There’s no way to stop all online attacks, but that’s not an excuse for fatalism. The huge majority can be stopped or minimized. Human error is the biggest source of practices that weaken security, but reducing the damage a mistake can make will prevent most attempts from doing any harm.
An important source of error is being too free with administrative accounts and privileges. The Center for Internet Security recommends paying close attention to controlled use of administrative privileges.
Every privileged account is a potential vector for taking control of systems. The more accounts there are, and the more they’re used, the more opportunities criminals have to grab the use of one. At the same time, there’s a constant temptation to expand their use, just because it’s more convenient at the moment. Each time that happens, security becomes a little weaker.
These are some of the practices that let that happen. Avoiding them will give criminals fewer chances to sneak in and run with administrative powers.
Giving administrative accounts to users. Administrators figure some users know what they’re doing, and they won’t have to come to the IT department as often if they can run tasks themselves. Giving them admin access saves work, but any malware that gets onto those machines can do a lot more damage.
Using administrative accounts for daily tasks. Even people who legitimately have admin accounts shouldn’t use them for browsing and email. They should log into them only when performing tasks that require them.
Giving Too Many Privileges to Application Accounts
A common example is giving an application full control over a database when it only needs to read and write data.
Using Weak or Shared Passwords
Each administrative account needs its own password, which has to be something long and hard to guess.
Letting Accounts Go Stale
Accounts which are no longer in use, including ones belonging to former employees, have to be disabled.
Allowing Remote Access Without Necessity
There’s less danger if admin accounts can be used only from within the network or from a VPN. Ones that are accessible from anywhere on the Internet are risky.
Sometimes it’s necessary to make exceptions, but the organization needs to carry out a risk assessment before approving them. The more freely administrators hand out exceptions, the more dangers they create. Being stingy with privileges can be unpopular, but it’s necessary if the network is going to stay secure. Explaining this necessity will take the sting off most complaints.
WheelHouse IT can help to keep your network safe from online attacks. Click below for a free risk assessment and other services.
