Employee accounts with excessive privileges are a real risk in many organizations. So is having too many administrative accounts and not tracking who has access to them.
For example, if an individual account has global administrator access and it gets compromised by a phishing attack, password spray attack or ransomware — all incredibly common attack methods — the cybercriminal gains access to basically your entire company. These takeovers can lead to lost production time and millions of dollars in ransom, recovery and lost productivity.
Next steps
- Adjust access levels: Keep your individual account at the same access level your users have. Keep your admin accounts separate, and use different passwords for them.
- Keep your vendor account access minimal: Don’t give vendors access to a greater scope than what they need. Disable/delete them when you no longer work with them.
- Review C-level access: C-suite execs are highly targeted by cybercriminals, so make sure their accounts don’t have excessive privileges. Only give them access to what they need.
- Review application privileges: Who has ability to authorize check runs or modify payroll? Who can issue a wire transfer? Reviewing these privileges not only helps limit fraud but also helps protect against cybercrime. Fewer people with access to sensitive functions limits the damage that can be done.
- Make a list of administrative accounts and review it regularly: Inventory your admin accounts and keep the list current on an ongoing basis. At minimum, perform an annual review of who has access to these accounts and determine whether they still need these access levels.
- Monitor all login activity associated with administrative accounts: Investigate any activity that appears out of the norm.
- Require strong passwords and MFA: Make sure admin accounts each have a unique password that follows strong password requirements. Implement multi-factor authentication for all administrative access to add a second layer of security.