Re-examine Often Overlooked Security Processes
by Dean Wiech
Organizations need to ensure that company and customer data is kept secure and cannot easily be breached
Data security is important in every industry. Every organization deals with internal data or customer data which, if breached, can cause major issues. This is why it is important to examine certain processes that may be overlooked when it comes to security.
Thus, the following are some tips to keep your organization’s network and data safe that some companies may not have considered:
Ensuring appropriate access rights from the first day
The first issue that many organizations overlook is the onboarding process. From the first day of employment, the organization needs to ensure that the employee has access to only the resources that are needed for their position. Often, an employee can have access to applications or systems that they shouldn’t, which can lead to security issues. The organization needs to ensure that they have a policy in place for new employee account creation to ensure that access rights are created appropriately. Some organizations choose to automate this process by connecting a source system with all company applications. This allows a manager to easily enter employee information into the source system and automatically create accounts, ensuring that they are easily and securely created. Whether manual or automated, the organization needs to have a secure policy in place.
Generating an overview of access rights
Another possible security issue is that there is often much movement of employees and fluctuation of account access requirements in organizations. Employees are joining and leaving the organization, lending each other access while they are on vacation, borrowing credentials, etc. This often leaves the organization with no clear idea of who has access to what and what types of changes they are making in their systems. Organizations need to get an overview of exactly who has access to what. One way to achieve this is by generating a report from each application on which employees have access and what their access rights are.
Additionally, for large organizations, an automated user account management solution can help. This type of solution has the ability to allow system admins to see exactly who has access to what systems and applications, when they are logging in, and what types of changes they are making. It also allows them to easily make access changes if necessary and correct any issues before it leads to a problem.
Ensure accounts are properly disabled
Lastly, one of the most common security issues many organizations deal with is overlooking the disabling or deleting of accounts for employees who are no longer with the organization. This is extremely common for temporary or contract employees who only require access for a short period of time. Neglecting this critical task means that an employee who is no longer with the company could still have access to important information. The organization should also have a policy in place for off-boarding employees in a timely manner, and ensuring that they no longer have access to any of the company’s systems.
Again, this process can be done manually in each application or with the help of an automated account management solution, allowing a manager to easily make this change without having to contact a system admin. In addition, temporary employee’s access can automatically be revoked after a specified period of time so that no action has to be taken at all.
Overall, all access rights need to be ensured to keep the network secure. This can be done manually by a system administrator or with the help of some type of automated solution. Either way, organizations need to ensure that company and customer data is kept secure and cannot easily be breached.
Dean Wiech is managing director of Tools4ever.