Who Watches the Watchmen? Protecting Against Privileged User Abuse

There are many security threats facing growing companies with expanding networks, but one security problem often overlooked is the users themselves.  Businesses lose, on average, around 5 percent of their revenue from internal fraud and other misuse.  Worse, rather than being the fault of “everyday” workers, these losses largely come from trusted, higher-ranking employees.

Privileged users in a network are one of the biggest risks here.

Privileged users are, simply put, anyone who has network access permissions above and beyond the typical user.  Any employee with the “admin” username and password are automatically privileged users, but the term can refer to anyone with higher security privileges.

No company likes suspecting its own employees of fraud, but it’s a real threat — and one businesses need to be aware of.

The Privileged User Problem:  With Great Power Sometimes Comes… ?

Broadly speaking, there are three main ways that privileged users can become a problem for network security:

1. Carelessness.  If there haven’t been security issues in the past, some privileged users may become more relaxed about the admin account over time and not protect it as well as they once did.
2. Exceptionalism.   Some system administrators may feel ownership over the network and  even consider rules as only applying to the users, not themselves.
3. Fraud.  Obviously, deliberate malicious activity is an issue as well.

It’s impossible to have an effective network without giving access to select privileged users, but focusing on fraud prevention in these areas will help mitigate many of the risks.

Trust, but Verify:  Keeping an Eye on Your Power Users

In general, your best defense against privileged user abuse is to make users aware that their activities are being monitored and provide ongoing training on proper security procedures.

1 – Constant monitoring.

Broadly speaking, the more monitoring you can do, the better.  This is beneficial for security – yours and theirs.  Among the systems you should consider:

System logging.  Obviously, all access to any files should be noted and recorded.
Per-terminal logging.  Watching interactions at the user’s terminal can reveal discrepancies between the system logs and actual usage.
Video / photographic monitoring.  Login data can be faked.  You should have visual records to establish a person was truly at a given terminal.
Remember, we’re talking about users who have enough access privileges that they could fake or manipulate data.  Multiple forms of monitoring make it far harder to manipulate the records.

2 – Consider a security chief.

Another option here is to establish a new office title with access above and beyond that of other users.  This person, for example, could have access to security files that even the sysadmins can’t access without the chief’s direct permission.

Trust comes into play with regard to this team member as well, but major security responsibilities would hinge on one person and one person alone. This can add another layer of security and minimize the guesswork should an issue arise.

3 – Refresher security training.

As noted above, simple carelessness is a big issue.  Such privileged users are often targeted by scammers precisely because of their elevated access rights.

Focus on:

  • Safeguarding security credentials, which can include never writing passwords down on a piece of paper.
  • Not storing any work-related materials on personal devices.
  • Logging out of admin accounts as soon as the required work is done.  Never stay logged in as admin any longer than is necessary.
  • Identifying suspicious interactions, like scammers fishing for information.

Don’t Forget the Human Element In Systems Security

Whenever a business builds a security system, the human security must be a focus.  Keeping a watchful eye on the “watchmen” helps ensure a safe and secure business environment.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>