Lepide Blog: A Guide to IT Security, Compliance and IT Operations

Common Mistakes Made by Privileged Users

Privileged Users

Mistakes are inevitable, but they can have severe consequences for your organization, even when they are unintentional. For example, if an employee inadvertently causes a data breach, it can result in the loss of sensitive data, as well as a hit to the company’s finances and reputation. According to the Ponemon Institute’s 2022 Cost of Insider Threats Global Report, insiders are responsible for 56% of all insider threat cases.

Privileged users, whether they be humans, applications, or processes, can make mistakes that negatively impact your organization. Such errors include loss of sensitive data, crashes of critical processes, and operational disruptions. Recognizing the most frequent errors made by privileged users can help you establish effective privileged user management, which is required under most data privacy laws and standards, including GDPR, NIST, and HIPAA. Below are the most common mistakes made by privileged users.

Common Mistakes Made by Privileged Users

Below is a list of 5 of the most common mistakes that privileged users make.

1. Poor password hygiene

Good password hygiene is crucial if you want to safeguard your private data, systems, and software. This involves using complex passwords and updating them frequently, although many individuals fail to adhere to these guidelines. Common password management mistakes include:

Using weak passwords: Employees frequently use short and easy-to-guess passwords, such as names, birthdates, and phone numbers.

Using default credentials: Companies sometimes fail to change the default password (usually “admin”) on sysadmin accounts.

Reusing the same password for multiple accounts: This is a dangerous practice since a single compromised password can allow attackers to access all accounts using the same password.

Storing passwords in plain text: If an attacker is able to gain access to a list of plain-text passwords, they can do a lot of damage.

Non-expiring passwords: Using the same password for a long time increases the likelihood of a privileged account being compromised. Password management best practices suggest rotating passwords every three to six months.

2. Disabling MFA, or not using it at all

Multi-factor authentication (MFA) can greatly enhance security and shield your sensitive information from unauthorized access far better than just a username and password. Unfortunately, privileged users sometimes disable MFA as they don’t fully comprehend the importance of it, and tend to perceive the process of waiting for a passcode as a time-consuming inconvenience.

3. Sharing privileges with others

Privileges should only be given to those who need them, and with the approval of the System Administrator. Unfortunately, colleagues often share privileged credentials without considering the security implications of doing so. When multiple people use the same account, it is hard to identify the person responsible when something goes wrong. Personal privileged accounts should be created whenever possible and if multiple users really need to use the same account, secondary authentication can provide additional visibility for actions performed under that account.

4. Using admin accounts for non-critical tasks

Using privileged accounts to perform tasks that don’t require admin-level privileges is a security risk. For instance, if an employee accidentally downloads a malicious email attachment while logged in to an admin account, the consequences could be disastrous. As such, employees should have multiple accounts, each with different access rights, for different purposes. Companies may also want to consider using Just-in-Time (JIT) access, which elevates a user’s privileges on a time-limited basis.

5. Failing to adhere to cybersecurity policies

Despite establishing cybersecurity policies, it is inevitable that some individuals in your organization will not adhere to them. There are several reasons for this, including ignorance, negligence, and inconvenience. Some employees or subcontractors may be unaware of the policies, while others may not understand why they are important or find following them tedious. Moreover, unauthorized solutions or devices may be used, which is known as shadow IT. Likewise, employees may use their own devices for work under a bring your own device (BYOD) policy, which requires close collaboration with the IT department to ensure secure management. To address these issues, regular cybersecurity awareness training can be conducted to communicate the importance of cybersecurity measures and promote compliance among privileged users.

How can Lepide Help to Secure your Privileged Accounts?

The Lepide Data Security Platform will help you discover and classify your sensitive data, which is crucial for configuring user access rights. It monitors privileged user behavior, detects anomalous trends, and helps you identify excessive permissions. It will also help you identify inactive users and open shares, and real-time alerts can be sent to your inbox or mobile app. In a matter of seconds, pre-defined reports can be generated that show a complete summary of expired passwords, soon-to-expire passwords, password changes, logon failures, account lockouts, and more. These reports can be distributed via email and exported in a variety of common formats.

If you’d like to see how the Lepide Data Security Platform can help you secure your privileged accounts schedule a demo with one of our engineers.