How can I protect my business?
To avoid this particular security risk, the IT department of Jerry’s company should have activated a suitable policy or DLP function in the VPN software. However, there are far more possible gateways for unauthorized access than just via VPN – for instance:
- Continued use of applications or privileges that should have long been removed, but still exist as remnants of previous activities in former departments
- Continued use of user accounts belonging to colleagues who have already left the company
- Continued use of project-related rights or other temporary rights that are still active, even though they should have been removed
The only reliable protection against such situations is provided by the principle of least privilege, which states that: „A user account (or process) should only receive those privileges which are essential to perform its intended function.“ If Jerry’s VPN connection had been disabled when he returned to his workplace, he could not have stolen the data using this gateway.
How can I achieve the principle of least privilege?
There are several ways to achieve this principle. With tenfold, you can easily implement all of the necessary procedures, which are outlined below:
- Standardize privileges and automate them:
Use the tenfold profile assistant, for instance, to find out which privileges are part of the standard set for your departments. Make sure that users receive the relevant privileges upon joining a department (so they can start work immediately) and that these privileges are withdrawn again once they leave the department (to ensure data security).
- Work with temporary privileges:
If you assign additional privileges outside the standard set for a department, always set an expiration date for them. If you need to resort to manual methods, you can do so by using a calendar with reminder function in Exchange. tenfold is able to conduct and automate this workflow and even provides a reminder with which the duration of the privilege activation can be extended automatically.
Establish a recertification process:
Data controllers should be required to check regularly whether accesses still correspond to actual business operations and demands. If everyone adheres to these processes correctly, it is fairly easy to detect unauthorized access quickly. Jerry could not have stolen data from the company had a solid certification process been in place. The disadvantage here is that, if the process is not system-based, collecting all of the necessary data to implement a certification process is very time-consuming for IT departments and also tedious for data controllers, who have to enter the data manually. tenfold offers integrated support for re-certification, while adhering to all necessary best practices.
Unauthorized access is a major problem. Theft of intellectual property and unauthorized access to personal information can have serious financial consequences and severely damage your company’s reputation.
You must therefore ensure that all employees have correctly set access rights that are in line with (and do not extend beyond) their needs for carrying out their specific jobs.
There are numerous approaches to achieving a high level of data security. However, the manual efforts and operational discipline required to implement these methods is discouraging to many companies or can lead to inadequate results. If you opt to use the appropriate IT tools – such as tenfold – you will soon see and feel an increase of success and IT security.