Golden rules to stop redundant staff accessing sensitive data

Redundancies are an unfortunate reality in today's economic climate. Too often, businesses leave themselves vulnerable to a data breach by not immediately revoking the network and application access points of terminated employees, writes Mark Fullbrook UK director at Cyber-Ark.

When staff do take data and a cause a security incident, we tend to file it away as an example of an "employee gone bad." In reality it constitutes a failure of the organisation to uphold their responsibility on behalf of the business to manage, control and monitor the power it provides to its employees and systems. The failure stems from the 'perception of control' an organisation has over their most sensitive networks, systems and devices.

The threat to an organisation is increased exponentially when the access is through administrative, shared or privileged accounts - these represent the most powerful IT users in an organisation, often providing wide-ranging access to most systems, applications or databases within the enterprise.

These privileged identities, which exist on virtually every one of the thousands of servers and applications within a typical enterprise, very rarely get changed, due to the presumed extra IT effort involved and the need to communicate the new settings to the IT staff, which if not done effectively could potentially impede or slow down an administrator doing a time-critical task.

This type of uncontrolled access can lead to dire situations such as last year when the city of San Francisco was brought to its knees because an employee locked down the city's IT system through a privileged account. And more recently, a Fannie Mae employee implanted a logic bomb on the company's network because access to his privileged accounts was immediately revoked upon his termination.

Here are specific steps you can take to help prevent severe security incidents:

1. Improve internal security controls around privileged accounts via encryption, password protection, and auditing of system access;
2. Reduce the risk of internal data misuse by implementing policies and technologies which provide special treatment for privileged identities and ensure compliance with regulatory requirements;
3. Ensure administrative and application identities and passwords are changed regularly, highly guarded from unauthorized use and closely monitored, including full activity capture and recording;
4. Avoid sloppy habits when exchanging privileged and sensitive information, such as sending sensitive or highly confidential information via email or writing down privileged passwords on post-it notes;
5. Ensure provisioning, and more importantly deprovisioning of user access in an immediate timeframe after employee status or role changes.

Remember, trust is not a security policy, and the damage that insiders can do should not be underestimated. To thwart this threat, the first big step is making that key decision to effectively manage these privileged accounts, and then doing so in a streamlined manner that makes it efficient and transparent to the user.

Streamlining the management of privileged accounts by controlling who has access, when access was gained, what is being done with the sensitive data and why access is needed is critical in preventing a major security incident from occurring at your company.