Privilege abuse – that is the security threat that your business’s IT team is most worried about. According to a survey conducted in March 2014 among more than 4000 IT security executives, over 88% of them fear that users who have access to the organization’s applications and data are the ones who are most likely to compromise it and lead to a security breach.
Privilege abuse, or privileged user abuse, refers to the inappropriate or fraudulent use of permitted access to applications and data. This could be done, either maliciously, accidentally or through ignorance of policies. In addition to causing financial losses, such insider breaches also damage the organization’s reputation, sometimes irreparably.
If a company works with very few applications, user repositories would have to be mapped individually for each application. Every new user needs to be validated with each individual user directories to be able to access the respective protected application. This means that the same user has to log in separately every time he/she wants to use each application on the network. The inefficiency of this model was reduced greatly with the advent of Active Directory and LDAP.
A significant number of identity and access management solutions have the need to work with Active Directory as the repository of user information against which access is verified. Active Directory generally controls user identity and access permissions to everything from files, networks, and servers, to on-premise and cloud applications. However, integrating an Active Directory or LDAP with on-premise and cloud applications require third-party agents to be installed on your network.
A large percentage of employees in any organization use the internet for personal use during office hours. Their internet usage is mostly spread between YouTube, social media platforms and news sites. Of these, YouTube is by far the largest consumer of bandwidth.
YouTube is one of the largest online search engines on the internet – in fact it is second only to Google. Every day, over 5 billion videos are watched on the platform. What does this mean for an organization? Where should you draw the line when it comes to restricting YouTube content?
Why do you need to filter YouTube videos?
There are several ways in which operational workflow is disrupted due to a significant proportion of your employees spending time watching videos on YouTube. Especially with the newer generation of digital natives stepping into the workforce, the ramifications of unmoderated YouTube access are more pronounced. As a company, this could even result in the need to hire additional personnel to compensate for the loss of productivity. Here are a few ways in which unchecked YouTube access can harm your organization.
Reduction in efficiency
It is estimated that employees spend, on an average, one hour of their 9-5 workday browsing the internet. YouTube accounts for a considerable chunk of that time. If your company has around 20 employees, that amounts to a staggering 20 hours a day wasted on employees’ personal entertainment. On a weekly basis, that is 100 hours you can’t get back. If your organization is bigger, the problem scales as well.
While it can be argued that access to business-related YouTube channels can allow your employees to access solutions in a few minutes, YouTube is seen more like a leisurely and entertainment based “break”. Installing YouTube filter software can help to allow employees to access only whitelisted channels related to your business.
Load on internet bandwidth
The world is moving towards faster connectivity, and businesses which are faster to respond to their customers can deliver greater customer satisfaction. But the same high-speed internet is used by your employees use to browse YouTube too. This often amounts to several gigabytes of data, exhausting your internet bandwidth every month. Not only does this slow down your work communications, but assuming that you are billed on a monthly basis, imagine how much money can be saved by your company by reducing data consumption. Filtering YouTube videos can go a long way in reducing this burden.
Access to inappropriate content
YouTube comes with its fair share of shady content – pornography, religious extremism, and racial intolerance to name a few. Unmoderated access to a site with a large volume of such content can seriously dent the reputation of your organization. It can create moral conflicts between your employees on sexual harassment, religious or racial discrimination grounds. An office is no place to permit such activities.
The solution? A YouTube filter software!
With all this being said, it is crucial for companies to take a step towards controlling YouTube access on their networks. Akku from CloudNow Technologies comes with a highly effective YouTube Filtering feature which gives you control over what channels can be accessed by your employees and what cannot. Do contact us to know more.
Identity theft is as real as your identity and as dangerous as the one who steals it. It occurs when an unauthorized person or entity uses your personal information to assume your identity and commit fraud and other criminal activities including stealing from you, or from others in your name.
What does an identity thief steal?
Your name, address, credit card or bank account information, and even information that might otherwise seem harmless, such as photographs, information about your family members or your date of birth could be used in harmful ways in the wrong hands.
How does identity theft happen?
Identity thieves are well-organized, tech-savvy, creative and have seemingly innocent online personalities. They can steal information, simply by requesting it from an unassuming person or by using technological attacks to capture millions of records from enterprises. Sometimes, a stolen wallet or a carelessly-thrown receipt or letter can also lead to identity theft.
Here are some of the ways in which an identity theft may take place in your organization:
Data Breaches
A data breach, accidental or malicious, can have a heavy cost on both the organization involved and the individuals whose data is compromised.
Improper security on company-owned devices or devices that have access to your organization’s data is one of the leading causes of data breaches that lead to identity theft.
Phishing
Phishing involves sending deceptive emails with links to malicious websites that may either request or steal your information. If one of your employees is manipulated by such an email and clicks on a link it provides, it can be dangerous to the organization itself.
Even if your organization’s email can manage to keep out such mails from employee inboxes, if your employee has access to their personal email at the workplace, they are at the risk of being compromised.
