Blog

category filters go here

Cyber Essentials and Access Control

Many of our customers are focusing on Cyber Essentials Certification as good first step towards demonstrating compliance with GDPR.  Cyber Essentials Certification requires 5 key controls to be in place and this series of blogs focuses on each control individually.  Today we are looking at: Access Control

For an introduction to Cyber Essentials, visit our other blogs here and Patch Management .

What is Access Control?

Access control refers to the policies and procedures your organisation implements to control access to user accounts and mitigate risk from theft or misuse of those accounts.  User access via logins, usernames, passwords etc can provide the user with access to computers, servers and your whole corporate network.   This creates an element of risk by providing employees, hackers or cyber criminals the potential to access your systems.

Robust policies, which ensure that only those who need access have access, will protect your business data and systems from risks which include:

  • Employees either accidentally or maliciously accessing restricted data and/or making unauthorized changes to data or systems
  • Former employees using log in details to access your systems
  • Criminals gaining access to administrative privileges. Malware accesses the level of account privileges of the account it has infected.  So, restricting access to administration privileges can reduce the potential for a hacker to damage your system
  • Similarly, criminals could gain infiltrate your security systems (changing settings and sometimes selling access to others)

Good practise:

Cyber Essentials requires that you have procedures in place to control access via users accounts and that administration privileges are strictly controlled.  There are many factors to consider such as:

  • A documented user account system should be in place. Permissions should be appropriate and controlled.
  • Administration accounts should only be used to perform administrative tasks – no sending emails or surfing the web from those accounts
  • Remove unnecessary guest accounts
  • Multi factor authentication should be utilised whenever possible.
  • Password policy including regular changes
  • Exit procedures should ensure users accounts are removed when an employee leaves

Access Control = Bullet Proof IT

Our consultants provide the know-how based on years of experience to efficiently and securely manage your access control procedures.  All of our managed services customers benefit from this on a daily basis, allowing them to concentrate on their core business.

The next step? Contact us today for more information on how we can bullet proof your IT systems and our cost effective Cyber Essentials certification service.

Access control should be only one factor of your organisations security strategy. A layered approach to IT security is essential as no one element can protect your system from all the threats it faces. You need a set of different but complementary tools working together to protect your system from harm. Let our consultants take your IT from zero to hero by bullet-proofing your systems across the board.

RedMosquito Ltd. provide IT support and managed services across Glasgow, Edinburgh and throughout Scotland.

 

 

 

 

 

 

 

RedMosquito & Telecoms

RedMosquito have recently partnered with CityFibre to bring wholesale Ethernet services into our portfolio of Managed IT and Telecoms services. This addition makes RedMosquito one of a select few Managed Service providers that can offer both voice and data services from our Glasgow helpdesk. As a provider of a Tier1 solution RedMosquito take control and […]

11 Dec 2019
microsoft logo windows 2008

What is Advanced Threat Protection?

Mircosoft’s Advanced Threat Protection is a key component of their portfolio of security technologies. The default security for Office 365 is Exchange Online Protection (EOP).  So, Advanced Threat Protection is an add on service with an additional per user month subscription.  This technology protects emails but also data contained in Office 365, so it covers […]

microsoft logo windows 2008

Office 2013 connectivity to Office 365 services

Several core Microsoft services will reach their ‘end of life’ stage during 2020.  The end of support for Windows 7 and Server 2008 in January will impact a huge number of users.    However, there are other significant changes scheduled for later in the year. From 13th October 2020,  Microsoft will only support Office 365 […]