Authorization is a process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. In simpler terms, the process or act of granting access privileges or the access privileges as granted.
Source: OASIS SAML Glossary 2.0; Adapted from CNSSI 4009
What Does This Mean for my SMB?
It’s vital to ensure that your organization has policies and processes in place to ensure only authorized personnel are accessing your data and/or systems. Additionally, CyberHoot recommends the following best practices to protect individuals and businesses against, and limit damages from, online cyber attacks:
- Adopt a password manager for better personal/work password hygiene
- Require two-factor authentication on any SaaS solution or critical accounts
- Require 14+ character Passwords in your Governance Policies
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Backup data using the 3-2-1 method
- Incorporate the Principle of Least Privilege
- Perform a risk assessment every two to three years
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
- Cybrary (Cyber Library)
- Press Releases
- Instructional Videos (HowTo) – very helpful for our SuperUsers!
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’. Sign up for the monthly newsletter to help CyberHoot with their mission of making the world ‘More Aware and More Secure!’