High-profile breaches of private data are often the results of lost or stolen equipment, malicious hackers, or improperly disposed of storage devices. Yet, the July 2008 arrest of a network administrator who hijacked the city of San Francisco’s network focused the spotlight on a potentially more dangerous threat–your own admins.
In this IT Dojo video, I discuss the following five security practices that will help protect your company secrets from the very people who should be keeping them safe:
- Follow the rule of least privilege
- Not all IT staff should be domain admins
- Monitor additions to admin-level groups
- Log all administrative activity
- Immediately revoke admin rights for terminated IT staff
After watching the video, you can read more on these five security suggestions in Tom Olzak’s article, “How do you keep your sys admins from stealing company secrets?”–the basis for this video.