User login credentials have become a major target for cybercriminals and state-sponsored hacking organizations. Most businesses use the cloud for data storage and vital communications, like email, and hackers go where the data is.
Trying to breach a system from the outside that’s run by Amazon, Google, or Microsoft can be more trouble than it’s worth, as these companies spend millions of dollars a year on cybersecurity.
So, the best chance of gaining access to data and critical company systems is through a legitimate user account. And the best user accounts for hackers are the ones that are privileged, giving them administrative access.
Approximately 80% of all data breaches involve the use of compromised privileged login credentials.
It’s critical to protect all your cloud accounts, and especially those that are privileged, meaning they can access things like security settings, user management, and account payment information.
The best way to get started is by conducting a privileged account audit. We’ll tell you how!
Steps for Conducting a Privileged Account Audit
Create a List of All User Accounts & Privilege Levels
As a first step, you need to access all your company cloud accounts and SaaS accounts and export a list of users and permission levels.
This will give you an important starting point, so you’ll know just how many user accounts you have in each business cloud or online account and the permission level of each of those accounts.
Close All Unused Accounts
Your first “quick win” in your audit is to close the accounts that are no longer in use. You can do this for both your privileged and non-privileged accounts at the same time.
This will reduce unnecessary cloud costs and the unnecessary risk of having more accounts with administrative access than you need.
Unused accounts are particularly prime targets for a hacker because they’re unmonitored, and it will typically take longer for a company to realize one of them has been breached.
Interview or Survey Privileged Users on How Often They Need Admin Access
Next, you’ll want to zero in on your users that have any type of administrative privileges in your online accounts and SaaS tools. Interview or survey them, to find out just how often they actually perform any administrative tasks.
If you find that a user only uses their administrative access privileges once or twice a year, then their account doesn’t need to have those permissions daily.
Instead, they can be granted temporarily, or the use of a single dedicated admin account can be deployed (we’ll touch on this shortly).
Reduce your risk by lowering the privilege level of any users that don’t need to actively access those higher-level controls. Be sure to let them know that this is being done companywide due to the rise in credential compromise, so they know they’re not being singled out for any reason.
Apply the “Rule of Least Privilege” to All User Accounts
Go through all privileged user accounts based on the information you’ve obtained from your employees and apply the Rule of Least Privilege. This should also be used going forward when creating new user accounts.
This rule dictates that a user should have the lowest level of account access needed for them to complete their daily tasks.
Depending on the privilege hierarchy in a cloud tool, this may involve moving employees down one or two levels of privilege.
Consider Using a Single Dedicated Admin Account
One of the ways you can decrease the risk of a high-level account being accessed by a cyber attacker is to not give any users privileged access and instead set up a single dedicated admin account.
This is an option in Microsoft 365, and some other tools you use may also have this option available. You can set up one account that isn’t actively used by any single user. In M365, it doesn’t use email and won’t cost you a user license.
That single account has administrative access, and your admin users will log into it when needed and then log back out and into their lower-level user accounts when finished performing administrative tasks.
This significantly reduces risk because you now have only one administrative account and it won’t be receiving phishing emails.
Continue to Monitor & Audit Privileged Accounts Regularly
Put an annual date on your calendar to conduct an audit of your privileged accounts. These can get out of hand easily if not regularly monitored and managed.
Auditing them once a year helps you ensure you only have as many as you absolutely need. This process also reduces your cloud costs overall by ensuring any unused accounts are identified and closed.
Get Expert Help With Effective Cloud Access Security
Don’t leave your vital cloud accounts at risk of a breach! Rocky Knoll can help your Charlotte area business with effective and affordable access solutions that keep your cloud accounts secured.
Schedule a consultation by calling 704.594.7292 or reach us online.