Cybersecurity: Access control
Protecting user accounts and helping prevent misuse of privileged accounts is essential for any cyber-secure system or network. User accounts, particularly those with special access privileges (e.g. administrative accounts), should be assigned only to authorized individuals, managed effectively, and provide the minimum level of access to applications, computers and networks.
Any organization whose employees connect to the Internet needs some level of access control in place. Access controls authenticate and authorize individuals to obtain information that they are permitted to see and use. Without appropriate access control there is no data security.
Why are access controls important?
Put simply, access control is the selective restriction of access to data. It consists of two elements:
- Authentication – a technique used to verify the identity of a user.
- Authorisation – determines whether a user should be given access to data.
To be effective, access control requires the enforcement of robust policies. This can be difficult when most organizations operate in hybrid environments where data is mobile and moves between on-premises servers to the Cloud, offices and beyond.
Organizations must determine the most appropriate access control model to adopt based on the type and sensitivity of the data they are processing.
Accounts with privileged access are a prime target for cyber criminals. This is because they offer more access compared to normal users, enabling unrestricted access to sensitive information as well as administrative rights to gain control of the network.
Convenience sometimes results in many users having administrative rights, which can create opportunities for exploitation. User accounts with special access privileges should only be assigned to authorised individuals and managed effectively.
How to protect yourself
For secure access control, your organization should routinely:
- Authenticate users before granting access to applications or devices, using unique credentials
- Remove or disable user accounts when no longer required
- Implement two-factor authentication, where available
- Use administrative accounts to perform administrative activities only
- Remove or disable special access privileges when no longer required.
View another Cyber Essentials control:
Speak to an expert
For more information about the Cyber Essentials Scheme, get in touch with one of our experts today.