[Reading time: 41 seconds]
The following is a clause in Hiscox’s current cyber insurance application form*:
“All [users] with administrative privileges [must] have two accounts: one for everyday usage [..], and another only for administrative tasks (e.g. to install or uninstall programs on a computer; to access all files on a computer and/or network; and to modify or create accounts for other system users).”
Why is two better than one?
Having two accounts is like having one key for the front door of your house and a separate key for the safe that contains most of your valuables.
- The house key is used every day.
- The safe key is only used when necessary.
If you lose your house key (or you’re fooled into handing it over to a criminal), most of your valuables are probably still safe.
It’s a simple move, but it makes it much harder for criminals to get their hands on all of your valuables.
So what?
Make sure:
- All of your administrators have two accounts, and
- They only use their administrative account when necessary.
Otherwise, your cyber insurance policy could be as useful as a chocolate teapot.
* Thanks to Garrett Cassidy of Abarta Consulting for sending this application form to me. Garrett and I are both seeing that insurance clauses and obligations are becoming very prescriptive. Who knew insurers would actually expect organisations to implement a secure foundation? It’s like asking drivers to use the brakes on their vehicles..