How can I protect my company?
The IT department of Jerry’s company should have activated a suitable policy or DLP function in the VPN software to close this particular security hole. However, there are many more gateways for unauthorized access besides VPN connections. Some of these are:
- Continued use of applications or privileges that should have been removed long ago, but still exist as remnants of previous activities in former departments
- Continued use of user accounts belonging to colleagues who have already left the company
- Continued use of project-related rights or other temporary rights that are still active, even though they should have been long removed
The only reliable protection against such scenarios can be provided by following the principle of least privilege, which states that: “A user account (or process) should only receive those privileges which are essential to perform its intended function.“ Had Jerry’s VPN connection been disabled once he returned to his workplace, he could not have used this gateway to steal the data.
How can I achieve the principle of least privilege?
There are several ways of achieving POLP. With tenfold, you can implement all necessary procedures:
- Standardize and automate privileges
With tenfold’s profile assistant, you can find out which privileges are part of the standard set for your departments. Make sure that users receive the relevant privileges upon joining a department (so they can commence work immediately) and that these privileges are withdrawn again once they leave the department (to guarantee data security).
- Work with temporary privileges
If you assign additional privileges outside the standard set for a department, always set an expiration date for them. When doing this task manually, you have to set yourself a reminder in Exchange’s calendar reminding you to terminate the privileges on the set date. With tenfold, you can perform and automate this workflow and it even provides a reminder with which the duration of the privilege activation can be extended automatically.
- Establish a recertification process
Data controllers should be required to review, on regular basis, whether the current access rights still correspond to actual business operations and demands. If everyone adheres to these processes correctly, it is fairly easy to detect unauthorized access quickly.
Jerry could not have stolen data from the company had there been a solid recertification process in place. However, if the process is not system-based, it takes IT departments a long time to collect all of the necessary data to implement a recertification process and it is a tedious process for data controllers as well, as they have to enter the data manually. tenfold provides integrated support for recertification, while adhering to all necessary best practices.
Unauthorized access is a major problem. Theft of intellectual property and unauthorized access to personal information can have serious financial consequences and severely damage your company’s reputation.
It is therefore vital to make sure that all employees have correctly set access rights that are within the limits of their job requirements.
There are numerous approaches to achieving a high level of data security. However, the manual efforts and operational discipline required to implement such methods is discouraging to many companies or can lead to inadequate results. If you opt to use the appropriate IT tools – such as tenfold – you will soon see and feel an increase of success and IT security.