Page 81 - Cyber Warnings
P. 81
• Do not authorize system access account credentials to be registered and stored outside
of your controllable realm. Allowing a third-party vendor to store credentials for your end
points opens a prime attack vector.
• Don’t allow system access accounts to be easily shared or distributed as the sharing and
distributing itself will require protection.
3/ Don’t expose your data and system information
Any type of system information, as harmless as it may seem, represents intelligence data that
can be used to exploit known vulnerabilities. As with privilege access accounts, do not let
system information leave your premises. Allowing this information to be managed and stored by
third-party vendors means you are relying on their security risk compliance policies to protect
your data.
4/ Stay connected to your users
By making greater use of background endpoint management tools, you can perform scans and
pre-empt any issues – without involving or interrupting the user. Crucially this also enables you
need to ensure that your users’ remote laptops are patched and up to date, which is one of the
quickest ways to stop the vast majority of malware threats gaining access to your systems.
5/ Audit, Audit, Audit!
When it comes to your IT systems management, you must ensure that you audit every system
access and operator action. Even though auditing is an after-the-fact reactive measure, it can
also be pre-emptive as it enables you to prevent an error from being repeated. Additionally, it
can act as an additional layer of internal security; if users/admins know they are being audited,
they are less inclined to do harm.
Conclusion
Remote working and the need for collaboration are not going to go away, in fact it’s likely to
increase in the coming years. The tightrope that IT departments need to walk is one of allowing
users as much freedom as possible while at the same time keeping a tight rein on security. Do
this and they can rest assured that even though the user is remote, no data is leaving the
company premises and they have complete management capability.
About the Author
Pascal Bergeot is CEO of Goverlan
81 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
