Also keep in mind, however, that when multiple end users have overlapping tasks, if one of them gets compromised, it will most likely expose privileged access to systems. Enforce an effective Segregation of Duties (SoD) in order to avoid giving certain users “too many hats” to wear at work.Implement the principle of least privilege (POLP).Analyze all privileged accounts to confirm alignment with acceptable and standardized risk levels.Here is a list of best practices to follow: Having a PAM tool, as well as the right technologies and policies in place, can significantly reduce the size of the threat surface. Privileged Access Management (PAM)Ĩ8% of companies with more than 1 million folders lack appropriate access limitations, and 58% of companies have more than 100,000 folders accessible to all employees. For example, instead of forcing end users to reset their password(s) once every three months, they are mandating it once a year. As such, a growing number of organizations are either eliminating the practice, or they are dialing back the frequency of password resets. Notify end users when it’s time to change their passwords before they expire (more on this below).ĭue to security fatigue, lack of awareness, and sometimes just plain laziness, research has found that when end users reset their passwords, they often choose weaker ones rather than stronger ones.Allow end users to store and share confidential information (including but not limited to passwords) in secure vaults.Enforce a minimum password age (this prevents users from circumventing the password system by creating a new password, and then changing it back to an old one).Screen proposed passwords against lists of known compromised passwords.Prevent users from choosing passwords they have selected in the past.Centralized Password Management PlatformĪ robust centralized password management platform like Devolutions Password Server or Devolutions Hub enables your organization to: Note: if you are exploring various 2FA solutions for your organization, we invite you to read our reviews of some of the most popular options. While 2FA is not bulletproof, it adds an important layer of authentication - and when combined with Single Sign-On (SSO), it makes life much easier for administrators. username + password) with something they have (e.g. Two-Factor Authentication (2FA)ĢFA combines something end users know (e.g. Some organizations are also enrolling end users in online cybersecurity courses so they can grasp the fundamentals. presentations, videos, articles, one-on-one coaching, etc.) that highlight risks like phishing. As such, organizations need to create a culture of security awareness by providing adequate, ongoing end-user training through various methods (e.g. End User Trainingħ0% of employees don’t understand basic cybersecurity. Here are 5 things that should also be part of the security puzzle: 1. This means that while strong passwords are essential - and long, unique passphrases are even better - they are not enough to protect endpoints, networks and organizations. Improperly storing passwords in spreadsheets and text files, etc.Insecurely sharing passwords with colleagues.Using the same password for multiple accounts.Some end users undermine security and put the organization at risk by: Ideally, using strong passwords would be enough to lock down accounts and network access.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |