15 Jan Cyber Essentials 101 – Access Control
Access Control is one of the five key technical controls required in the UK Government-backed Cyber Essentials Scheme.
Why Access Control is important?
This control aims to ensure that only authorised individuals have user accounts and have access and at the appropriate level to reduce the risk of information being stolen or damaged. User accounts with special access privileges such as administrative accounts are often the target of cybercriminals as they have greater access to business sensitive information. When such account is compromised, it can facilitate large-scale corruption of information and disruption to business operations.
How to manage Access Control requirement?
- Have a provisioning and approval process for user account creation
- Special access privileges should be restricted to a limited number of individuals, be documented (e.g. individual details and purpose) and reviewed on a regular basis
- Admin accounts should be configured to require a password change on a regular basis
- Implement two-factor authentication, where available
- Every user should use a unique and strong password to access to applications, computers and network system
- Use administrative accounts to perform administrative activities only (no emailing, web browsing or other standard user activities that may expose administrative privileges to avoidable risks)
- Remove or disable user accounts and special access privileges when no longer required (e.g. when an individual changes role or leaves the organisation) or after a pre-defined period of inactivity (e.g. 3 months)
About the Cyber Essentials Scheme
This is part of a series of blog posts dedicated to the five key controls of the Cyber Essentials Scheme.
Cyber Essentials is a government-backed, industry supported scheme to help organisations implement measures to help protect themselves against common cyber-attacks. The scheme focuses on the five most important technical security controls that, when implemented correctly, can reduce significantly an organisation’s vulnerability.
Download our non-technical, no-jargon “Quick Guide to Cyber Essentials – Cyber Security starting point for small and medium businesses” to learn more about Cyber Essentials Scheme, its five key controls and how to implement them correctly.
How Urban Network can help
It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified company and Cyber Essentials audit body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.
For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here
Contact us and speak with a CyberSecurity expert who will answer any questions you might have.
Get a Free Network Health Check completely free of charge, and with no obligation attached.