CSW S1, E17 - Why Should I Limit Employee Privileges on Company Devices?

Fred Cobb – CISO and VP of Services, InfoSystems

Rob Ashcraft – Sr. Cyber Security Strategist

This episode of the Cybersecurity Weekly Podcast is Part 4 of our series on the Center for Internet Security Top 20 Controls. Here's a quick list of where we're at:

1) Inventory and Control of Hardware Assets
2) Inventory and Control of Software Assets
3) Continuous Vulnerability Management
4) Controlled Use of Administrative Privileges

In this episode, Fred and Rob discuss controlling the use of administrative privileges, the process of managing privileges on computers, networks, and applications. The controlled use of administrative privileges is most impactful when a company first has taken an inventory of Hardware Assets and Software Assets, and practices Continuous Vulnerability Management (following the CIS Top 20 Cybersecurity Controls).

Many companies don't have specific policies in place to control, manage, and track the privileges employees have on company devices. Without setting limits on what employees can do on company devices, companies are vulnerable. A The main goal of a cyber-criminal is to exploit and gain control of a system, network, or device. It's important that you stay one step ahead of cyber criminals that are quick to exploit vulnerabilities.

There is an abundance of actions you can take to tighten administrative privileges:

- Multi-factor Authentication: Prohibits cyber criminals from going any further if they do get your password
- Create a separate account for any administrative approvals leadership approves
- Create a culture of security: Teach employees that one or two more steps in a process (i.e. getting approval to download an application) is better than a data breach

Listen to the full episode to learn how your business can begin following the Center for Internet Security Top 20 Controls and make your company more secure.

More Information
We'd love to hear your feedback. If you have any questions, you can text us at 423-697-9528 or email marketing@infosystems.biz.

This episode discusses Control Four of the CIS (Center for Internet Security) "Top 20 Controls." The Top 20 Controls are a set of prioritized best practices designed to help organizations protect themselves from cyber-attacks. It is a framework for every organization, whether you have a full department of IT support or don't have security programs or measures in place. You can learn more about the 20 CIS Controls here.

See the break-down of these CIS Controls' Sub-Controls here.

Discover how other organizations are using these controls here.