Employ the principle of least privilege, including for specific security functions and privileged accounts.
What is the principle of least privilege? It is when you give a person’s account the bare minimum of permissions and capabilities they need to do their job. You basically lock their account down to the point that they can’t access anything that they shouldn’t. You must have some kind of file infrastructure, login capabilities, and physical network infrastructure in order to do this. You might keep all users in a separate network or VLAN, or virtual network. You will need to ensure that in a Microsoft domain, that their users accounts are in the appropriate security groups and that their privileges on their machines are restricted. Users should not be able to install applications, insert USB drives, etc. You want to also lock down anyone’s ability to use their mobile devices, personal computers, and home computers on your network or to connect to any of the CUI hosting machines. You also want to lock down VPN access and ensure that all activity on all of these devices are monitored and tracked. You want to keep track of all accounts and what privileges they have and have onboarding and offboarding criteria and checklists for all.
Single Point of Contact was founded in 1999 and is a Managed Security Service Provider in the San Francisco Bay Area. We tailor our IT security services to take into consideration the everyday challenges businesses face. Cybersecurity issues often stem from within an organization, so we take proactive measures to ensure everyone from top to bottom understands the ramifications of a cyberattack. Don’t hesitate to contact us to see how we can help better protect your company.