A lot of companies ACG has consulted to have neglected to monitor an employees account!
After investigations, organisations usually find that an employee was the source of insider threats.
To reduce the possibility of insider threats, organisations should consider implementing a “joiners movers and leavers” (JML) process. As a result, the JML process can play an important part in stopping insider threats.
Hence, implementing an effective JML process you can ensure that access rights are managed effectively. Most importantly, when people join, move within or leave the organization, managers should be responsible for instigating termination of access. Furthermore, managers are also responsible for recovering any assets, computers, smartphones and even data on BYOD devices.
By linking an organizations JML to the access control logs, you will be able to easily identify the users (current or past) and their activities linked to their accounts.
Consequently organisations will need to ensure their staff are aware they may be monitored for business and security purposes. Therefore company employees do not assume that they have privacy and above all, use the business services as per the process.
The most noteworthy access activities that should be monitored are:
- Successful logons
- Failed logons
- Locked accounts
- Privilege changes (changes in access rights)
- Source IP address
- User IDs
- Time and date
Don’t leave things to chance, contact ACG to get help to setup this process TODAY!