The classic radius around a company’s most critical assets is no longer sufficient. If you want to secure data in times of cloud and mobile applications, you need Privileged Access Management (PAM). Security is more than just an investment in technology. It is a philosophy that everyone in the organization must take to heart. Everything starts with good politics.

In addition to regular user accounts, most companies also have privileged accounts that provide access to the organization’s assets. Privileged accounts are often targeted by hackers because they use them to gain access to critical systems and data through privilege escalation. This also allows them to cover their tracks and remain undetected for months.

In two previous articles, we explained why PAM is an asset to every company and what you should pay attention to before you start implementing PAM. However, a successful strategy is not possible without also taking the human aspect into account. Security is a philosophy based on a clear policy that is shared throughout the company.

Below are some practical tips:

1. Avoid manual methods for Privileged Access Management

Despite all the investments in cybersecurity, many companies continue to use simple Excel spreadsheets to keep track of privileged account passwords. They often share these sheets with their employees, which means that passwords can end up in the wrong hands in a variety of ways. Furthermore, looking up such information is far from efficient.

Automated PAM software ensures that you can manage passwords securely and quickly. This saves you a lot of time and provides you with better protection against attacks from both the company and hackers. Start by identifying privileged accounts, implement monitoring to address account proliferation, and ensure you can detect insider abuse and external threats as quickly as possible. A transparent and up-to-date overview of the privileged account landscape is an important basis in the fight against attackers.

2. Train your employees

In cybersecurity, you often hear that people are the weakest link. This is mainly because they do not have the right knowledge and skills. Phishing and social engineering attacks are becoming increasingly complex and companies need to invest in increasing employee awareness.

With the right security measures, training and PAM, you can ensure that your employees become a strong link.

Vincent Malfroid, Business Development Manager

It’s no longer enough to distribute a phishing test once a year or have employees complete an exercise that simply requires them to check a few boxes. They must provide thorough training programs that encourage behavior change. Also, emphasize the importance of privileged accounts so people understand why they need to follow strict guidelines. Don’t forget to also train management and explain why a budget should be allocated for training. With the right security measures, training and PAM, you can ensure that your employees become a strong bond and make it harder for hackers to break in.

3. Keep access to systems to a minimum

A good security strategy works with as few privileged accounts as possible. Configure all of your users’ workstations with a standard user profile and grant additional rights on a case-by-case basis. This allows IT administrators to control access to systems and data in greater detail and intervene more quickly in the event of an anomaly. This significantly reduces the damage in the event of a data breach.

4. Provide clear and consistent guidelines for PAM

Consider the following elements to minimize human error:

• Replace the default passwords of privileged accounts. Research shows that one in five companies have never replaced these passwords. Stealing these passwords is therefore at the top of cybercriminals’ wish lists.
• Prohibit sharing of credentials. For example, when an IT manager goes on vacation, he or she wants to quickly exchange information in order to delegate tasks to a colleague. But by doing this you create an easy target for hackers. Security policies must therefore clearly define how long someone is granted certain privileges.
• Monitor privileged access sessions. This ensures that in the event of a data breach, you can quickly audit and view all activity. Additionally, it is important to add a rigorous process with formal review and approval for new accounts.
• Evaluate privileged accounts so that users don’t retain old permissions that they no longer need for their current role or job responsibilities. This is even more important when working with third parties who gain access to critical assets.
• Grant permissions only upon request and avoid always-on practices. Sending users to a checkpoint means privileged accounts are only used for specific tasks.

Choose the right partner

Ultimately, you choose an experienced partner who you trust completely and who will support you in implementing the best PAM strategy for your specific situation. Such a partner will help you establish controls for access to systems and sensitive data, as well as develop a clear policy. In this way, you can work together to ensure that your organization is optimally protected.

This article is contributed by Vincent Malfroid, Business Development Manager at Arrow Electronics. Discover how Arrow and Delinea software helps you implement an effective PAM policy here.