control of the network.
Convenience sometimes results in many users having administrative rights, which can create opportunities for exploitation. User accounts with special access privileges should only be assigned to authorized individuals and managed effectively.
How to protect yourself
The UK government’s Cyber Essentials Scheme provides a set of five controls that organizations can implement to achieve a baseline of cybersecurity, against which they can achieve certification in order to prove their compliance.
Certification to the scheme provides numerous benefits, including reduced insurance premiums, improved investor and customer confidence, and the ability to tender for business where certification to the scheme is a prerequisite.
New to the Cyber Essentials scheme? Find out more >>
One of the scheme’s five controls is Access Control. This can help your organization confirm that user accounts are assigned to authorized individuals only, and that they provide access only to those applications, computers, and networks required for the user to perform their role.
For secure access control, your organization should routinely:
- Authenticate users before granting access to applications or devices, using unique credentials
- Remove or disable user accounts when no longer required
- Implement two-factor authentication, where available
- Use administrative accounts to perform administrative activities only
- Remove or disable special access privileges when no longer required
Secure your organization with Cyber Essentials
With IT Governance, you can complete the entire certification process quickly and easily using our online portal for as little as $390.
Find out more