By Farica Chang, Managing Principal
Key in the right combination of letters in May 2016, and you could’ve gained access to the Twitter, Instagram, and Pinterest accounts of one of the founding fathers of social media.
Turns out, even Mark Zuckerberg wasn’t safe from account compromise—or the consequences of not enforcing strong access controls.
By reusing the same password and (presumably) opting out of multifactor authentication (MFA), the multibillionaire made it all too easy for hackers to take advantage of a LinkedIn data leak that revealed over 160 million passwords and temporarily deactivate his Twitter account.
The magic word in question? ‘Dadada’. And while the (at the time) new parent made it through the incident with no more than some ego bruising, things don’t always work out that way. Here’s how to avoid your business meeting a far worse fate…
What Are Access Controls, and Why Do They Matter?
Access controls refer to the measures you use to regulate who can access your company’s systems, data, and applications. When these controls are sub-standard, businesses become vulnerable to unauthorized access, data breaches, and cyberattacks.
Imagine a former employee’s account is never deactivated after they leave the company. Months later, this account, still linked to sensitive systems, is compromised in a phishing attack. The attacker gains access to customer data, internal documents, and even financial records—all without raising suspicion because the account appears legitimate.
This is why a simple oversight in managing access can escalate into a serious and expensive security breach. Without strong access controls, you leave yourself open to entirely avoidable risks that can harm your operations, reputation, and bottom line.
How to Know If You’ve Got Weak Access Controls: The Telltale Signs
Weak access controls are often overlooked because they don’t announce themselves loudly. Instead, they quietly erode your defenses, leaving your business exposed without you even realizing it.
Fortunately, finding out if you’re guilty of having lax access controls is easy. Look for the most common faux pas:
1. Not Consistently Enforcing Password Policies
Employees reusing passwords or opting for “123456” and “password” is more common than you might think. Although you might have policies encouraging the use of strong passwords in place, if you’re not enforcing them, even your best IT system and most trustworthy employee could be vulnerable.
2. Not Using a Password Manager
A lack of centralized password management means your staff may store passwords in insecure locations—think sticky notes, spreadsheets, in their browser, or unsecured personal .
Password management tools like Keeper ensure credentials are stored securely but remain easy to access when needed.
3. Inconsistent Multi-Factor Authentication (MFA) Use
MFA should be non-negotiable. Yet, many businesses only enforce it selectively. Often, it’s actually the executives who bypass this extra layer of security or dissuade their IT department from enforcing it altogether. But as you’re about to find out, MFA is important for everyone, no matter how busy they are…
Where Weak Access Controls Pose the Biggest Problem
You might assume entry-level employees or new starters pose the biggest risk when it comes to weak access controls. After all, they’re less experienced and might unknowingly make mistakes.
The reality is quite the opposite—it’s actually the C-suite that’s your most significant vulnerability.
Executives typically have access to more sensitive data, systems, and financial resources than anyone else in the organization, and this elevated access makes them a prime target for cybercriminals. Yet a 2020 survey by MobileIron found that they’re the most likely group within a business to ask for more relaxed security protocols.
What’s worse? Executives often bypass the security awareness training the rest of your employees undergo. So, not only are they more vulnerable—they’re also far less aware of their high-risk habits (and how to fix them).
How to Strengthen Weak Access Controls
You don’t have to—and definitely shouldn’t—leave this digital powder keg exposed. By implementing the following strategies, you can significantly reduce your risk of a security breach due to weak access controls:
1. Audit Access Regularly
Conduct a comprehensive review of who has access to what. Start by answering these critical questions:
- Are there employees with access to systems they don’t use or need?
- Are there accounts belonging to ex-employees still active?
- Have your team members’ role changes been reflected in access permissions?
2. Remove Unnecessary Access
Follow the ensure that employees only have access to the data and systems necessary for their role. This limits potential damage if an account is compromised.
3.Enforce MFA for All Users
Make MFA mandatory for every employee, from interns to executives. But don’t stop there—enhance it with conditional access policies.
For example:
- Restrict access based on geographic location or device type.
- Deny access from unrecognized devices or IP addresses.
- Enforce stricter controls for high-risk actions, like financial transactions or downloading large datasets.
4. Invest in a Password Manager
A password manager allows employees to create, store, and share passwords securely without having to remember each one. Knowing you have these tools in place also enables your IT team to enforce password policies more effectively—one solution is applied consistently across your team, keeping your business safer.
5. Train and Educate Employees
Cybersecurity awareness training isn’t just for entry-level staff. Ensure that everyone in your organization understands the risks and consequences of lacking security practices—including executives.
When the leadership team sets an example, the rest of the company is more likely to follow.
6. Implement Role-Based Access Policies
Define access permissions based on job roles rather than individuals. This ensures that when someone changes roles or leaves the company, their access is updated or revoked automatically—saving the time you’ll spend on auditing permissions in the future.
Turn Weakness into Strength
Enhancing your access controls isn’t just about preventing disasters; it’s about positioning your business for success. Secure systems mean more trust from clients, greater operational efficiency, and fewer sleepless nights for you as a business owner.
So, take action. Start with an audit of your current practices, enforce MFA, and lead by example. Your IT landscape doesn’t have to be a powder keg—with a little work (and some expert advice), it can become a fortress.
Join the Conversation
On December 10th, we’re hosting a LinkedIn Live session to tackle your most pressing cybersecurity questions. Don’t miss this opportunity to learn from experts and take proactive steps to protect your business. Follow us on LinkedIn to stay updated!
Anderson Technologies: Real People Creating Business-Changing IT Solutions
For over 25 years, Anderson Technologies has leveraged our expertise for the benefit of our clients, supplying them with suitable, secure IT and strategic guidance for their technological future.
We’re a dynamic team of IT professionals with over 200 years of combined experience and specialist certifications to back up our knowledge. As a trusted advisor, we don’t just focus on today. We strive to take your technology light-years ahead of your competition and scale with your business’s success.
Ready to secure your business? Contact us today to get started.
