User management.
Tips & Tricks
Every (security) system with users has an administrator.
That’s the one who can and is allowed to do everything.
Make changes, export, view all, customize everything.
The administrator is the boss.
He has a lot of power and a lot of responsibility.
In principle, only one person can be in charge.
But is that always the case? In practice, we regularly come across that this is not the case and that several people in an organization use the administrator login details or have been given administrator rights.
Simply because it is easy and people are not aware of the risks that this entails.
Incidentally, I should note that this usually applies to smaller systems and not to the large complex systems.
In general, it is well organized there.
Case study: who is to blame?
In an organization with a camera system, several people use the same (administrator) login for the recorder of the camera system.
So, all these individuals have access to the live and recorded camera footage.
They can make unlimited adjustments or erase certain settings or images.
And so important evidence can be destroyed (knowingly or unknowingly).
The system can even be rendered completely unusable.
But who did it?
All these people use the same login details, so the activity log does not offer a solution either.
After all, it is always ‘the same’ person.
Obviously, this is an undesirable situation.
GDPR legislation extra incentive for user management
With the entry into force of the General Data Protection Regulation (GDPR), there is an important reason to have your user management in order.
Personal data (including camera images) may only be accessible to people who also have to do something with them (process) them.
And it must be traceable who did what and when.
Incidentally, a thorough hierarchy in the user structure is not only of (crucial) importance in the business sphere.
Also privately we don’t seem to have everything in order and often several people (family members) use the same login.
Think, for example, of your mobile phone, Netflix account or the alarm system.
Everyone who has the access code is actually the administrator and can get in everywhere.
Think carefully about whether you want to do that…
Working with user groups reduces risk
With many users, it’s easy to create user groups.
Individuals get their own login and can be added to a group with specific rights.
Individuals can also be easily removed from the system by deleting the individual login.
The other group members will retain their rights.
But removing users from the system remains a human act.
An action that can be forgotten, with the result that old users keep their login for a long time or even forever.
This is a bad thing and poses a considerable risk to the system.
By using a common database, for example by linking the HRM system to it, the risk of this can be limited.
Password use remains a sensitive issue
And then there’s the issue of passwords.
The complexity of those passwords is sometimes hard to find.
I still regularly come across passwords like 1234 or 0000.
The problem is mainly with older systems, which do not require a change to the default administrator password to more complex and larger passwords. And then people often turn out to be lazy and the default simple password is retained. Until things go wrong… The complexity and length of passwords really matters. It also helps if passwords are always unique and non-repetitive. Hacking programs simply try all possible password combinations of letters, numbers, and punctuation marks to get in.
The longer and crazier your password is, the longer it will take for them to arrive.
Files with millions of passwords are now available online; ever hacked, or just because they are used often.
Fortunately, there are also several tools available to make password management better and easier.
Take action
Users are everywhere; at work and at home.
But not everyone has to be able to do everything and not everyone is allowed to access everything (think of privacy legislation).
Therefore, think carefully about an appropriate user structure with a clear hierarchy.
Newer systems often alert us to the risks and steer us in the right direction, but with older systems, we are often victims of our own negligence.
Don’t wait until it’s too late!