• Partners
  • Contact Us
  • Client Support
Coretelligent
  • About
    • Why Choose Coretelligent As Your Managed Service Provider?
    • Core Values
    • Leadership
    • Testimonials
    • Careers
  • Solutions
    • Overview
    • IT Planning & Strategy
    • Comprehensive IT Support
    • Security & Compliance
    • Unified Cloud Management
    • Backup & Disaster Recovery
    • Co-Managed Services
  • Industries
    • Overview
    • Financial Services
    • Real Estate
    • Life Sciences
    • Technology
    • Professional Services
  • IT Resources
    • Resource Library
    • Blog
    • Events
    • Press Releases
    • Media Coverage
  • Contact
  • Search
  • Menu

Insights Articles

Our Information Technology Views and Articles

The Importance of Access Rights and Controls to Cybersecurity

Insights
July 14, 2020

Earlier this year, SEC’s Office of Compliance Inspections and Examinations (OCIE) generated a report on Cybersecurity and Resilience Observations. The report addresses seven critical areas for planning your cybersecurity and resiliency strategies, one of those areas being access rights and controls.

Access rights refer to the information and resources that a user has access to and how they can interact with that information– such as viewing or modifying content. Access controls look to verify a person’s identity (authentication) and if they have permissions to do a specific activity (authorization). If your ID card gives you access to particular rooms in a building, those are your access rights. If a security panel requires facial recognition to enter a room, it’s verifying your identity and level of access to that room. This is an example of access control. Imagine what would happen if you lost your ID card which had access to an entire building. What would happen if someone used your ID card to impersonate you? These are the types of vulnerabilities that attackers prey on digitally.

Defining Rights and Reducing Damage

Human error can be costly when it relates to cybersecurity. According to Verizon’s 2019 Data Breach Investigations Report, popular methods used for causing a breach were stolen credentials at 29% and phishing at 32%. Phishing is when an attacker uses social engineering to obtain information about someone. An example would be sending you an email impersonating your bank. The email may ask for you to confirm data like your social security number or date of birth. Attackers are becoming more sophisticated, so these emails often seem authentic. Once attackers have a user’s personal information, their goal is to get as much data as they can, as quickly as possible.

It’s best practice for user rights to follow the rule of least privilege. Having minimal access means a user can only access the data and resources required to do their job. By minimizing user rights, an attacker with stolen credentials has access to a limited amount of information. For users who need access to many databases, create separate accounts to segment access.

When defining access rights, you should ask the following questions:

  • What rights do users need to perform their job?
  • Who is granting and approving these rights?

Systems and Procedures

It’s not enough to minimize user access. Controls need to be in place to verify user identity and prevent unauthorized users from accomplishing tasks. Configuring access controls should start with policy that is backed by leadership. Policies need to be dynamic and reviewed often. With working from home becoming the new normal, there are more devices and new types of technology connecting to your business. If technology changes, so should your policies.

Implement access management procedures that minimize risk:

  • Periodically recertify users. Maybe their access needs have changed.
  • Enforce scheduled password updates. Require passwords to be strong.
  • Use multi-factor authentication (MFA), such as sending a code via text message.
  • Be aware of personnel changes and revoke credentials immediately.

Monitoring and Prevention

It’s essential to have a monitoring system in place to detect unusual activity. With advancements in technology, content governance solutions can use artificial intelligence and machine learning to monitor user behavior and learn from it. If a user doesn’t typically try to access information from Boston, the system can flag this activity and notify your IT team.

Compliance

In the event of a breach, you will need to prove what measures were in place to prevent the attack. Auditors will want to know each step that was taken before, during, and after the breach. No solution can guarantee a breach won’t happen, but having the right combination of policies, access rights and controls, technology, and industry experts can reduce the amount of damage.

At Coretelligent, we provide comprehensive solutions to mitigate cybersecurity and compliance risk. See how our CoreArmor solution can help lower your cybersecurity risk and increase your peace of mind. Contact us at 855-841-5888 or via email to info@coretelligent.com for a complimentary initial consultation.

by Jen Wallace
« BYOD: Supporting Home DevicesRansomware on the Rise for Financial Services »

Latest Insights / Articles

May 18, 2022

The Dangers of Data Exfiltration in Cyber Attacks

April 28, 2022

3 Things Your CISO Wants You to Know About Risk Management

April 25, 2022

Understanding Common Vulnerabilities Facing Life Sciences

April 25, 2022

10 Questions to Ask a Potential Managed IT Service Provider

Read our Latest Resources
Best Practices for Safeguarding Against Critical Cyber Threats

Safeguard Against Critical Cyber Threats

Download Now
Strategic IT Planning

Paving the Road to Success with Strategic IT Planning

Download Now
Solving Cybersecurity for Financial Services On-Demand Webinar

Solving Cybersecurity for Financial Services On-Demand Webinar

Download Now

About

  • Why Choose Coretelligent As Your Managed Service Provider?
  • Core Values
  • Leadership
  • Testimonials
  • Partners
  • Careers

Solutions

  • Overview
  • IT Planning & Strategy
  • Comprehensive IT Support
  • Security & Compliance
  • Unified Cloud Management
  • Backup & Disaster Recovery
  • Co-Managed Services

Industries

  • Overview
  • Financial Services
  • Real Estate
  • Life Sciences
  • Technology
  • Professional Services

Contact

Sales & Support: 1-855-841-5888

Email: info@coretelligent.com

Support Service Center

Let’s Talk

Schedule a no-obligation consultation.

Contact Us Today

Locations

Atlanta

Boston

Chicago

Dallas

Houston

Los Angeles

Maryland

New York

Philadelphia

Portland

San Francisco

Stamford

Tampa

Washington, D.C.

West Palm Beach

Virginia

Follow Us

  • Facebook
  • Twitter
  • LinkedIn

© 2022 Coretelligent. All rights reserved.

Privacy Policy

CCPA Privacy Notice

Scroll to top

This site uses cookies. By continuing to use this site, you accept our use of cookies. Our privacy policy was recently updated on November 2, 2018. Learn more about our Privacy Policy here.

I Accept