https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

From the Industry


Shutterstock

Sponsor Content

Security lock highlighted on digital web representing a network.

Using ‘Least Privilege’ to Shore Up Your Network Security

  • Written by Webroot Guest Blogger
  • January 3, 2020
If you haven’t incorporated the principle of least privilege into your data security plan, you’re taking a risk. Here are the POLP basics.

I’m going to get right to the point here: Very few (if any!) of your employees actually need full access to all parts of your business network. Why am I bringing that up? Because there are so many businesses that still give their employees unrestricted network access. If you or your clients haven’t incorporated the principle of least privilege (POLP) into your data security plan, you’re taking a pretty huge risk. Let’s go over some privilege basics.

What “Least Privilege” Really Means

“Least privilege” essentially means “need to know.” For many small and midsize businesses, the process of onboarding new employees involves giving them a login with access to everything on the network. Least privilege is the opposite. With the POLP approach, you start by assigning zero access by default, and then allow entry as needed. By embracing this principle, you ensure that network access remains strictly controlled, even as people join the company, move into new roles, leave, etc. Sure, it’s important to make sure employees have the access they need to be able to do their jobs. But, by limiting initial access, you can minimize the risk of an internal breach.

If you haven’t already done it, now would be a great opportunity to re-evaluate your network access policies. After all, the most important thing here is protecting your business and customers—as well as your reputation.

Listen to the podcast: Episode 6 | Shoring Up Your Network Security with Strong Policies to learn more about implementing the Principle of Least Privilege and other network security best practices.

Handling Objections around Access Control

According to Microsoft, 67% of users utilize their own devices at work. This means you may encounter some resistance to POLP policies because users will have to give up a few freedoms, such as using BYOD in an unauthorized fashion, installing personal software on work computers or having unfettered access to non-essential applications.

You’ll have to prepare yourself for some tough conversations. But, ultimately, the goal of POLP isn’t to make work a zero-fun zone; rather, it’s to ensure you’re providing a more secure workplace for everyone. Be sure to stress that it has nothing to do with who your employees are, their seniority, or even a history of good or bad habits; it’s just about security.

As the MSP or IT leader, you’re responsible for implementing POLP policies to protect the network. That means it’s also up to you to start the dialog around access control––early and often.

 Why You Shouldn’t Rely on Antivirus and Firewalls Alone 

No doubt about it: Antivirus software and a good firewall are necessary parts of your security strategy. But there are things that they can’t really help with. For example, they don’t protect against internal threats, such as an employee falling for a phishing scam email. This is where you need access policies to fill in the gaps.

Here’s an example: Let’s pretend you have an employee whose job is data entry, so the employee needs access only to a few specific databases. If that employee clicks a phishing link and gets infected with malware, then the attack is limited to those database entries. But, if that employee had root access privileges, the infection could quickly spread across all your systems.

Cyberattacks like phishing, ransomware and botnets are all designed to get around firewalls. If you follow an appropriate privilege model, you can limit the number of people who can bypass your firewall and exploit security gaps in your network.

Pro Tips for Implementing Least Privilege

When it comes to implementing POLP in your business, here are some tips for getting started:

  • Start with an audit. Check all existing accounts, processes and programs to ensure that they have only enough permissions to do the job.
  • Outlaw open access and start all accounts with low access privileges. Add specific
    • Page 1
    • Page 2
Tags: MSPs Best Practices From the Industry Intelligence Networking Security Webroot Sponsor Content

Related


  • Tactical Threat Intelligence Has a Critical Place in a Layered Cybersecurity Strategy
    Tactical threat intelligence typically focuses on the latest methods threat actors are using to execute attacks.
  • cybersecurity predictions
    Cybersecurity: What to Expect in 2021
    Remote work is here to stay (and other cybersecurity predictions for the year ahead).
  • Security shield on digital background
    Lockdown Lessons: Securing Your Business First
    When you consider modern attacks, it’s pretty obvious that all businesses—managed service providers (MSPs), small- to medium-sized businesses (SMBs), etc.—need a strong lineup of cyber-defense tools, not just a barebones firewall and old-fashioned antivirus. You need to protect your business first, and to do that, you have to build out a strong cybersecurity stack that […]
  • Using ‘Least Privilege’ to Shore Up Your Network Security
    Lockdown Lessons: Shoring up Your Network and Security Policies
    Ultimately, every business wants to do what they can to best serve their clients and customers. They also want to grow successfully, increase profits and create lasting relationships for long-term recurring revenue. But in today’s, if you don’t have a good security setup, the chances you’ll get breached get higher every day. That means all […]

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Lockdown Lessons: Why Hackers Hack - The Profile
  • Lockdown Lessons: Why Hackers Hack - The Stereotype
  • Implementing a Layered Cybersecurity Strategy
  • 16 Questions to Ask Clients in a Vulnerability Assessment

Galleries

View all

Channel Partners Virtual 2021 Is the Hottest Ticket in Town

February 26, 2021

Industry Perspectives

View all

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

The “Roaring 20s” Are Coming

February 25, 2021

Three Ways MSPs Can Improve Supply Chain Security

February 24, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

#COVID19 is ramping up #socialengineering – time for MSSPs to step in. @Electric_AI dlvr.it/RtvRQc https://t.co/ebTJNJcOxz

March 3, 2021
ChannelFutures

.@pluribusnet launches expanded, simplified partner program. #SDN dlvr.it/RtvGtQ https://t.co/bRDqYLEhXJ

March 3, 2021
ChannelFutures

#SupplyChain agility is changing global distribution patterns and #ictservices, says @NeecoICT.… twitter.com/i/web/status/1…

March 3, 2021
ChannelFutures

.@Centrify, @Thycotic merging, creating potential challenge to PAM leader @CyberArk. #cybersecurity… twitter.com/i/web/status/1…

March 3, 2021
ChannelFutures

RT @Channel_Expo: Day 2 of #CPVirtual is live! 👏 In this preview, @Craig_Galbraith highlights some of the biggest sessions and activities y…

March 3, 2021
ChannelFutures

RT @ChannelEurope: Daniel Warelow of @GiacomCM & Kelvin Murray of @Webroot say companies must take comprehensive approach to address #malwa…

March 3, 2021
ChannelFutures

.@spectralogic updates #partnerprogram to reflect changes within the company. dlvr.it/Rtsmwl https://t.co/Gtt1mXLfve

March 3, 2021
ChannelFutures

.@Netrality launches expanded partner program. #datacenters dlvr.it/RtrKXt https://t.co/2qHhnqrF7g

March 3, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X