The threat posed by company insiders to the company's security is serious today. Recent reports indicate that the damage to the company by insiders has risen from 80% to 86% in all hazards, and more than half of the employees ' terminals have occurred. There is no doubt that internal employees who have access to the corporate system are most likely to be misled into fraudulent or dangerous links. In all employees, IT staff has the most access rights. Therefore, it audits should focus on identifying risks from multiple aspects. Here's how to implement controls and reduce staff fraud on administrators.
1.IT Security Policy
Managers should look at the IT security policies that manage privileged accounts such as Domain Admins accounts, application administrator accounts, database administrators, ensure that security policies exist, and how access is handled, validated, and proven, and that these policies are regularly reviewed. Otherwise, there is basically no basis for managing privileged access. In the absence of relevant reports, the strategy for managing privileged accounts is incomplete. Password audit reports for privileged accounts often involve questions such as when passwords are updated, what updates fail, and how individual users perform tasks under a shared account.
The strategy should have the goal of terminating obvious and defenceless user activity. Ensure that all employees, contractors, and other users are aware of their responsibilities, and that they are associated with IT security policies, methodologies, and relevant guidance to their role.
2. "Super User" account and access
It is important to understand how exposed your company is to user access. You should decide who has access to privileged accounts and users, and gets a list of all accounts with a high level of access to network, application, data, and administrative capabilities. Includes all computer accounts that are usually overlooked. This ensures that user access can be checked and that it has the appropriate permissions. A good way is to periodically review user access and decide that the "owner" of the data and system has been explicitly authorized.
3. Account and Password configuration criteria
Ensure that all administrator accounts are updated according to policy. The default password setting should not exist on a specific device. For those who have sufficient default account and password resources, the information is very rich. There are some security accounts, whose account name is the password, which is simply trouble. It is also important to set the duration of a password, and it is also smart to disable some obvious temporary accounts.
4. Controlled access to passwords
Management of accounts and password access for administrators with elevated power. The rationale may be obvious, but shared access to passwords is not always controlled. Offline records or open access, such as e-mail messages that contain passwords, should not exist. Even an encrypted password file is unworthy. In the worst case scenario, the password for the password file is not controlled.
5. Service account ("machine" account)
The server can also be elevated and used for a variety of nefarious purposes. These accounts are typically not assigned to human users and are not included in the traditional authentication or password management process. These accounts can be easily hidden. The administrator should guarantee that the service account has only the necessary access rights. These accounts should be checked regularly because they often have the power of Superuser. The number of such users is numerous, and there are many unused accounts that need to be noted.
6. High-risk users and roles
Some companies are constantly monitoring certain roles, which pose a high risk to the enterprise, and the company's monitoring reveals its potentially "unacceptable" behavior. Many companies have key roles that are highly risky. For example, a purchasing manager may bring sensitive data that he or she can access to another competitor in order to seek a position. In this case, the access is authorized, but there is a situation of abuse. The rotation of positions, responsibilities, and appointment time are important options to deal with high risk. Note: IT security professionals are often covered by high-risk roles.
7. Safety Awareness Project
Any employee or user can create a threat. Implement a safety awareness project that can handle all of the above points and ensure that it is enforced. There are many programs now that ensure that all users have read and agree to the rules and policies. One of the tools is to require the user to sign on a warning message when they log on, asking the user to confirm their consent and select the Receive or consent check box in the window.
8. Background Screening
Background screening is to seriously ask employees some tough questions to uncover dangerous signals about their particular behavior and attitudes, such as:
Irregular or unusual work experience: suspicious reasons for leaving work, reasons for prolonged employment
Fraud: A false statement in some fact (e.g. education, previous employment relations)
Personality/attitude issues: Bad relationships with co-workers or managers
Frustration, prestige issues, suspicion, inability to accept change, etc.
9. Event Record
Security event records provide the transparency of real-time usage and activity. Accurate and complete records of users and their activities are critical to incident analysis and the development of additional security measures. It is important to get access methods, access scope, and past activities. To ensure adequate records, consideration should be given to improving the use of records for higher risk areas and services.
10. Evidence
Managers should be familiar with the different storage devices used, and should have sufficient knowledge of "fingerprint" knowledge if there are any suspicious signs. This can be cookie data, hidden operating system data, and so on. It is easy to get key files from the corporate system and put them on flash memory, which can be disguised as digital cameras, personal digital assistants (PDAs) or mobile phones. There are also investigators collecting and analyzing information from mobile phones, which can contain voice mail, body messages, address files, phone numbers, and many missed calls, phone calls, and so on. In the event of any suspicious unlawful activity, the relevant evidence shall be retained until the outcome is finally determined.