When most businesses think of security, the most they think about is a firewall between the corporate network and the Internet. The internal corporate network is often very open to make it easy for people to work. The firewall on the outside is kind of like a hard exterior with a squishy inside -- nice for a piece of candy, not so nice for the security of your data. In fact, the IT community has long debated whether the threat of an internal or external attack is of greater concern for companies.
Despite the lesser likelihood of being attacked by insiders, these "inside jobs" generally cause significantly more damage because the hackers have greater access. Case in point: The recent AshleyMadison.com hacking. This hack potentially exposed more than 37 million user account details and was an inside job. Internal attacks cost businesses in the U.S. $400 billion per year, according to a national fraud survey conducted by The Association of Fraud Examiners. Of that, $348 billion can be tied directly to privileged users.
Let’s define a privileged user – the dictionary says it is defined as: “a user who, by virtue of function, and/or seniority, has been allocated powers within the computer system, which are significantly greater than those available to the majority of users." For a lot of networks that we manage, we audit the user security and find several user accounts are granted full administrator rights. This is often done to the business owner’s user account among others. Seems to make sense, the owner should have full rights to everything on the network.
Whether these accounts are used for nefarious acts by the account owner or not, they certainly can be exploited by anyone else inside or OUTSIDE the company!
So what can you do to monitor and manage your privileged users at your company?
- Create and enforce policies that forbid the use of single, "all powerful" accounts. This is the first step to managing the actions privileged users can take. In order to define more granular roles and privileges for these users, each person must have a unique user account or user ID that can be tied to him or her specifically.
- Leverage privilege control tools. Have policies defined for various users and groups that control what actions can be taken and what permissions are available to specific resources. For example, user accounts associated with managing particular applications and services can be granted explicit privileges only to those resources, and no others.
- Create separate admin accounts for users that need administrative privileges. On my own network, my primary user account has no more rights than any other user. I have a separate administrator account that I login with to perform administrative work, and logout from that account as soon as I’m done.
- Tighten up what users see on the file system. A common problem I see is a user account tied to a network scanner/copier. Users go to the machine to scan a file to a directory on the network. Then they can access this file to attach to an email, or whatever else they want to do. Problem is on most networks EVERYONE can see all the files scanned into this directory. When a person scans a confidential file, everyone else can see it! Make sure this special type of account is properly secured so people can only see the files they scan, and not anyone else’s files.
Security is your concern. On the networks we manage, we regularly review these points above to make sure our client’s networks aren’t too squishy. If you’d like us to check your network, give us a call at 954-920-9604 and we’d be happy to take a look and give you a bit of advice.