This is hopefully an easy question to answer. If not, then you have an exposure in your
company that needs to be addressed quickly.
Controlling the specific authorized access to all end users of the
systems that run
a
business is an important principle that needs constant maintenance and
monitoring.
Access control is defined as a system which enables an authority to control access to
areas and resources in a given physical facility or computer-based information
system. This conveys two important
points: first, systems need to be physically secured and second, they need to
be electronically secured. Simple
measures such as locking the office door and only providing authorized people
with a key is a good start. The next
step is implementing a simple plan and responsible persons to manage and
maintain all end user credentials and authorizations to meet some basic goals:
1) Develop
role-based access levels - what roles need to perform what system tasks.
2) Create unique
credentials for each user assigned to a role - no log in sharing!
3) Encourage
users to use best practices for password protection:
Always use strong passwords. For
more information, search "strong passwords" on the Internet.
If passwords must be written down
on a piece of paper, store the paper in a secure place and destroy it when it
is no longer needed.
Never share passwords with
anyone! Use different passwords for all
user accounts.
Change passwords immediately if
they may have been compromised.
Be careful about where passwords
are saved on computers. Some dialog
boxes, such as those for remote access and other telephone connections, present
an option to save or remember a password. Selecting this option poses a potential
security threat.
4) Remove credentials for any employees leaving employ
immediately.
5) Review user access roles routinely and keep updated
appropriately.
Instituting and following these best practices will help
secure your business systems, minimizing exposure to issues related to
unauthorized access. Be proactive and
make sure you have these measures in place before you wish you had. Remember these are the keys to your business.
