Blog

category filters go here

Cyber Essentials and Access Control

Many of our customers are focusing on Cyber Essentials Certification as good first step towards demonstrating compliance with GDPR.  Cyber Essentials Certification requires 5 key controls to be in place and this series of blogs focuses on each control individually.  Today we are looking at: Access Control

For an introduction to Cyber Essentials, visit our other blogs here and Patch Management .

What is Access Control?

Access control refers to the policies and procedures your organisation implements to control access to user accounts and mitigate risk from theft or misuse of those accounts.  User access via logins, usernames, passwords etc can provide the user with access to computers, servers and your whole corporate network.   This creates an element of risk by providing employees, hackers or cyber criminals the potential to access your systems.

Robust policies, which ensure that only those who need access have access, will protect your business data and systems from risks which include:

  • Employees either accidentally or maliciously accessing restricted data and/or making unauthorized changes to data or systems
  • Former employees using log in details to access your systems
  • Criminals gaining access to administrative privileges. Malware accesses the level of account privileges of the account it has infected.  So, restricting access to administration privileges can reduce the potential for a hacker to damage your system
  • Similarly, criminals could gain infiltrate your security systems (changing settings and sometimes selling access to others)

Good practise:

Cyber Essentials requires that you have procedures in place to control access via users accounts and that administration privileges are strictly controlled.  There are many factors to consider such as:

  • A documented user account system should be in place. Permissions should be appropriate and controlled.
  • Administration accounts should only be used to perform administrative tasks – no sending emails or surfing the web from those accounts
  • Remove unnecessary guest accounts
  • Multi factor authentication should be utilised whenever possible.
  • Password policy including regular changes
  • Exit procedures should ensure users accounts are removed when an employee leaves

Access Control = Bullet Proof IT

Our consultants provide the know-how based on years of experience to efficiently and securely manage your access control procedures.  All of our managed services customers benefit from this on a daily basis, allowing them to concentrate on their core business.

The next step? Contact us today for more information on how we can bullet proof your IT systems and our cost effective Cyber Essentials certification service.

Access control should be only one factor of your organisations security strategy. A layered approach to IT security is essential as no one element can protect your system from all the threats it faces. You need a set of different but complementary tools working together to protect your system from harm. Let our consultants take your IT from zero to hero by bullet-proofing your systems across the board.

RedMosquito Ltd. provide IT support and managed services across Glasgow, Edinburgh and throughout Scotland.

 

 

 

 

 

 

 

typewriter

Is outdated technology costing your business money?

Is outdated technology costing your business money?  Unlike fine wine technology does not age well.  The rapid pace of change and short life cycle of some technology can lead many businesses to become overwhelmed with the prospect of change.    Older legacy systems may appear to still function well on the surface but unseen risks will develop below.  It may be tempting to turn a blind eye […]

What is two factor authentication?

For many years now, users have gained access to secure computing services by entering a user name and password.  This common everyday action for all of us, is called single factor authentication. While this approach has worked for a long time, it has now fallen prey to cyber criminals.  The surge in phishing attacks alongside […]

Cyber Essentials and Secure Configuration

  Cyber Essentials Certification requires 5 key cyber security controls to be in place.  This series of articles focuses on each control individually.  Today we are looking at: Secure Configuration  You can find an introduction to Cyber Essentials here. What is secure configuration?  Secure configuration is reached by choosing the most secure settings for your devices and software and managing […]