BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Transgression Tuesday: Ways to Avoid a Data Breach

Post by Peter McCalister June 28, 2011

We’ve talked a lot about change, and how it’s one of the only things in the IT world that remains the same. Another constant is human nature- specifically our reactions when we do something we shouldn’t. People have this funny tendency to hide their wrong-doings: sweep them under a proverbial rug. The problem is that those rugs can turn into uncontrollable problems, and in the IT world mean the dreaded “D” word: Data Breach. Hiding bad habits and improper actions never cloak the issue, but allows the problem to compound until one day it becomes a raging war.

That being said, let’s shake out a couple rugs and bring to light some bad habits that could make your enterprise the next Sony. We’ll start with a couple- I’ve often found that when one bad habit is being practiced, others aren’t far behind. The last thing we want is to overwhelm you, so the two IT sins we’re bringing to your attention today are as follows:

1. Allowing all users to run with administrator rights/root credentials. Allowing everyone access to all IT resources only leaves your sensitive data in danger. Whether its accidental, inadvertent, or intentional, privileges get misused when your company’s assets are available to all.

2. Not running regular inventory of which users have what rights. With changing job descriptions, new hires, lay-offs, and the changing of projects, user privileges change frequently. It is therefore crucial that you analyze privileged identities on a frequent basis, as well. Think about how different Gucci’s story would have been if they had done this- their previous employee wouldn’t have been able to access the information he leaked.

Do you have these habits going on in your enterprise. Now is the time to fix them, before you have to deal with the ramifications of a data breach. Stay tuned for future Transgression Tuesdays- we’ll keep you up to date on warning signs to look out for and traps to avoid.

Leave a Reply

Additional articles

smart rules manager for vulnerabilities

Staying on Top of the Latest Vulnerabilities with BeyondInsight v5.1

It’s no secret that dozens of new OS and application vulnerabilities are revealed every day. Staying on top of these new exposures normally requires paying for services or subscribing to multiple RSS feeds. BeyondInsight 5.1 provides customers with another option: a built-in, customizable vulnerability alerting system that delivers up-to-date information on the latest vulnerabilities in…

Post by Morey Haber April 21, 2014
Tags:
, , , , , ,
BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,