The way we work is changing rapidly. With a 400% increase in those working from home at least once per week since 2010 (Hubspot), remote working is on the rise and is a trend that is being accelerated by the ongoing Covid-19 pandemic. With employees working in multiple locations on multiple devices and joining multiple networks, the threats posed by attackers are higher and more prevalent than ever before.
What are privileged accounts?
Privileged accounts are those which have extended permissions to access certain systems and data within a network. Due to the potentially sensitive and important nature of the data, managing who has access is of vital importance.
Common mistakes with privileged accounts
Organisations take security seriously. Following a number of high-profile cyberattacks in recent years such as the NHS WannaCry attack of 2018 and the more recent attack on social media platform, Twitter, it is clear that no matter how well-established an organisation is, they are always vulnerable to threats. Despite taking security seriously, mistakes happen that impair the efforts put in place to secure data and information.
Here are some common mistakes in managing privileged accounts:
Mistake 1: Trusting insiders
Businesses want to trust their employees, and rightly so. However, whilst not every insider within an organisation is malicious, anyone can make mistakes, and mistakes can allow privileged accounts to be compromised. This in turn allows an outside hacker to access the user account and pose as an insider of the business, going under the radar of any security protocols that are put in place. Therefore, it is vital to know what privileged users are doing and identify any anomalies in activity.
Mistake 2: Sharing isn’t necessarily caring
A recent survey found that over one-third of Americans share passwords and account details with their co-workers. Based on the fact there are 95 million knowledge workers in the U.S, around 32 million employees are sharing passwords in America alone. With such an extensive number of passwords being shared, managing who has password visibility and therefore access is a complex task.
Wham, bam, thank you PAM
PAM stands for Privileged Access Management. By implementing an effective PAM strategy, your organisation can monitor which individuals have access to privileged accounts and why. Such visibility can ensure that only the users that need to can gain access to confidential information and data, protecting the organisation from being compromised by hackers.