Ecora Software outlined a series of safeguards that companies should consider implementing in order to be protected from harm caused by unauthorized access to critical data. The measures are based on the areas of highest IT vulnerability for companies and the most common missteps companies make when configuring and maintaining access control over their IT environment. To assist companies identify and shore up the areas of greatest vulnerability, Ecora has outlined the following steps that every company can follow towards stricter access control to data:
” Synchronize: approved credentials and access rights between human resources and IT rarely match. As employees move within an organization access privileges can follow them and quickly mount. Ensuring that employees only have access to the information appropriate for their position is an essential first step in avoiding the manipulation and loss of data. For example, an employee moving from an IT role to a sales position could potentially bring with them the access rights to log in and manipulate sales data bases crediting themselves with commissions they didn’t earn.
” Passwords: companies seem to have forgotten that passwords exist for a reason, security. In many organizations passwords have become yet another issue of inconvenience for employees. To combat this some organizations have adopted a relaxed approach to passwords in many cases sharing login information for whole departments or not requiring the changing of or implementation of complex passwords. This creates a fundamental breakdown in security practices as shared or easy to crack passwords can be quickly spread throughout an organization allowing unauthorized personnel to access critical data files.
” Pattern Behavior: while it’s not possible to view every data transaction in a large corporate environment, Ecora does encourage companies to be cognizant of behavior. For example, if a staffer is suddenly downloading files at an aggressive rate or outside traditional business hours, this should be a red flag that further investigation is needed into the transactions.
” Go Beyond the Audit: due to regulations such as Sarbanes-Oxley, companies each year gear up for audits to ensure that all mandates are being met. Ecora suggests that companies strive for a constant state of data access control and not wait for audit season to ensure that they are meeting the appropriate governance standards. It is also important to remember that because a company passes an audit, doesn’t mean they are risk free. Compliance and security are not always defined the same.