How to reduce the impact of a data breach with SIEM
Discover how you can reduce the overall impact of a data breach and improve your ability to detect and respond to threats with SIEM technology.…
Rajnish Ghaly
Security Blogger
22nd November 2022
In today’s business environment, it is not uncommon for employees to take confidential data with them when they leave a company. A study by the Ponemon Institute reported that 59% of employees took company data with them when they left their jobs. This could be the result of companies not having a suitable off-boarding process for ex-employees, malicious intent by the employee, or businesses demonstrating a relaxed attitude towards information security.
The cyber risks of failing to remove account access for ex-employees are far too great and can lead to data breaches and insider attacks, whether intentional or not. Whether it’s a harmful act or employee negligence due to a lack of understanding of information security, the loss of sensitive data could impact your organization financially and reputationally.
In this blog, we discuss the dangers of retaining old user accounts and the importance of implementing a policy of least privilege.
The IT infrastructure of organizations today spreads far and wide. At any given time, employees have access to multiple accounts and sensitive data, and this is expected for day-to-day business activities. If accounts and user privileges are not managed correctly, this could lead to data breaches. An effective security plan should incorporate removing access to safeguard your business against security threats.
There are significant dangers of retaining old and unused user accounts, such as increasing your attack surface. There are also risks of insider threats. You should follow a zero-trust model where access to networks, applications and accounts are only permitted if you can verify a user’s identity and privileges, minimizing the impact of an insider or external threat from accessing your data. Any ex-employee with valid credentials could access your network at any given time, even after they’ve left your company. All it takes is for one disgruntled ex-employee to compromise your organization by deleting, stealing or sharing sensitive and confidential data.
The theft of intellectual property can also be harmful for your company. Not removing user privileges could lead to competitors taking advantage of employees that steal business-critical information and take them to their new roles, placing your organization at a disadvantage.
Your business should be proactive once it is known that an employee is leaving the company. All organizations should have an account disablement policy in place that ensures user accounts and privileges are disabled and removed once an employee's contract is terminated. Additionally, physical security measures should not be ignored, such as revoking access to buildings and offices, to protect your organization from data theft or loss.
Prevention is better than a cure. Robust risk management is your best defense against Cyber Attacks that stem from retaining old user accounts. Even with an expansive IT infrastructure that includes internal assets, the cloud, and remote workers, your organization needs security measures that protect your network and data from being exposed.
So, how can your organization manage risk?
Off-boarding an employee and terminating access to office buildings, user accounts and remote access is part of your organization's responsibility to secure confidential data. This should include taking back all devices and ID badges and any other media that an employee may have that allows access to the business premises, network and data.
It’s important to monitor user activity across your network with proactive methods, such as log monitoring, to detect anomalous behavior, accounts being accessed outside of office hours, or data leaving the network.
A study by Google shows that 43% of people in the US have shared their credentials with someone else. This poses a significant risk to your organization's account security, as employees leaving the company could still have access to shared accounts, which makes it more difficult to detect who is doing what. However, with cyber security awareness training, employees can be trained on Cyber Attacks and how to reduce security breaches from human error.
By strengthening authentication methods, with two-factor (2FA) or multi-factor authentication (MFA), 99.9% of automated attacks can be blocked. This can be an effective safety net to protect unauthorized access to privileged accounts. Furthermore, 2FA and MFA are required to comply with PCI DSS, ISO 27001 and Cyber Essentials.
Compliance and certification schemes, such as PCI DSS, HIPAA, ISO 27001 and Cyber Essentials, all require you to demonstrate how you manage your risk and who can access your data and services. To meet compliance requirements, businesses must remove user access when an employee leaves the company. One of the five controls of Cyber Essentials revolves around user access controls and what privileges are granted to specific users. Requirement 7 of PCI DSS also requires organizations to restrict access to cardholder data to only those who need it. Limiting access to legitimate business needs will help organizations prevent the abuse of business data, whether by negligence or intent.
Implementing a policy of least privilege will help to manage your cybersecurity risk. The principle of least privilege means reducing the levels of access or permissions to the minimum that is required for a user to perform their duties. This minimizes risk by limiting access to your sensitive data, applications and connected devices.
Implementing a policy of least privilege will do the following:
The risk of data theft doesn’t stop once an employee leaves your organization. By retaining user accounts and not following a clear off-boarding process for departing employees, you run the risk of expanding your attack surface and leaving confidential data exposed. Removing user access to accounts, implementing a policy of least privilege and monitoring suspicious behavior across your network, such as detecting suspicious logins or data being moved or deleted, will ensure you protect your systems and data while upholding your compliance.
Rajnish Ghaly
Security Blogger
Share this article
Discover how you can reduce the overall impact of a data breach and improve your ability to detect and respond to threats with SIEM technology.…
A Cyber Essentials certification is a significant first step in protecting your business against cyberattacks. By annually renewing your…
As much as we try to avoid them, cyberattacks are a fact of life. There’s no doubting that the internet brought about heaps of benefits for both our…
Get actionable cyber security advice and insights straight to your inbox.