top of page
Abstract Background_edited_edited.jpg
ProactiveDiscovery

Account management – What is it, and why is it important?

On a high level, it is the process to ensure that an organization only provisions accounts that are authorized to access data or infrastructure. Remember that this effort goes beyond accounts for staff – think vendor access, contractors, service accounts for background tasks, API keys for system integrations, etc.


Consider the following safeguards when starting an account management effort:

  1. Create an inventory of accounts - Include information such as the user’s full name, role, username, department, account status, account platform, etc. Review the inventory regularly (quarterly or more frequently).

  2. Enforce unique and strong passwords - Best practices follow a 14-character length requirement. If possible, enforce multi-factor authentication (MFA).

  3. Disable dormant accounts - After reviewing the account inventory, deactivate accounts no longer in use. If your systems allow it, have accounts automatically disabled if reports show no login activity for 45 days.

  4. Use the “least privilege” approach – General tasks for daily business operations should be done under a non-privileged / non-admin user account. Reserve administrative permissions to dedicated IT staff, not the general user base.


Benefit: This approach fosters good “IT hygiene” by controlling access credentials. It enables the detection of rouge or unauthorized accounts in the environment and gives a good overview of what platforms have what kind of accounts.


Have questions? Schedule a 20 minute call https://tiny.proactivediscovery.com/book-cyber-call

4 views

Comments


RESOLUTE is a fully-managed cyber risk mitigation service that helps boutique and SMB (small to medium-size business) organizations protect, mitigate, and prepare against constantly evolving cyber threats.

bottom of page