Managed Service Provider & IT Blog

Least Privilege: What is it, and why care?

In IT, the principle of least privilege (PoLP) refers to the concept that any process, program or user must be provided with only the bare minimum privileges (access or permissions) needed to perform a function. For instance, if a user account has been created for accessing database records, it need not have admin rights. Also, a programmer responsible for updating lines of legacy code can do so without access to the company’s financial records.

PoLP is a cybersecurity best practice and often considered a critical step for protecting privileged access to a businesses’ high-value assets and data (including customer/employee records). Since this principle extends beyond the scope of human access, it is also applicable to systems, applications and connected devices that require certain permissions or privileges to perform a task.

What Least Privilege is Used For

Did you know that two of the most infamous data breaches on record, namely the ones at Home Depot[i] and Target[ii], occurred due to a compromise of their network credentials? In both the cases, hackers used privileged accounts to access critical business data and private records of customers. Taking a cue from these breaches in the past, you need to understand that whoever is looking after your IT must deploy security strategies for users and applications that perform critical functions within the network. It’s not enough to just put up protections to stop cybercriminals from getting in, you must prepare for the eventuality that they might, and limit the harm that each user profile might be capable of doing.

Ransomware: Cybersecurity’s Biggest Bully Yet

Can you imagine logging into your system to access your business data and being unable to do so? Talk about your worst nightmare coming true!

3 Principles that Allow Your Internal IT Team to Thrive

IT demands have skyrocketed since the onset of Covid-19, often completely overwhelming the capacity of existing teams that typically operate with maximum productivity. Setting up employees to work from home has many technical and security hurdles. Stacking that task on top of regular maintenance and support activities left IT departments grasping at straws, forcing some to deploy insecure workarounds to try and best accommodate business activity under intense time constraints.

Cybercrime in the time of COVID-19.

This is a re-sharing of an article I created for LinkedIn about a week ago that has only continued to gain more relevance. I hope that as information spreads we can hopefully limit the havoc that these bad-actors continue to unleash.

I'm seeing a lot of phishing emails around COVID-19 / the coronavirus. It's disappointing but expected that cybercriminals know that we are looking for information and answers to guide us through the confusion, anxiety, and uncertainty of what to do next. Be careful not to become a victim of these honed phishing campaigns around some "COVID-19 update" or "current coronavirus news". The last thing a small business needs right now is to lose files or financials to these kind of people, so here are a few quick tips.

1) Be especially wary of emails pretending to be from the CDC, WHO, or other government agencies. Try and find the information by searching for it on their website rather than clicking links emailed to you. Even links that appear valid according to their text may be hyperlinked to a completely different location when followed.

2) Keep an eye out for spelling errors and inconsistencies in the subject line and the from line (or domains that don't look legitimate). Read the entire email address to ensure it's coming from the source you think it is. There are cases of cybercriminals pretending to be internal HR members directing staff to click a link to view updated policies, and are instead directed to a malicious website.

3) Do your homework before donating to a cause. We're at our best when we decide that we will pull together to support each other in trying times, but some will look to take advantage of that instinct.

ArsTechnica put together a great article that's worth a read as well, I've linked to it here. Or better yet, maybe search "ars technica covid 19 phishing" and start practicing Tip #1 now!

Stay safe out there, in every way possible.

Top 5 Cloud Computing Trends To Maximize Your ROI in 2020

Cloud is not going to recede in importance anytime soon.

Use This 5 Step Approach For Building A Successful I.T. Disaster Recovery Plan

Have you ever lost data from your personal computer? It can be really annoying as well as time-consuming. But imagine the worry if you lose your data in a disaster, and your business does not even have a recovery plan in place.

Stay Ahead of the Curve in Manufacturing with Cloud Technology

Cloud computing is continuing to revolutionize the manufacturing industry. Most early adopters of the cloud in the manufacturing sector say that it plays a huge role in streamlining their operations and being more profitable. But, are you still contemplating whether or not to move your business and operational systems to the cloud?

Understanding Business Email Compromise Attacks and What can we do to Prevent Them

Yet another kind of social engineering technique that exploits human tendencies – Business Email Compromise (BEC) scams are bothering corporate houses at a vast scale. The attackers send fraudulent emails to the targeted firm and ask employees to make unauthorized bank transfers.

5 Ways to Ensure Successful Cloud Migration

The cloud has been instrumental in driving the digital shift in the business world. Cloud computing is a critical enabler for innovation, customer experience, and cost reduction.