November 6th, 2020
File Share Permissions - WST
During our IT audits, we consistently find file shares containing sensitive information with poor access restrictions. Most of the time, the super sensitive folders like “HR” or “Finance” are locked down, which is obviously good. But, think of the “Shared” drive that everyone has access to in your company. Is it the “Wild West?” Go peek in there, really look around – bet you’ll find something you wish you hadn’t.
At least semi-annually, use an account with minimal permissions (no special security groups) to browse file shares and discover where permissions may not be as restrictive as they should. If this user can see it, everyone in the company can see it. Identify and secure what you find and communicate with the relevant departments and employees about putting things where they are supposed to go. Resist the urge to say “Well, they can get that information in this other system, so it’s not a big deal to see it here.” Trouble with that is, that “other system” probably has access controls too, so why not just keep it safe there?
Finally, in addition to helping ensure least privilege access to sensitive data, strong access controls on file shares can also help to limit the impact of some types of ransomware that can only encrypt files accessible to the victim who triggered it.
You May Want to Read More:
Don't Let Urgency Lead to Insecurity, Part 2 - WST
April 17th, 2020
April 17, 2020 Don't Let Urgency Lead...
Complaint Management Programs - More Important Now Than Ever - WST
April 7th, 2020
April 2, 2020 Complaint Management Programs...