Take steps to protect business data, firms urged

Tuesday 12 June 2012

Businesses can take a number of steps to combat IT security threats, it has been claimed.

According to Quest Software, adopting a 'least privilege' security posture - one that gives each employee the least privilege necessary to accomplish required tasks - helps protect business data.

Some of the most common implementation options to help get to a least privilege state include assigning appropriate access directly to users based on well-defined roles, limiting access to administrator accounts, and making sure passwords are frequently changed.

Firms also need to embrace an access review policy and regular, automated access alerts that notify two or more administrators of access changes, employee changes or other critical issues, Quest said.

"To prevent access creep, access privileges must be dynamically linked to human resources and staffing databases," the firm suggested.

"Notifying more than one administrator helps overcome negligence."

Businesses are also urged to 'lock the front door' by fostering education, encouraging diligence, and developing processes such as regularly changed passwords.

Quest Software said companies can also adopt "harder" security access technologies with tools such as Microsoft Active Directory or multifactor authentication.

"Employee education can cover the logistics and basics of security, but also can address topics such as the psychology and known techniques of social engineering hacks," the firm added.

Finally, businesses can achieve compliance by implementing access control and through the separation of duties, practices and technologies, Quest said.

Developing, implementing, and enforcing secure policy on all system access can also make a major difference, as can providing a complete audit trail of policy and activities.

Posted by Alex Boardman