A recent study found that as many as 80% of data breaches can be tied back to the compromise of privileged user credentials. These insider attacks happen when cybercriminals get their hands on a legitimate user login, either through the use of phishing scams or from the purchase of passwords after the breach of a large database.

The average employee has to keep up with over 100 different passwords, which makes it very challenging to use strong password practices, such as using long passwords that include special characters and making each password unique.

This, coupled with the fact that credential theft has become one of the leading types of cyberattacks, has made account access security a major risk factor for many organizations. Just one breach can lead to business email compromise, ransomware infection, data loss, and breach of confidential employee or customer information.

The accounts that interest hackers the most are those with higher-level access privileges. If they obtain the credentials of a lower-level user that can’t access any security settings or user management, the damage they can do is limited. 

But, if a criminal is able to breach an administrative account, they can often add and remove users, lock companies out of their own accounts, access payment details, and much more.

The best way to reduce your risk of a privileged account compromise is to audit these accounts regularly. Your goals during this audit include:

• Reduce the number of unnecessary privileged accounts

• Eliminate any unused privileged accounts

• Lower access levels for employees where possible

• Put monitoring in place for insider attacks using admin accounts

Steps for Conducting a Privileged Account Audit

Create a List of Cloud Accounts With Each Account and Privilege Level

First, you’ll need to compile a list of each user account in each business cloud tool that your company uses.

This may take a few days, as companies often find out they have more cloud apps than they realize. The average company and its employees use approximately 137 cloud tools, both free and paid.

The fastest way to do this is to see if the cloud platform can export your user list and their details. Your goal is to have a list of each cloud tool, all users accounts enabled in that tool, and the privilege level of each account.

Identify & Eliminate Any Unused Accounts

Your next step will be to identify and eliminate unused accounts. Leaving unused user accounts sitting in a cloud tool provides a prime target for hackers to infiltrate your cloud platform because the account is unmonitored.

Eliminating all unused accounts, both privileged and non-privileged, will decrease your risk of a breach as well as save you money on any paid cloud account subscriptions.

Review All Privileged User Workflows to See If The Access Level Can Be Reduced

Next, zero in on those users with privileged accounts that allow them higher access and more permissions in the platform than basic user accounts.

Interview users to ask how often they use the additional permissions. If you find someone isn’t using a higher-level function very often, then they don’t need to have that access level on their account. 

Adjust User Privileges Using the Rule of Least Privilege

For all privileged user accounts that you’ve identified as not actively using those admin permissions regularly, reduce their user access level. 

You want to apply the Rule of Least Privilege across all your user accounts in each platform and use it going forward when creating new user accounts.

The rule is simple and dictates that users should be given the lowest possible permission level in a system as needed to complete their daily tasks.

So, if a user only needs admin permission once or twice a year, they don’t need to have an administrative account. They can use a temporary access change to complete those or a dedicated admin account, which we’ll discuss next.

Consider the Viability of a Single Dedicated Admin Account in Each Cloud Platform

Where it is viable, use a single dedicated administrative account. This greatly reduces your risk of a privileged account compromise because you’re reducing your high-level accounts to just one per platform.

Microsoft 365, for example, allows you to set up a dedicated administrator account without paying an additional user license. This account doesn’t use email and is only used for administrative purposes.

Users that need to conduct admin duties, simply log out of their own lower-level user account and into the shared dedicated admin account. When finished, they log out, and back into their own account.

Monitor & Review Privileged Accounts Regularly

Because privileged accounts are such a big target for cybercriminals, it’s important to monitor them and conduct audits regularly. Access monitoring helps you spot any strange anomalies, such as a privileged account login at odd hours of the day and night.

Let’s Improve Your Cloud Security This Year!

BrainStomp can help your business audit and review your access security and improve your cloud protections for a more secure cloud environment.

Schedule a free consultation today! Call 260-918-3548 or reach out online.