When you’re hurriedly trying to find information on your network or install software on a PC, one thing you don’t want to see is “Access is Denied.” Why wouldn’t an owner, CEO, or senior executive’s credentials have access to everything on your organization’s network?
The Principle of Least Privilege
It all comes down to privilege. In the computer world, access privileges control what users can do on a network. In fact, the Principle of Least Privilege is one of the most important concepts in information security. No user’s credentials should allow them to access any more information or network control than is required by their job.
In some ways, using the word privilege for this concept makes sense. But there’s one important difference between real-world privilege and network privilege. In the real world, privilege is a status symbol. When it comes to networks, it should never be used as a status symbol.
That’s because login credentials can be stolen – and access privilege is stolen with them. In fact, an owner or CEO is among the most likely employees to have their credentials stolen. Their names are often prominently placed on company websites, press releases and company flyers, and hackers are right to assume that an owner’s credentials are far more likely to grant full network access than those of most other employees.
Anyone with elevated privileges on your network is using the equivalent of a master key. The reason you don’t have many master keys to your office floating around isn’t just that you don’t trust your employees. If you hand out enough master keys, sooner or later somebody is going to misplace one. Then you’ll be rekeying all the locks – or worse, the locks won’t be rekeyed, because you may not learn the key was misplaced for weeks or months.
You May Never Know Something Has Been Stolen
The biggest problem with network privileges is that employees may never realize they’ve lost it. That’s because passwords aren’t stolen. They’re copied, and the original stays right where it was the whole time. Unfortunately, one of the most common ways to learn that your login credentials have been stolen is when they’re used against you. Once cybercriminals get their hands on login credentials, they’ll find the most damaging thing they can do, and they’ll do it to leverage a ransom from you. If your credentials allow full, unfettered access to the network, then there’s a lot of bad stuff they can do – and undoing it won’t come cheap.
To learn about WingSwept’s suite of cybersecurity services, call us at 919-460-7011 or visit https://www.wingswept.com/managed-services/cyber-security/.