Preventing “Privileged User” Fraud and Abuse
In most companies, employees need a user identity to access work-related hardware and software. Privileges to use certain applications or open certain files usually are provided to workers based on their department, role and level of authority. Over their tenure, employees might accumulate various privileges they no longer need. For example, someone who once worked in accounting might retain the ability to make journal entries even after transferring to the legal department. Unfortunately, dishonest employees could use their privileges for nefarious purposes.
Best practices
Privileged users sometimes use their access to perpetrate fraud, intellectual property theft or sabotage. And they don’t always act alone. Third parties, such as competitors, could try to recruit privileged users to steal trade secrets. Or employees could collude with hackers to compromise a company’s network.
To prevent such incidents, your organization needs to keep close tabs on employee access. Follow these best practices:
Identify the privileges needed for each role. List the access privileges required for each job and review current employee access to ensure workers have only the privileges they need. If in doubt regarding the need for access to certain applications, err on the side of caution and remove them. Managers can reinstate privileges on a case-by-case basis if they decide someone needs greater access.
Monitor user activity. Observe how employees use their privileges. If, for example, an employee accesses customer data from another city, check to see if there’s a business reason for doing so. If someone in sales creates a journal entry, find out whether that task falls within his or her current role and if a manager has approved it.
Establish an “upgrading” process. Although managers should make any decisions about upgrading an employee’s privileges, use technology to help standardize and track requests and approvals. For sensitive applications, such as those that house customer and financial data, consider requiring two levels of approval to elevate a user’s privileges.
Remove dormant accounts. When employees leave your organization, their access privileges should be deleted immediately. If a previously inactive account becomes active, block access until you have time to research why it has come back to life.
Potentially severe consequences
If employees or third parties abuse privileged access to your network, the consequences could be severe and long-lasting. Your organization must continually monitor privileges to ensure they’re used only to perform legitimate work.
(This is Blog Post #1295)