Blog

category filters go here

Cyber Essentials and Access Control

Many of our customers are focusing on Cyber Essentials Certification as good first step towards demonstrating compliance with GDPR.  Cyber Essentials Certification requires 5 key controls to be in place and this series of blogs focuses on each control individually.  Today we are looking at: Access Control

For an introduction to Cyber Essentials, visit our other blogs here and Patch Management .

What is Access Control?

Access control refers to the policies and procedures your organisation implements to control access to user accounts and mitigate risk from theft or misuse of those accounts.  User access via logins, usernames, passwords etc can provide the user with access to computers, servers and your whole corporate network.   This creates an element of risk by providing employees, hackers or cyber criminals the potential to access your systems.

Robust policies, which ensure that only those who need access have access, will protect your business data and systems from risks which include:

  • Employees either accidentally or maliciously accessing restricted data and/or making unauthorized changes to data or systems
  • Former employees using log in details to access your systems
  • Criminals gaining access to administrative privileges. Malware accesses the level of account privileges of the account it has infected.  So, restricting access to administration privileges can reduce the potential for a hacker to damage your system
  • Similarly, criminals could gain infiltrate your security systems (changing settings and sometimes selling access to others)

Good practise:

Cyber Essentials requires that you have procedures in place to control access via users accounts and that administration privileges are strictly controlled.  There are many factors to consider such as:

  • A documented user account system should be in place. Permissions should be appropriate and controlled.
  • Administration accounts should only be used to perform administrative tasks – no sending emails or surfing the web from those accounts
  • Remove unnecessary guest accounts
  • Multi factor authentication should be utilised whenever possible.
  • Password policy including regular changes
  • Exit procedures should ensure users accounts are removed when an employee leaves

Access Control = Bullet Proof IT

Our consultants provide the know-how based on years of experience to efficiently and securely manage your access control procedures.  All of our managed services customers benefit from this on a daily basis, allowing them to concentrate on their core business.

The next step? Contact us today for more information on how we can bullet proof your IT systems and our cost effective Cyber Essentials certification service.

Access control should be only one factor of your organisations security strategy. A layered approach to IT security is essential as no one element can protect your system from all the threats it faces. You need a set of different but complementary tools working together to protect your system from harm. Let our consultants take your IT from zero to hero by bullet-proofing your systems across the board.

RedMosquito Ltd. provide IT support and managed services across Glasgow, Edinburgh and throughout Scotland.

 

 

 

 

 

 

 

Brexit IT Funding

Grant funding for Brexit related IT costs

From 29 July 2020 businesses can apply for IT grant funding to cover IT expenditure needed to meet the requirements of Brexit. Staged border controls will begin in January 2021, at the end of the transition period. The Government is making funding of £50 million available to help businesses prepare for the additional customs declarations which will come in to play at that […]

penetration testing

What is Penetration Testing?

Penetration testing can be a useful tool for businesses to utilise as part of a cyber security audit.  Regular penetration testing will help your business identify any weaknesses, in your IT systems or applications, before they are exploited.   They can be a valuable tool in your multi-layered cyber security defence – if they are planned and executed properly! RedMosquito manages penetration testing for many of our IT […]

21 Jul 2020
Phishing Malware Email

Covid 19 Scams and Hacks on the Rise.

Recent reports say that the quantity of Covid 19 scams and hacks directed at homeworkers during the Coronavirus lockdown has grown considerably. The variation and sophistication of the attacks is also on the rise reported Darktrace in a recent article in The Guardian newspaper. Exploitation of homeworkers during the Covid 19 shutdown has increasingly become […]

23 Jun 2020