High-profile breaches of private data are often the results of lost or stolen equipment, malicious hackers, or improperly disposed of storage devices. Yet, the July 2008 arrest of a network administrator who hijacked the city of San Francisco’s network focused the spotlight on a potentially more dangerous threat–your own admins.
In this IT Dojo video, I discuss the following five security practices that will help protect your company secrets from the very people who should be keeping them safe:
1. Follow the rule of least privilege
2. Not all IT staff should be domain admins
3. Monitor additions to admin-level groups
4. Log all administrative activity
5. Immediately revoke admin rights for terminated IT staff