We are continuing our discussion on "Securing Our House" where we share the steps we are taking internally at Mapletronics to ensure that we are as secure as possible as an organization. Our hope is that by sharing what we're doing internally, you will discover new ways that you can implement security features, policies, and protocols to protect your organization. View more of our Secure Our House Series here.
Our security efforts here at Mapletronics have included implementing the Principle of Least Privilege (POLP) on our network. The POLP looks at internal user access and establishes that any user, program, or process should have the bare minimum privileges necessary to perform its function. For example a technical position who's job is primarily to update code doesn't need access to financial records and a user account created for pulling records from a database doesn't need admin rights. The POLP can also be referred to as the principle of minimal privilege (POMP) or the principle of least authority (POLA). Following the principle of least privilege is considered a best practice in cybersecurity.
POLP works by taking away access and privileges to anyone who doesn't need them to perform their required job. Using the principle of least privilege reduces the risk of attackers gaining access to critical systems or sensitive data by compromising low-level user accounts, devices or applications. Implementing POLP can help contain compromises to their area of origin, stopping them from spreading to the system at large.
Keep in mind that you don't want to enforce the POLP on only low-level user accounts, devices, or applications. You also want to overlook your higher level users who may be a higher target for a breach including your organization's executive team. Just because a user is an executive does not necessarily mean they need 24/7 access to your most vital data or to be set up with admin accounts.
Steps to implement POLP within your organization
Conduct a privilege audit on your organization. Check into all of your existing accounts, processes, and programs and double check who has access to what. Make sure each user only has access to what they need to perform essential duties.
Start all new accounts with least privilege. Make the default for all new accounts set to the lowest privilege as possible. Add specific higher-level powers as needed to perform the job.
Enforce the separation of privileges. Make sure to use admin accounts sparingly and keep most users on a standard account.
Perform regular privilege audits. As your organization grows and changes, the needed account accesses will vary. Regularly audit privileges to prevent a situation where an older user accumulates privileges that are unneeded as their role changes.
For more information on implementing the principle of least privilege within your organization contact us or call 574-534-2830