One of the most important things in keeping our data safe and secure is privileged access. Meaning, we have access controls in place that determine who has access to what. Why?
Let’s use an example that applies to both work and home: the administrator account. The admin access allows you to make specific changes to how a computer operates. Would you want your child or roommate to have access to your admin account at home? Of course not. Even if you trust them with it, what benefit does it serve to give them access?
The same is true here at work. The principle of least privilege lets us grant you the minimum amount of access necessary for you to do your job. That way, if a breach were to happen or a computer were to get infected, it would be relatively isolated. This is why it is so important that you NEVER give out your credentials to anyone, and, if you feel you’ve been given more access than necessary, please say something!
Access and Insider Threats
While our organization is always on the defense against cybercriminals, we also have to acknowledge possible internal threats to our sensitive information. These are known as insider threats and they include everyone who has access to valuable assets. In fact, the more access you have, the bigger the threat you are.
There are 3 types of insider threat we need to be aware of:
The malicious insider: One who purposefully undermines the operations of organization in some manner (such as intentionally stealing or leaking data).
The accidental insider: One who unintentionally causes a breach or compromises our organization (such as accidentally sending sensitive information to the wrong party).
The negligent insider: One who may not have malicious intentions, but knowingly breaks policy (such as using an unapproved, third-party file-transfer service).
This is why you should always follow company policy and be aware of the access you have, so as not to compromise it in any way. If you’re not sure what your role is in our efforts to protect information, please ask! There is no such thing as a stupid question.