What You Need To Know
This control outlines the need for all user accounts on the system to have the correct level of access rights. This is especially critical for admin accounts where only authorised individuals should have full access to high-ranking privileges.
Admin accounts have the highest level of access to sensitive data, applications and computer settings, if the admin accounts become compromised it will likely have a devastating effect on the business and its operation.
User accounts must be authorised by management before being created. No account should be created without knowing who it is for and what level of access is required.
When basic user accounts are created they should have the minimum level of access to applications, computers and networks.
All individual accounts should have their level of access reviewed periodically. The details of all account rights and privileges should be documented and stored in a secure place.
All accounts should have a unique ID (Usernames) and the user should create a strong password. Our strong password guide can be found here.
Users should be prompted to change their passwords on a regular basis. This should be no less than once every 60 days.
All administrative accounts should only be able to perform administrative activities, they should not be used for accessing the internet or viewing E-Mails, this will prevent any malicious attacks from outside sources.
A process should be in place for removing/disabling accounts when a staff member leaves.