Identity Management: 6 Actionable Tips for Business Leaders

Hosted by the Identity Defined Security Alliance (IDSA) in partnership with the National Cybersecurity Alliance (NCA), Identity Management Day is an annual campaign to educate consumers and business leaders about the importance of locking down login credentials and protecting private data online.

Now in its fourth year, Identity Management Day 2024 will be recognized on Tuesday, April 9. In honor of this special event, we asked our team to share six actionable tips for business leaders aiming to build trust through sound identity management practices.

Here’s what our experts had to say:

“MFA is the best way to keep ourselves protected”

“During my time auditing identity management processes, I’ve noticed an increase in character minimums. For example, passwords that used to require eight characters now ask for 12 or more. With the growth in compromised accounts and sophisticated ways to breach and/or impersonate a user, longer, more complex passwords that are harder to guess and the use of multi-factor authentication (MFA) is the best way to keep ourselves protected online. I highly recommend clients enable longer character minimums, complexity requirements, and MFA where possible.” —Gustavo Almanza, Senior, Attest Services

“Consistent documentation and review will go a long way”

“Build identity management best practices into your onboarding process. Have predetermined access based on roles, and require managerial approval for any access above that. Schedule regular access reviews to confirm that all access is in line with user roles and needs. Even if you do not have all the resources to purchase a streamlined solution, consistent documentation and review will go a long way to improve your overall identity management.” —Sarah Varnell, Senior, Attest Services

“Implement role-based access”

“The biggest piece of advice I give to clients would be to implement role-based access. These controls allow companies to align access and privileges based on their individual roles, in turn, providing a more streamlined and secure process to ensure there are no individuals with inappropriate access rights. I also often suggest clients use MFA and proper authorization process for adding, changing, or removing user rights.” —Teddy VanGalen, Senior, Cybersecurity Consulting

“A proper security awareness training program is essential”

“Implementing a proper security awareness training program is essential for managing and mitigating risks related to stolen credentials. Passwords are often stolen through phishing attacks, and properly trained employees are more likely to be able to recognize these attacks and report them appropriately. Implementing multi-factor authentication (MFA) across an entire organization is absolutely necessary to maintain cyber safety and can significantly minimize the threat of stolen credentials.” —Devin Olsen, Senior, Attest Services

“Look into identity management tools”

“Many of our clients are tech startups and may not have considered a federated identity management tool, so they go through a very manual process to provision and deprovision access across multiple systems in their environment. My advice to them would be to look into identity management tools to help automate the access provisioning, review, and deprovisioning processes. These tools help mitigate the risk of manual oversights, such as over-privileged or unnecessary accounts, as well as terminated users maintaining access to critical system components. Identity management tools give our clients peace of mind that access is appropriately managed.” —Whitney Perez, Director, Attest Services

“Automate the process of creating, updating, and deleting user accounts”

“A great way to protect your company’s identity is to automate the process of creating, updating, and deleting user accounts in systems and applications. Because a lot of organizations are often decentralized, many applications and systems can become forgotten and do not necessarily follow the appropriate provisioning and deprovisioning processes. This could lead to unauthorized individuals having inappropriate access to systems, applications, and data.” —Cody Hewell, Manager, Attest Services

Want to ensure your organization is up-to-date on best practices for identity management? Speak to a BARR specialist today.