What are the most effective ways to secure user accounts in your IT systems?
Learn from the community’s knowledge. Experts are adding insights into this AI-powered collaborative article, and you could too.
This is a new type of article that we started with the help of AI, and experts are taking it forward by sharing their thoughts directly into each section.
If you’d like to contribute, request an invite by liking or reacting to this article. Learn more
— The LinkedIn Team
User accounts are essential for accessing and managing IT systems, but they also pose significant security risks if not properly secured. Hackers can exploit weak or compromised accounts to access sensitive data, disrupt operations, or launch attacks. In this article, you will learn some of the most effective ways to secure user accounts in your IT systems and protect them from unauthorized access.
One of the simplest and most effective ways to secure user accounts is to use strong passwords and multi-factor authentication (MFA). Strong passwords are hard to guess or crack, and should be unique for each account. MFA adds an extra layer of security by requiring a second factor, such as a code, a token, or a biometric, to verify the identity of the user. MFA can prevent hackers from accessing accounts even if they have the password.
-
Adil Rathore
Project Management Institute PMP® | ServiceNow Implementer - 6x Certified | CSA - ServiceNow | CSD - ServiceNow | CIS - ITSM | CIS-Discovery | CIS- Service Mapping | CIS - Event Management
MFA is an extra layer of security in which a user requires at least two forms of identification before granting access. MFA is a regulatory requirement in most of the organisations nowadays so as to ensure the security of sensitive data, especially in sectors like healthcare and finance.
5
-
Alisha Sharma
For me first thing is to identify you can't protect what you don't know. Then once you have an enumeration of accounts then you get into the weeds of types of account - personal vs non personal accounts ( shared, generic , service) . Then the standard RBAC, least privilege, MFA, extra security layer for privileged accounts n non personal accounts such as PAM and robust logging n auditing. Apart from that sod,user access reviews etc will ensure effective iam for these accounts.
5
-
Abdul Gaffur
Senior Security Specialist - CyberArk PAM, Privilege Cloud Administrator
Having good security controls and implementing Privileged access management solution for securing most privileged accounts of the infrastructure. Education and proper guidance to end users along with 24/7 network monitoring systems.
5
Role-based access control (RBAC) is a method of restricting access to IT systems based on the roles and responsibilities of the users. RBAC allows you to define and enforce policies that specify what each user can do, see, and modify in the system. RBAC can help you reduce the attack surface, limit the damage of a breach, and comply with regulations and standards.
-
faizul mohammad
Technology Support Specialist at Al Siraat College Inc.
I support the MFA (Multi-Factor Authentication) system where the user is in control of their logins and also aware if any attempt/s are being made to impersonate him/her.
(edited)2
-
Anthony Polson
Business Development Manager at Chorus
Using Privileged Access Workstations (PAWs) can be helpful in implementing RBAC. Combined with the use of granular delegated access privileges (GDAP) to access and administer tasks on the workstation.
2
-
Mike Button CITP MBCS
ICT Infrastructure and Development Manager at Suffolk Fire and Rescue Service
Privilege access management solutions can help, but may be cost prohibitive to purchase or implement in some settings. As a minimum, ensure any system roles are aligned to business need, adopt least privilege and adhere to good change management.
1
Monitoring and auditing user activity is crucial for detecting and preventing unauthorized or malicious actions in your IT systems. You should use tools and techniques that can track and record who, what, when, where, and how users access and use the system. You should also review and analyze the logs and reports regularly to identify any anomalies, deviations, or violations. Monitoring and auditing user activity can help you spot and stop intrusions, investigate incidents, and improve security policies.
-
Justin Wolery
IT Consultant, System Administrator, Cybersecurity & MSP experience
Least-privilege: Users should only have the minimum level of access required to perform their tasks. This reduces the risk of exposing sensitive data or compromising system security. - Define clear roles and responsibilities for each user group - Assign appropriate permissions and privileges to each role - Review and audit user access regularly - Remove or revoke access when no longer needed - Make sure credentials are never shared or re-used
(edited)3
-
Parani Selvaraj
Lead Information Technology Specialist at Poshmark
Implementing least privilege management is a crucial security practice that restricts user and process access to the minimum level required for their specific roles and tasks. This strategy offers numerous benefits, including reducing the attack surface, mitigating insider threats, preventing lateral movement by attackers, and enhancing overall security. It also aids in compliance with regulatory requirements, provides granular control over permissions, simplifies auditing and accountability, and facilitates the efficient management of permissions. Least privilege management not only reduces the impact of vulnerabilities but also streamlines incident response and resource allocation.
