Privileged account management (PAM) is a useful way for companies to ensure that users with excess access privileges are using their accounts appropriately and securely. PAM is also a valuable means to ensure that privileged accounts have not been compromised by external cyber-attackers.
Typical examples of privileged accounts include IT administrator accounts, service accounts and domain accounts. These users should have more privileges than the average employee.
Regular employees cannot access sensitive data and company-wide infrastructure. Privileged accounts have the power to view sensitive data, install or remove software, upgrade operating systems and alter application configurations.
Due to privileged accounts having so much power, companies must conduct regular audits of their privileged users to uphold robust cyber security. We will take a look at why this is needed.
What are the risks of having privileged accounts?
Recent data breaches highlight the threats surrounding credential compromise. According to Centrify, 74% of data breaches involved access to a privileged account. Similarly, a Cybersecurity Insiders’ 2020 Insider Threat Report found that the majority (63%) of IT workers believe users with internal privileges pose the most risk.
These accounts are a holy grail for hackers. IT administrators and other accounts with elevated privileges are consistently a top target in cyberattacks.
Poor privileged account management is pervasive even though this is known to be the case. Recent research by Verizon found that almost half of companies are not aware of how many privileged accounts they have (let alone have a process to manage these accounts).
Many administrators share their passwords with numerous employees rather than keeping these details private. Moreover, passwords are often generic and easily guessed. This makes it more likely that a hacker will be able to breach your systems.
Employers also need to be aware of the risk of insider threat. For example, if an IT administrator leaves your organization on bad terms, what is to stop them from causing havoc in your internal systems?
To manage these risks, you need to audit your privileged accounts regularly. Here is how to do it.
How to Effectively Audit Privileged Accounts
1. Create a live inventory of privileged accounts
In order to keep track of privileged users and the data they have access to, you need to create an inventory of your privileged accounts.
This inventory shouldn’t gather dust. It needs to be a work in progress that you regularly update. It should be in line with new hires and other shifts in employee status. This will help you to keep on top of privileged access controls.
If an employee needs their access privileges elevated (such as to complete a project or for new business) this should also be recorded in the document. The user’s privileges should only be escalated for the time needed to complete the task and be reverted to normal as soon as possible.
2. Share your expectations with privileged users
You should help your employees understand your expectations around privileged account usage. You should create a document that features corporate do’s and don’ts when using these accounts. Things to include could be:
- Never share your credentials or passwords with other users.
- Always enable multi-factor authentication.
- Use a robust and unique password for each of your accounts that consists of upper, lower and special case characters.
3. Monitor user activity
With your expectations and inventory in place, you’re now in an excellent position to start monitoring your privileged accounts for signs of an insider threat or an external cyber attacker.
Doing this manually can be tricky. It is impossible to keep an eye on privileged account usage 24/7. Another problem is that detecting slight variations in behavior takes an ongoing, high level of attention to detail. Most organizations simply don’t have the human resources for this.
This is why we recommend automating the process of PAM. There are many solutions out there including using machine learning and artificial intelligence that automatically monitors privileged user behavior.
If a user acts suspiciously (attempting to download lots of files or log on in the middle of the night) then the automated solution can block their action or ask for further verification. To help you understand the different kinds of solutions out there, we recommend you speak with one of our IT experts.
Don’t Forget About Your Cloud Accounts
As more companies rely on cloud applications like Teams, Slack and Zoom to conduct work, the risk of privileged account compromise in the cloud grows.
Organizations must remember that PAM needs to apply to their cloud applications rather than just network access.
Get a Privileged Account Audit to Start the New Year with Better Protection
Sound Computers can help your Connecticut business start 2022 with better cybersecurity and a lower risk of a breach.
Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.