Account audits and security health checks
An easy way to get a good overall understanding oof your security status with regards to user and admin accounts is to run an audit of your accounts using a tool or service provided by your trusted cyber security partner or advisor. These audits will flag the number of administrator accounts you have in use, password ages on the accounts and activity and utilisation of your user accounts to help identify accounts that are no longer required. These audits can also provide a wealth of other non-security information about your account base and should be undertaken yearly.
A key component in having a secure and effective user account management strategy, is passwords. Getting your approach to passwords correct is essential both from a security perspective, but also from the perspective of your users.
Studies have shown that the traditional approach of long complex passwords being changed frequently is not actually as secure as it might seem; namely because users find it difficult to remember them – so the ‘secure’ password gets written down on a post-it note or in a notebook. The new approach recommended by NCSC is to use long passphrases that should only be changed if they are believed to have been compromised to remove the password fatigue that undermines security.
Want to know more about your Cyber Security posture?
Solutions that can help your business with Identity & Access Management
Monitor user activity & behaviour
As mentioned previous there are solutions available such as LogPoint UEBA or Forcepoint UEBA that will silently monitor and analyse User Entity Behaviour in your environment, once a baseline is established they will alert you should any of users start to exhibit aberrant behaviour – indicating a possible insider threat or potential compromise of your systems.
Audit user accounts & best practises
Keeping on top of the user accounts present in your active directory or other directory systems can quickly become an unmanageable task. Use of the Chess MS365 health Check service or by use of the Microsoft Identity and Access Management solutions can greatly simplify the task as well as offering valuable insights into user account and license utilisation that could represent subscription savings to your business.
The use of multi-factor authentication (MFA) is not a new concept, security tokens (SecurEnvoy) on a key ring have been around for a long time, they have mostly been solutions that carried a significant cost and therefore their use was often constrained to very specific use cases where security necessitated heightened authentication scrutiny.
MFA technologies are available on many user administration platforms today for no or little extra charge (e.g. MS Authenticator) and should be embraced and adopted wherever possible since it significantly lowers your risk of account compromises occurring. Modern MFA solutions are also more reliable, different methods of authentication are possible (phone, SMS, mobile app) reducing the risk users will end up without access if they lose their key fob.
As a minimum, MFA should be enabled for any privileged accounts as standard, however enabling for users also has its benefits, and the MFA solutions now are easy to implement and educate users on their use.
The re-use of existing passwords across multiple platforms is also a common practise that users adopt – because it’s easier to remember one password than dozens. The best solution to all these password issues is to adopt the use of an enterprise-grade password management solution such as Secure Server by Delinea. By using such a product you ensure:
- Passwords are kept secure in an encrypted password vault, so users no longer hide them on post-it notes under the keyboard (yes, it still happens!)
- Users no longer need to remember them enabling use of complex, difficult to brute-force passwords
- Within an enterprise, there are often requirements for certain passwords to be shared, enterprise grade password management facilitates this in a secure and controlled manner that can be audited.
Need advice, support or more information?
At Chess, we have a dedicated team of Cyber Security specialists and are backed by our award-winning vendors with decades of experience in most deployment scenarios. If you would like to discuss your cyber security needs, please book your free consultation.