Consulting with a Conscience™

A cruciallogics blog

close
Written by Nim Nadarajah
on July 31, 2018

No matter how secure you make your IT, you do to some extent have to rely on the users to handle their access responsibly and safely. Every identity is a possible point of failure — but this doesn’t mean you have to accept these failures. It just means you have to have a good Identity and Access Management (IAM) plan.

Have a Strong Password Policy

Having a strong password is advice repeated all the time, but the fact is it still needs to be. Simple, easily guessable passwords still top lists of the most common passwords — “123456”, “qwerty”, etc. Users may not be aware that many other common password techniques are easily crackable and may use the same password across multiple services.

Enforce password best practices in your organization. Mandate an appropriate level of complexity and stress the importance of keeping passwords secure.

Give Only Appropriate Permissions

There come times where it’s tempting to take a shortcut and elevate an identity’s access level to a higher level than they need just to ensure that it’s able to access what it’s actually supposed to. But this is risky. Even if you’re certain there’s no chance of insider threat, you open yourself to more damage than you need to should the identity be compromised.

Wherever Possible, Audit Identity Activities

Should something go wrong, you need to know where and why both so you can halt an ongoing breach, and protect yourself from a possible repeat. By auditing your accounts and knowing what your identities are up to, you’ll be able to pinpoint the issue and take action.

If you’re using Office 365, this is simple. Just go to your Security & Compliance Centre, go to Search & Investigation > Audit log search, and click Start recording user and admin activities. You can also turn on auditing for Exchange Online events.

 Six Ways To

Make Use of Multi-factor Authorization 

Worried about password security? Multi-factor authentication lets you require multiple levels of verification that the right person is attempting to access the account.

In Office 365 for instance, you can go to the Access Admin Center, Active Users, and set it up from there that users logging into to Office 365 must also verify through an SMS code.

You now have assurance that even if somebody has stolen the password, they would still need access to the phone number associated with it to gain access to the account.

Make it Easy to Disable Identities

Should an identity become compromised, disabling it quickly to limit damage is important. If you’re scrambling to revoke access in multiple locations and aren’t sure what to do rather than being able to freeze it immediately from one place, you’re increasing the amount of time the intruder has. Worse, you risk missing something and allowing them continued access to those corners of your system.

Know what to do — and know that you can do it with a handful of clicks — and be ready.

Have an Efficient Identity and Access Management Solution

Frustration can drive users to search for workarounds. If your IAM approach results in them sharing passwords rather than wait for the Help Desk to fix a password reset issue or has them using insecure cloud services because they’re having trouble with the sanctioned software, you’re undermining your security.

Ensure your IAM approach empowers by allowing things such as self-service password resets to let users get back to work properly, quickly. Understand where IT may be holding people back and find solutions.

If you want more great tips like these and need a little help configuring your IT for maximum security, check out our new eBook, Secure Business Guide: Meeting the IT Security Challenge. Whether you need a refresher or a starting point, it’s a fantastic way of getting a security boost for businesses of any size.

The challenges never end for CSOs. But if you're looking at anything from a quick security consult to a full scale cybersecurity solution deployment, start here.

You may also like:

Security

How Secure is Your Organization? Take the Quiz

For the majority of CIOs, security remains a top priority. With nearly 1 million[1] new threats emerging each day, and t...

Security

Are you Ready for Canada’s New PIPEDA Data Breach Reporting Obligations?

Data breaches are inherently costly — but new PIPEDA reporting requirements carry fines of up to $100,000 if businesses ...

Security IAM

Cannabis Industry: It’s High Time You Start Thinking About Security

Based on the recent Ontario cannabis store data breach it is our bold prediction that the cannabis industry will be the ...