13/10/17

Blog – User access and staying secure

User access to IT systems is obviously vital for those staff needing to use it, but it is even more vital to prevent access to unauthorised people and keep your and your clients ‘secured’ information safe and stop it getting into the wrong hands. In short, the fewer people that have access the better and only those who are absolutely necessary should be added to that very privileged list.

Cyber security is constantly under attack and we in the industry are permanently waging war on those who would undermine the security of individuals, businesses and other organisations right up to international governments, institutions and the military.

Here at PC Net Solutions Ltd we take these threats extremely seriously and that is why we complement our extensive safety precautions for our clients by supporting the Cyber Essentials scheme, a Government-sponsored programme aimed at protecting firms from attacks.

This month we take a look at user access control and highlight some of the steps you can take to try and keep your business safe. User accounts need to be managed efficiently and special access privileges should be granted to authorised and necessary staff only and provide the minimum level of access required to carry out their job. Special access privileges, as suggested by their very name, open up your system to the greatest level of access. Computers, information and applications are readily available to anyone with this level of clearance.

It is important to restrict this access and limit authorisation to a bare minimum number of people, and any user accounts should be made the subject of a tight approval process. Special access privilege details needs to be recorded, retained in a secure place and reviewed regularly. These privileges need to be deleted when the individual’s job changes, they leave the company, or after a spell of inactivity. It is also important for each user to have a strong password and unique username.

In dealing with sensitive material, like accounts, they should be set up so they need a change of password regularly and should not be documented on email or the internet.

The Cyber Essentials scheme will help to protect you against the most common threats and offers a very good, basic level of protection.