Did you know that credential theft is now the number one cause of data breaches globally? Hackers go where the data is, and it’s now largely stored in cloud accounts that are only protected by usernames and passwords.
While all users accounts can be lucrative for an underground criminal group, those accounts that have higher level privileges in a system are particularly sought after. With a privileged account, hackers can add and remove users, lock you out of your own account, access security settings, see payment details, and more.
Because account compromise has risen to the top of the list of cybersecurity threats, it’s important that your company address it and put safeguards in place to protect user accounts.
This includes doing a privileged account audit to ensure you don’t have too many unnecessary high-level accounts sitting there for hackers to attack. Here are the steps to take to conduct one.
Step 1: Create a Dynamic List of All User Accounts & Privilege Levels
As your first step, you need to know how many privileged accounts there are and in which business applications. So, you’ll need to create a master dynamic list that can be kept updated whenever an account is added, removed, or has a privilege level change.
See if you can export user lists from existing applications to save time. The goal is to capture the following details at a minimum in this list:
- Application name
- User permission level
- Date account was created
- Date account was last updated
Step 2: Close Any Unused Accounts
Your first “quick win” on your privileged account audit will be reviewing all the user accounts in your business tools and closing any that are unused.
Staff turnover, promotions, and lack of use by an employee (who may have chosen another app to do the same thing) are all common reasons that companies have unused accounts on their cloud subscriptions.
These unused accounts are particularly dangerous because they’re not regularly monitored by a user and leave the door wide open for hackers. For example, in the case of the ransomware attack on Colonial Pipeline in 2021 that stopped company operations for nearly a week, the attackers got in through an unused VPN account that had not been closed and did not have multi-factor authentication enabled.
Step 3: Apply the Rule of Least Privilege to Remaining Privileged Accounts
For the remaining accounts, you’ll want to go through each privileged account and review whether or not the user needs that high of an access level in that cloud tool.
It’s not uncommon for users to be given higher access than they actually need, which can be due to a company having no hard rules in place for creating new accounts.
You want to use the Rule of Least Privilege and apply it here. This dictates that users only be given the lowest-level access they need to complete their daily tasks in an app.
Interview your staff to learn how often someone’s additional access privileges are used, and if it’s less than monthly, you should consider lowering their account access level.
As you go through and tighten up your cloud security by lowering unnecessarily high permissions, it’s a good idea to remind employees that this is a companywide security exercise to help prevent attacks on higher-privileged accounts. This way they don’t feel they are being singled out for an access level change for any other reason.
Step 4: Put Access Monitoring in Place for Privileged Accounts
Once you’ve reduced your number of privileged accounts and ensured that only those users who actually need them are granted higher permission levels, you want to make sure account monitoring is in place for these accounts.
If a hacker gains access to a user login, you want to be aware of that as soon as possible so you can stop the insider attack. With monitoring of privileged account access, you’ll be able to see if there are logins that begin happening at unusual hours and can investigate further to see if this may be a breach.
Step 5: Set a Date for an Annual Privileged Account Audit
If you don’t stay vigilant about how privileged credentials are given out and don’t keep an eye on your unused cloud accounts regularly, these issues can crop up again.
At the end of your audit, set the date for the next one, so it’s already on your calendar and won’t be forgotten about. Doing these at least annually is a good idea. If you have a large organization with multiple users, you may want to consider doing them every six months.
Get Help Protecting Your Business Cloud Accounts
Quantum PC Services can help your Sturgeon Bay business reduce your risk of an account compromise by putting smart and effective access solutions in place that give access only to legitimate users.
Contact us today to learn more! Call 920-256-1214 or reach us online.