• Partners
  • Contact Us
  • Client Support
Coretelligent
  • About
    • Why Choose Coretelligent As Your Managed Service Provider?
    • Core Values
    • Leadership
    • Testimonials
    • Careers
  • Digital Transformation
    • DTS Overview
    • Data Analytics, Data Management, and Business Intelligence Insights
    • Compliant Infrastructure for Life Sciences
    • Workflow Automation
  • Managed IT Services
    • Overview
    • Security & Compliance
    • IT Compliance for Financial Services
    • Comprehensive IT Support
    • IT Planning & Strategy
    • Unified Cloud Management
    • Backup & Disaster Recovery
    • Co-Managed Services
  • Industries
    • Overview
    • Financial Services
    • Life Sciences
    • Professional Services
  • IT Resources
    • Resource Library
    • Blog
    • On-Demand Webinars and Videos
    • Press Releases
    • Media Coverage
  • Contact
  • Search
  • Menu

Insights Articles

Our Information Technology Views and Articles

The Importance of Access Rights and Controls to Cybersecurity

Insights
July 14, 2020

Earlier this year, SEC’s Office of Compliance Inspections and Examinations (OCIE) generated a report on Cybersecurity and Resilience Observations. The report addresses seven critical areas for planning your cybersecurity and resiliency strategies, one of those areas being access rights and controls.

Access rights refer to the information and resources that a user has access to and how they can interact with that information– such as viewing or modifying content. Access controls look to verify a person’s identity (authentication) and if they have permissions to do a specific activity (authorization). If your ID card gives you access to particular rooms in a building, those are your access rights. If a security panel requires facial recognition to enter a room, it’s verifying your identity and level of access to that room. This is an example of access control. Imagine what would happen if you lost your ID card which had access to an entire building. What would happen if someone used your ID card to impersonate you? These are the types of vulnerabilities that attackers prey on digitally.

Defining Rights and Reducing Damage

Human error can be costly when it relates to cybersecurity. According to Verizon’s 2019 Data Breach Investigations Report, popular methods used for causing a breach were stolen credentials at 29% and phishing at 32%. Phishing is when an attacker uses social engineering to obtain information about someone. An example would be sending you an email impersonating your bank. The email may ask for you to confirm data like your social security number or date of birth. Attackers are becoming more sophisticated, so these emails often seem authentic. Once attackers have a user’s personal information, their goal is to get as much data as they can, as quickly as possible.

It’s best practice for user rights to follow the rule of least privilege. Having minimal access means a user can only access the data and resources required to do their job. By minimizing user rights, an attacker with stolen credentials has access to a limited amount of information. For users who need access to many databases, create separate accounts to segment access.

When defining access rights, you should ask the following questions:

  • What rights do users need to perform their job?
  • Who is granting and approving these rights?

Systems and Procedures

It’s not enough to minimize user access. Controls need to be in place to verify user identity and prevent unauthorized users from accomplishing tasks. Configuring access controls should start with policy that is backed by leadership. Policies need to be dynamic and reviewed often. With working from home becoming the new normal, there are more devices and new types of technology connecting to your business. If technology changes, so should your policies.

Implement access management procedures that minimize risk:

  • Periodically recertify users. Maybe their access needs have changed.
  • Enforce scheduled password updates. Require passwords to be strong.
  • Use multi-factor authentication (MFA), such as sending a code via text message.
  • Be aware of personnel changes and revoke credentials immediately.

Monitoring and Prevention

It’s essential to have a monitoring system in place to detect unusual activity. With advancements in technology, content governance solutions can use artificial intelligence and machine learning to monitor user behavior and learn from it. If a user doesn’t typically try to access information from Boston, the system can flag this activity and notify your IT team.

Compliance

In the event of a breach, you will need to prove what measures were in place to prevent the attack. Auditors will want to know each step that was taken before, during, and after the breach. No solution can guarantee a breach won’t happen, but having the right combination of policies, access rights and controls, technology, and industry experts can reduce the amount of damage.

At Coretelligent, we provide comprehensive solutions to mitigate cybersecurity and compliance risk. See how our CoreArmor solution can help lower your cybersecurity risk and increase your peace of mind. Contact us at 855-841-5888 or via email to info@coretelligent.com for a complimentary initial consultation.

by Jen Wallace
« BYOD: Supporting Home Devices5 Areas to Consider When Selecting an MSP »

Latest Insights / Articles

January 9, 2023

What is SOX Compliance & What are the Requirements? (2023 Update)

January 8, 2023

Financial Services Compliance: What to Know in 2023

January 6, 2023

What Is Cyber Insurance Compliance? What You Need to Know

January 4, 2023

What is Cyber Hygiene & Why is it Important? (Best Practices)

Read our Latest Resources
Digital Transformation Case Study

Leveraging Digital Transformation: A Multiphase Case Study

Download Now
Compliant Infrastructure Case Study

Therapeutics Company Benefits from Compliant Infrastructure

Download Now
On-Demand Webinar: Solving Compliance & Cybersecurity for Financial Firms

On-Demand Webinar: Solving Compliance & Cybersecurity for Financial Firms

Download Now

About

  • Why Choose Coretelligent As Your Managed Service Provider?
  • Core Values
  • Leadership
  • Testimonials
  • Partners
  • Careers

Solutions

  • Overview
  • IT Planning & Strategy
  • Comprehensive IT Support
  • Security & Compliance
  • Unified Cloud Management
  • Backup & Disaster Recovery
  • Co-Managed Services
  • Digital Transformation Services

Industries

  • Overview
  • Financial Services
  • Life Sciences
  • Professional Services

Contact

Sales & Support: 1-855-841-5888

Email: info@coretelligent.com

Support Service Center

Let’s Talk

Schedule a no-obligation consultation.

Contact Us Today

Locations

Atlanta

Boston

Chicago

Dallas

Houston

Los Angeles

Maryland

New York

Philadelphia

Portland

San Francisco

Stamford

Tampa

Washington, D.C.

West Palm Beach

Virginia

Follow Us

  • Facebook
  • Twitter
  • LinkedIn

© 2022 Coretelligent. All rights reserved.

Privacy Policy

CCPA Privacy Notice

Scroll to top