The misuse of privileged access is a dangerous security threat. It can lead to extensive damages within an organization. Everyone on your network does not need access to everything. Grant access on a ‘need to know’ basis to allow users to do their job. Follow these best practices to ensure that you are managing secure access procedures by applying the principle of least privilege (PoLP)
- Ensure that when an account has privileged access that the minimum level of permissions is assigned in order to perform it’s duties. This reduces risks of insider (intentional or unintentional) or attacker threats.
- Conduct regular audits. Revisit privileged accounts to ensure that permissions and access is properly set. If roles have changed and a user no longer needs this level of access it should be removed. Regular audits of these accounts can help with troubleshooting and detections of suspicious activities.It can reveal if permissions have been changed or unauthorized access has been obtained.
- Segregation of duties. If there are multiple users needing privileged access try to separate the duties so that one person does not have too much control. Limit the people who have access to sensitive information.
- Use tools to monitor access. SIEM and PAM are tools that assist with monitoring and tracking activities on these accounts.
- Provide users with security awareness education. Knowing how to identify and report threats, security best practices involving password protection, MFA, and safe file handling are areas that can enhance the overall security of the organization.
A least privilege approach, coupled with least functionality, can have a high impact on your controls. Protecting privileged accounts is crucial to your cybersecurity defenses.
Resources:
NIST 800-53 Security and Privacy Controls for Information Systems and Organizations