Public Wi-Fi Connections
One of the problems with allowing your employees to work remotely is the possibility that they may be working from places that offer open or free public wireless internet connectivity. A criminal who also has access to the same network could also be able to observe all of your employee’s activities.
Mishandled Passwords
Carelessness with passwords, whether in terms of the creation of weak passwords or the way they are stored, can make your employees and your organization susceptible to identity theft.
When it comes to preventing identity theft, the first step to take is to sensitize your employees on the different ways in which it can happen. Studies have proven that employees are the preferred channels that identity thieves use when they target organizations.
From your end, you also need to:
Set a strong password policy across your enterprise applications, to ensure that your organization is not compromised through your employees’ use of weak passwords
Use two-factor authentication or multi-factor authentication to enhance the security of applications carrying sensitive data
Ensure that your DNS filter works effectively to block out malicious websites that your employees may try to access
Block access to employees’ personal emails at work, so that there a lesser chance of data compromise and data breaches through phishing
Set up IP-based or device-based restrictions so that unauthorized persons are kept out of your applications when they try to access them from unsafe locations or unrecognized devices
An identity and access management solution (IAM) like Akku can help you take control of all the preventive methods listed above, all in one go.
Get in touch with us through sales@akku.work if you wish to know more about how Akku can help protect your organization from identity theft through identity/access management.
Apart from data security, data privacy represents a major area of concern in IT security today. When it comes to data privacy, all organizations are very particular about where and how their company data is being saved, and who has access to it.
This is also related to one of the major reasons why organizations still hesitate to move their data to the cloud – “who else has access to my data if I move to cloud?” Even though almost every IaaS and PaaS provider tries to build confidence in their clients through certifications by authorized agencies, many enterprises are still not convinced. The reason is that there are still areas that lack transparency, where details on their data privacy are not clearly explained and conveyed to them.
To make things more complicated, in many cases, “backdoors” are being legalized by governments!
An effective identity and access management (IAM) solution plays a major role in data privacy and security and could go a long way in addressing the concerns that many businesses have. However, when it comes to IAM, most of the tools do not provide a dedicated server for each of their clients. While it is a fact that a dedicated server tends to cost more when it comes to pricing to the service provider, it is definitely the best way to provide 100% visibility to the client on their company data.
When a dedicated server is assigned to a client, it is possible to share server access between the client and service provider – the service provider cannot login without the client’s knowledge, and the client cannot login without the service provider’s knowledge. This may present some practical difficulties, but it is the only way to give a client 100% confidence that their data is truly under their control.
While it is true that all models have their own advantages and disadvantages, the use of a dedicated server for each client is clearly the best solution in terms of visibility and transparency, with minimal practical difficulty.
An array of information being stored online comes with major security risks. Therefore safeguarding data is an important consideration at any organization. And the security of your data relies heavily on the strength of your users’ passwords. The stronger your passwords, the more secure your data! It is important for administrators to drive a strong password policy enforcement, as it is the first layer of defence against black hat hackers and scammers.
A password policy is a set of rules created to upgrade an application’s security by requiring its users to frame a strong password and to utilize it in an appropriate way.
Why is Securing your Border Vital?
In today’s scenario setting up unique passwords for multiple applications is a burden for any user. Most users rely on using a single password for multiple applications, which can put the organization’s data at risk.
This makes implementing a strong password policy essential in protecting your data. Additionally, setting a Password Policy forms a part of the policies or rules for an organization to comply with ISO and PCI certifications.
Top Four Factors for Password Policies
Enforcing a strong password policy in an organization is an uphill task. There are some fundamental norms which are followed by a majority of organizations.
1.Length: The longer the password, the more difficult it is to crack. Set a minimum of 8 characters for your users’ passwords.
2.Complexity: The level of security depends on the complexity of the password framed. Passwords must have a mix of uppercase characters (A-Z), lowercase characters (a-z), numbers (0-9) and punctuations ( eg. !, #, $,*).
3.Expiration: A best practice in improving password security is to have a periodic password expiry. Most often the validity is 30/45 days and at the end of expiry date, the user is forced to change their password.
4.Uniqueness: Require users to set a unique password that has not been used previously when they reset their password.
How Can a Forgotten Password be Securely Retrieved?
When a user logs in with the right password, he is permitted to access the organization’s applications. On the other hand, when a user logs in with incorrect credentials, if the organization allows SSPR (Self Service Password Reset) then the system prompts the user to reset the password on his own.
Here’s how it works – a window pops up with a certain number of questions, and when the user answers all the questions correctly, he is permitted to reset the password. However, this process leaves the door open to social engineering attacks by black hat hackers.
A safer approach is to disallow SSPR in the password policy of an organization. In this scenario, the only way to reset a user’s password is to reach out the admin – this is safer and does not allow any intrusion through social engineering, and therefore reduces the data security threat.
How can a Forgotten Password be Securely Retrieved
I shall write more about SSPR and social engineering in my next article.
Enforce a strong custom Password Policy across your organization using Akku’s Password Policy Enforcement feature which brings it all together for improved security.
