Today’s Edition: Unlocking the Power of Access and Control
Managing employee access is a critical component of maintaining a robust and secure data environment within any organization. By effectively controlling who has access to what data, businesses can significantly reduce the risk of data breaches and protect sensitive information from falling into the wrong hands.
Performing regular user access reviews (UAR) help identify and remove unnecessary privileges, reducing the likelihood of insider threats and minimizing the potential for accidental data leaks. Role-Based Access Control (RBAC) ensures that employees only have access to the resources and information necessary for their specific roles, limiting the extent of potential damage in case of a breach.?
P.S. These practices go a long way in instilling a culture of security within an organization.
Keep reading to get started. ??
How to Perform User Access Reviews
Countless data breaches can stem from improper access management. Verizon’s 2022 Data Breach Report found that 82% of data breaches were caused by credential theft, phishing attacks, and employee misuse or mistakes.?
The good news is that there are steps you can take to help protect your data and better control how access is granted and managed. In this blog post, we dive into how to perform user access reviews and provide a 6-step checklist to streamline the process, including:
Get the full article and checklist here.
From Drata's Experts
ICYMI at Drataverse: Enhanced Access and Control
Our first ever Drataverse Digital gave guests a first look at a variety of exciting new products that promise to revolutionize the way businesses manage their access and control. We’re recapping the whole thing here.
?3 Myths You Should Know About Access Reviews
It’s not always easy to know which of your employees should be allowed access to the systems you use, so we’re breaking down some of the most widespread myths about access reviews in this article.
5 Internal Threats to Your Compliance Program
Join Drata and KnowBe4 for a fireside conversation on the top internal threats to an organization’s compliance program and how to solve for them.
Ask an Auditor: Access and Control
Join us on Nov. 9 at 3 p.m. PT to learn about User Access Reviews. We’re pairing up with an audit expert from Top 6 audit firm, RSM, in this live Q&A session.
We’ll be covering questions like:
领英推荐
Submit your questions and register for the webinar here.
Around the Web
New DDoS Attack is Record Breaking: HTTP/2 Rapid Reset Zero-Day Reported by Google, AWS & Cloudflare | Tech Republic
Troy's Takes
Question: When it comes to managing employee access, isn’t MFA enough?
Troy’s Take:
In a recent attack, it came to light that decryption keys were stolen by installing a keylogger on the personal device of one of the four Senior DevOps Engineers that had access to the shared vault storing the decryption keys. The attacker captured the engineer’s credentials (which included MFA) as they were typing them in.
Just a thought—for your employees with privileged access to the keys to the kingdom, force them to use a physical key as the second factor for authentication. Attack methods like this would have a much harder time succeeding with physical keys as the second factor.
Check out Troy’s LinkedIn for more industry insight.
Secured Jobs
National Security Threat Researcher | OpenAI | San Francisco, CA
Senior Principal GRC Analyst | Notion | New York, NY
Associate Security Engineer, Cyber Threat Intelligence | Disney | Burbank, CA
Helpful Resources
Trusted is currently published twice a month and is designed to share the latest resources from around the compliance, risk management, and cybersecurity space. If you have suggestions or would like to include a recent article or podcast, please let us know.
?? Secured, The Drata Community
↘? Trusted: Share our newsletter with others