-
Anthony Polson
Business Development Manager at Chorus
Moving to a Zero-Trust culture: - Enhanced security posture: By eliminating implicit trust and enforcing granular access policies, organizations can prevent attackers from exploiting vulnerabilities and moving laterally within the network. - Improved compliance: By applying the principle of least privilege, organizations can meet the regulatory requirements for data protection and privacy, such as GDPR, HIPAA, and PCI DSS. - Reduced complexity: By simplifying the access management process and reducing the number of privileged accounts, organizations can lower the operational costs and improve the user experience.
Educating and training users is another important way to secure user accounts in your IT systems. Users are often the weakest link in the security chain, and can fall victim to phishing, social engineering, or other attacks that exploit human errors or vulnerabilities. You should provide users with clear and updated security guidelines, best practices, and awareness programs. You should also test and evaluate their knowledge and behavior, and provide feedback and reinforcement.
-
William Quinones
For me, educating users is the most important step. Why? Because they are the ones, logging in and in charge of that system while they use it. Educate them on why it is important to have a complex password even when it feels inconvenient at times, lock the PC even if it is for a short period of time, don't share passwords, don't hide a sticky note under the keyboard with passwords, etc.
2
-
Shashi K.
Head of Operations @ Euronet Merchant Services | Payments | Operational Efficiency | Cost Reduction | Growth | Master of Management in FinTech
Definitely I would align my policies and start with users. Provide ongoing user training to keep them informed about security threats and best practices. Quarterly security awareness online training refreshes employee memories. Empowering knowledge and reiteration helps safeguard cybersecurity.
1
-
Justin Wolery
IT Consultant, System Administrator, Cybersecurity & MSP experience
Provide training to users on how to protect their accounts and IT systems from cyber threats. Users are often the weakest link in the security chain, as they may fall victim to phishing, social engineering or malware attacks. - Provide regular security awareness training to users - Educate users on how to create and manage strong passwords and use password managers and MFA. - Inform users on how to identify and report suspicious activities or incidents - Encourage users to follow security best practices and policies - Continous education on emerging social engineering trends and threats.
(edited)
Managing and updating user accounts is essential for maintaining the security and integrity of your IT systems. You should have a process and a tool that can create, modify, delete, and suspend user accounts as needed. You should also review and verify the user accounts periodically to ensure that they are valid, active, and compliant. You should remove or disable any unused, expired, or suspicious accounts to prevent them from being exploited.
-
Hans Christian Madsen
Senior Efficiency Engineer/TechOps
In my experience the most effective method is to set up a proper single source of truth where all user accounts are created from programmatically. This should be an HR system that creates and removes accounts as the users are onboarded and off-boarded. For platforms that can’t be tied via SCIM provisioning to the source of truth they should at least have SSO tied to your identity provider, so that access to the account gets deactivated when the user gets off-boarded
5
-
Parani Selvaraj
Lead Information Technology Specialist at Poshmark
Implementing a robust framework for managing and updating user accounts is crucial for maintaining the security and efficiency of IT systems. This practice not only enhances access control and compliance but also reduces security risks, improves resource allocation, and streamlines administrative processes. Regularly reviewing and verifying user accounts ensures that they remain valid and authorized while removing or disabling unused, expired, or suspicious accounts helps prevent potential security breaches. In essence, this framework is a cornerstone of effective user account management, safeguarding sensitive data and promoting a strong security culture within the organization.
1
-
Yasir Bashir
Project Manager at J&K Bank
RBAC with MFA and access through a PAM solution for privileged accounts with log monitoring using a centralised solution and periodic review of roles assigned.
-
Mohamed Yousif Osman
Senior IT Operation Engineer | Cisco & Microsoft Certified | Virtualization Expert | Azure & AWS | Atlassian & ITSM | IDAM Guru | Passionate About Technology 🚀|Senior IT Specialist @ Lean Technologies
To Secure user Accounts Implement RBAC Account. Deploy Single sign On with log events. Implement MFA Deploy Security Awarness training for users Suggrigate user accounts from Service accounts Deploy least privilege for users always
5
-
Sithila Konara
Associate Technical Specialist @ Pearson - 🎖️ AWS-SSA | Terraform Associate | MCSE | RHCE | CCNP - 🎓 MIS | BSc in IT - ✨ Datacenter and Cloud | Automation | DevOps | Cyber Security Enthusiast
In my opinion, it is best to keep standard and privileged user accounts distinct and to set up controls accordingly. There are also numerous security controls such as MFA, password complexity, password length, password rotation, account lockout, RBAC and so on. However, it is critical to determine the appropriate amount of security measures so that IT operations, efficiency, and productivity are not jeopardized.
5
-
Rashida Muhammad
VAD_Cyber Security Solutions I MENA Region
We at RAS Infotech are available for all your Cyber Security Solutions #ITSM | Network Access Control | Privileged Access Management | Identity & Access Management | Single Sign-On | Multi-Factor Authentication | Data Encryption | Data Erasure & Degausser | SIEM | SOAR | Vulnerability Assessment & Penetration Testing | Security Awareness Education
2