Principle Of Least Privilege

A recent survey commissioned by Malwarebytes, a leading anti-malware organisation highlighted the level of risk that businesses around the world are faced with during normal business operations.

Staggeringly in the UK more than 70% of companies had been subject of a cyber-attack in the preceding 12 months, which highlights the need to ensure business systems and infrastructures are fit for purpose and robust.

Whilst cyber-attacks are very unwelcome and the number is a very worrying statistic amongst business owners, 54% of UK respondents also reported being the victim of a ransomware attack with 42% reporting 1-5 separate attacks and 12% experiencing between 6 and 20 which really highlights the level of risk and potential business and data loss!

There are many steps that can be taken to negate infiltration of unwanted visitors or lessen the impact and actual attack and one of these is the Principle of Least Privilege.

The principle of least privilege (POLP) is the practice of limiting network and systems access to the minimal level that will allow an employee to perform their role effectively.

An employee should only ever have enough access and rights on a network to fulfil their job requirements. This includes management and network administrators. Admins should not be using accounts that have elevated privileges unless the task genuinely requires it.

An example of why is the recent trend of Ransomware attacks. If an employee has access to everything the Malware can encrypt everything which will greatly increase the recovery time taken to restore any affected files. If, however the user had been locked down to POLP the recovery time could be greatly reduced.

Obviously there needs to be an effective and workable balance when locking down privileges as what may be an acceptable baseline for admin users could be counterproductive for power users, especially in the CAD environment.

The BNS team are geared to helping our clients manage their networks, so if you would like to discuss your infrastructure or have not reviewed it for some time give us a call fill out the Contact Us form on this webpage to request more information or a call back.

Leave a Reply

Your email address will not be published. Required fields are marked *