Today is Identity Management Day!

Forward by CyberWyoming Alliance: The term cybersecurity has negative connotations. In a recent poll with the Wyoming Women’s Business Center, over 70% associated the term ‘cybersecurity’ with the word ‘hassle.’ With today being Identity Management Day, the CyberWyoming Alliance challenges you to reassociate cybersecurity with PROTECTION. Each time you see the word cybersecurity, think PROTECT.

And, don’t forget to SAVE THE DATE for Wyoming’s Cybersecurity Conference on September 23 in Laramie!
Theme: It’s About Identity!

Wyoming’s Cybersecurity Conference is combined with the University of Wyoming’s Blockchain Stampede.

Protect Identities through Proper Management

The National Cybersecurity Alliance and the Identity Defined Security Alliance (IDSA), present ‘Identity Management Day,’ an annual awareness event which will take place on the second Tuesday in April each year.

Launched in 2021, the mission of Identity Management Day is to educate business leaders and IT decision makers on the importance of identity management and key components including governance, identity-centric security best practices, processes, and technology, with a special focus on the dangers of not properly securing identities and access credentials.  In addition, the National Cybersecurity Alliance will provide guidance for consumers, to ensure that their online identities are protected through security awareness, best practices and readily-available technologies.

Research by the IDSA reveals that 79% of organizations have experienced an identity-related security breach in the last two years, and 99% believe their identity-related breaches were preventable. According to the 2020 Verizon Data Breach Investigations Report, as many as 81% of hacking-related breaches leverage weak, stolen, or otherwise compromised passwords.

As part of Identity Management Day, the National Cybersecurity Alliance and the IDSA,  will provide guidance for stakeholders at all levels, to ensure that identities of employees, machines, applications, and partners are protected through security awareness, best practices and readily-available technologies.

Clarify Ownership of ALL Identities

Discovery of Critical and Non-Critical Assets and Identity Sources

Clearly define the individual or entity responsible for your website, all the portals and cloud systems, your internal computers, and your software administartion. CyberWyoming’s Cybersecurity Competition for Small Businesses encourages each company to perform an inventory for this exact purpose.

Establish Unique Identifiers

Make sure everyone inside your company and accessing your business information has a unique user ID. This includes those cloud systems and portals. Even think about some of those promotional websites where you order your company’s bling. Is your credit card stored there and do multiple people share one user ID on that site?

Authoritative Source of Trusted Identity Data

Do you have a good orientation and termination checklist for your company to ensure that access is given to only those that need it and removed when it is no longer needed? Do you have a few key employees that have moved around your company and how have user access creep so they can get into lots of different systems that they no longer use? This is called privilege creep. Completing a review of your company’s user IDs at least once a year is a great idea. Start with the inventory from the section Clarify Ownership of ALL Identities and then see what has changed. Then, establish a process to maintain user IDs long term.

Privilege Access Management

Once you have completed your inventory of user access, long term ways to manage this may be needed. Consider adding multi-factor authentication on your more sensitive accounts, like the company online bank account. Also, if you have a lot of cloud systems and portals, you may want to consider a password manager for the company. Both LastPass and BitWarden have administrative tools that allow you to lock a user out of cloud systems right away.

Establish Governance Processes

Most small companies can simply put a user access review on their calendar to double check that their Termination checklist is working properly, add any systems to their inventory, and to ensure that privilege creep hasn’t occurred. Be sure to set aside some time to do this on a routine basis for the time period that best fits the size and turnover rate for your business.

Wyoming’s Cybersecurity Competition for Small Businesses

For more practical tips like these, join Wyoming’s Cybersecurity Competition for Small Businesses at https://cyberwyoming.org/competition/.
Registration deadline: May 15
Questions: info@cyberwyoming.org

Share:

Register to Receive the Tech Joke of the Week!

This Week's Joke:

How many programmers does it take to change a light bulb?

None, it is a hardware problem!

More Posts: