Blog

category filters go here

Cyber Essentials and Access Control

Many of our customers are focusing on Cyber Essentials Certification as good first step towards demonstrating compliance with GDPR.  Cyber Essentials Certification requires 5 key controls to be in place and this series of blogs focuses on each control individually.  Today we are looking at: Access Control

For an introduction to Cyber Essentials, visit our other blogs here and Patch Management .

What is Access Control?

Access control refers to the policies and procedures your organisation implements to control access to user accounts and mitigate risk from theft or misuse of those accounts.  User access via logins, usernames, passwords etc can provide the user with access to computers, servers and your whole corporate network.   This creates an element of risk by providing employees, hackers or cyber criminals the potential to access your systems.

Robust policies, which ensure that only those who need access have access, will protect your business data and systems from risks which include:

  • Employees either accidentally or maliciously accessing restricted data and/or making unauthorized changes to data or systems
  • Former employees using log in details to access your systems
  • Criminals gaining access to administrative privileges. Malware accesses the level of account privileges of the account it has infected.  So, restricting access to administration privileges can reduce the potential for a hacker to damage your system
  • Similarly, criminals could gain infiltrate your security systems (changing settings and sometimes selling access to others)

Good practise:

Cyber Essentials requires that you have procedures in place to control access via users accounts and that administration privileges are strictly controlled.  There are many factors to consider such as:

  • A documented user account system should be in place. Permissions should be appropriate and controlled.
  • Administration accounts should only be used to perform administrative tasks – no sending emails or surfing the web from those accounts
  • Remove unnecessary guest accounts
  • Multi factor authentication should be utilised whenever possible.
  • Password policy including regular changes
  • Exit procedures should ensure users accounts are removed when an employee leaves

Access Control = Bullet Proof IT

Our consultants provide the know-how based on years of experience to efficiently and securely manage your access control procedures.  All of our managed services customers benefit from this on a daily basis, allowing them to concentrate on their core business.

The next step? Contact us today for more information on how we can bullet proof your IT systems and our cost effective Cyber Essentials certification service.

Access control should be only one factor of your organisations security strategy. A layered approach to IT security is essential as no one element can protect your system from all the threats it faces. You need a set of different but complementary tools working together to protect your system from harm. Let our consultants take your IT from zero to hero by bullet-proofing your systems across the board.

RedMosquito Ltd. provide IT support and managed services across Glasgow, Edinburgh and throughout Scotland.

 

 

 

 

 

 

 

Christmas online shopping safety tips

With Christmas a few weeks away and Boxing Day sales on the horizon it’s a great time to review some online shopping safety tips.   We all love the convenience of online shopping  but it does come with an element of risk. Online fraud cases over the Christmas period  have been rising  year on year. Over […]

microsoft logo windows 2008

SharePoint or OneDrive for Business?

As one of Glasgow’s key Microsoft partners, we are often asked to advise our IT Support customers on which Microsoft business platform best meets their need. SharePoint and OneDrive are a common example of this, with similar (but not the same) features, it can be difficult for SMEs to know which is the best fit. […]

IT Support Glasgow

We are recruiting: Senior IT Support Engineer based in Glasgow

Our team is growing and we are looking for a talented Senior IT Support Engineer to be based at our Glasgow Operations Centre.  As a senior member of our IT Support Service Desk team you will deliver high quality IT technical support and consultancy to existing clients in Glasgow, Edinburgh and throughout Scotland, assisting them with […]