Unauthorised use of devices/networks by staff
This attack refers to an insider attack, such as staff. Gaining unauthorised access to areas you do not wish to share on your device and/or network. This could then lead to sensitive data being compromised or stolen and/or potentially malicious software being loaded onto your computers or servers from within. To guard against this, below provides some useful methods to implement.
1. Protect user credentials and avoid storing any in plaint text.
2. Set up Two Factor Authentication (2FA) and Single sign-on (SSO) for reducing passwords from being stolen and remove/suspend any accounts no longer in use.
3. Apply the principle of least privilege to user accounts.
4. Ensure limited administrator accounts on a need-only basis which are not used to check email or browse the web.
5. Ensure all devices on the network are patched with the latest release.
6. Utilise local firewalls on hosts to restrict unnecessary inbound and outbound traffic, e.g. by default block all inbound connections and use explicit permissions.
7. Use secure boot settings where possible.
8. Utilise network segregation such as isolating critical business systems.
9. Use network monitoring for events and recording logs.
10. Implement a robust password policy.