Many of our customers are focusing on Cyber Essentials Certification as good first step towards demonstrating compliance with GDPR. Cyber Essentials Certification requires 5 key controls to be in place and this series of blogs focuses on each control individually. Today we are looking at: Access Control
What is Access Control?
Access control refers to the policies and procedures your organisation implements to control access to user accounts and mitigate risk from theft or misuse of those accounts. User access via logins, usernames, passwords etc can provide the user with access to computers, servers and your whole corporate network. This creates an element of risk by providing employees, hackers or cyber criminals the potential to access your systems.
Robust policies, which ensure that only those who need access have access, will protect your business data and systems from risks which include:
- Employees either accidentally or maliciously accessing restricted data and/or making unauthorized changes to data or systems
- Former employees using log in details to access your systems
- Criminals gaining access to administrative privileges. Malware accesses the level of account privileges of the account it has infected. So, restricting access to administration privileges can reduce the potential for a hacker to damage your system
- Similarly, criminals could gain infiltrate your security systems (changing settings and sometimes selling access to others)
Cyber Essentials requires that you have procedures in place to control access via users accounts and that administration privileges are strictly controlled. There are many factors to consider such as:
- A documented user account system should be in place. Permissions should be appropriate and controlled.
- Administration accounts should only be used to perform administrative tasks – no sending emails or surfing the web from those accounts
- Remove unnecessary guest accounts
- Multi factor authentication should be utilised whenever possible.
- Password policy including regular changes
- Exit procedures should ensure users accounts are removed when an employee leaves
Access Control = Bullet Proof IT
Our consultants provide the know-how based on years of experience to efficiently and securely manage your access control procedures. All of our managed services customers benefit from this on a daily basis, allowing them to concentrate on their core business.
The next step? Contact us today for more information on how we can bullet proof your IT systems and our cost effective Cyber Essentials certification service.
Access control should be only one factor of your organisations security strategy. A layered approach to IT security is essential as no one element can protect your system from all the threats it faces. You need a set of different but complementary tools working together to protect your system from harm. Let our consultants take your IT from zero to hero by bullet-proofing your systems across the board.
RedMosquito Ltd. provide IT support and managed services across Glasgow, Edinburgh and throughout Scotland.