What is the principle of least privilege? | Kaspersky official blog

One of the most important concepts in information security is the principle of least privilege. In this post, we explore what it is, how it works, how adhering to this principle benefits businesses, and how to implement the principle of least privilege in practice.

How the principle of least privilege works

The principle of least privilege (PoLP) is also known as the principle of minimal privilege (PoMP) or, less commonly, the principle of least authority (PoLA).

The main idea is that access to resources in a system should be organized in such a way that any entity within the system has access only to those that the entity requires for its work, and no more.

In practice, this could involve different systems and different entities within a system. Either way, in terms of applying the principle of least privilege to enterprise security, this can be restated as follows: Any user of the organization’s information infrastructure should only have the right to access the data that is necessary for performing their work tasks.

If, in order to perform certain tasks, a user requires access to information they currently don’t have, their permissions can be elevated. This elevation can be permanent – if required by the user’s role, or temporary – if it’s only necessary for a specific project or task (in the latter case, this is called “privilege bracketing”).

Conversely, when a user no longer requires access to certain information for some reason, their permissions should be lowered in accordance with the principle of least privilege.

In particular, the principle implies that regular users should never be granted administrator or superuser rights. Not only are such privileges unnecessary for the duties of the average employee, but they also significantly increase risks.

Why is the principle of least privilege needed?

The principle of least privilege helps improve access management, and generally hardens the security of the company’s information infrastructure. Here are some of the important security objectives that can be achieved by applying the principle of least privilege.

Risk mitigation. By restricting access to the minimum necessary for users to perform their tasks, the likelihood of accidental or intentional misuse of privileges can be significantly reduced. This, in turn, helps lower the risks of successful perimeter penetration and unauthorized access to corporate resources.
Data protection. Limiting access helps protect confidential data. Users only have access to the data required for their work, thereby reducing the likelihood of their gaining access to sensitive information or, worse, causing its leakage or theft.
Minimizing the attack surface. Restricting user privileges makes it more difficult for attackers to exploit vulnerabilities and use malware and hacking tools that rely on the user’s privileges, thereby reducing the attack surface.
Localizing security incidents. If an organization’s network is breached, the principle of least privilege helps limit the scope of the incident and its consequences. Because any compromised accounts have minimal rights, potential damage is reduced, and lateral movement within the compromised system or network is impeded.
Identifying users responsible for an incident. Minimizing privileges significantly narrows down the circle of users who could be responsible for an incident. This speeds up the identification of those accountable when investigating security incidents or unauthorized actions.
Compliance with standards and regulations. Many regulatory requirements and standards emphasize the need for access control – particularly the principle of least privilege. Adhering to industry standards and best practices helps organizations avoid unpleasant consequences and sanctions.
Increasing operational efficiency. Implementing the principle of least privilege reduces risks for the organization’s information infrastructure. This includes reducing downtime associated with security incidents, thus improving the company’s operational efficiency.

How to implement the principle of least privilege in your organization

Implementing the principle of least privilege in an organization’s information infrastructure can be broken down into a few basic steps and tasks:

Conduct an inventory of resources, and audit the access rights users currently have.
Classify resources and create an access management model based on roles – each with specific rights.
As a starting point, assign users roles with minimal rights, and elevate their privileges only if necessary for their tasks.
Regularly conduct audits and review permissions – lowering privileges for users who no longer need access to certain resources for their tasks.
Apply the principle of privilege bracketing: when a user needs access to a larger number of resources for a task, try to elevate their privileges temporarily – not permanently.

And don’t forget about other protective measures

Of course, applying the principle of least privilege alone isn’t enough to secure a company’s information infrastructure. Other measures are also required:

Regular security audits.
Timely software updates.
Employee training on the basics of cybersecurity.
Deploying reliable protection on all corporate devices.

Kaspersky official blog – ​Read More

Transatlantic Cable podcast episode 329 looks news around Stuxnet, how journalists and creative artists are suing OpenAI and much more! | Kaspersky official blog

The latest episode of the Transatlantic Cable podcast kicks off with Stuxnet – yes, after 20 plus years, we’re still talking about the infamous malware. From there, the team discuss news that artists and journalists are looking to collectively sue OpenAI around copyright theft – let’s see how that turns out.

To wrap up, the team discuss fake news on Twitter X via stolen gold-check mark accounts.

If you like what you heard, please consider subscribing.

Dutch man sabotaged Iranian nuclear program without Dutch government’s knowledge
More non-fiction authors are suing OpenAI and Microsoft
Experts: 5% Chance AI Kills Us All
Fake and Stolen X Gold Accounts Flood Dark Web

Kaspersky official blog – ​Read More

Why you should start the year with a digital cleanup | Kaspersky official blog

What’s one of the best ways to kick things off to ensure a positive, fruitful 2024? We suggest doing some spring winter cleaning in your digital world — as this will certainly help you spend this year more productively. We’ve put together a few tips on how to: get rid of stuff you don’t need, turn off distractions and annoyances, and improve your digital hygiene.

1. Delete unnecessary files

Let’s start with the basics: deleting files you no longer need. This stage might seem easy, but it can actually take a while — simply because we all have an awful lot of files. So, it’s important not to get overwhelmed by the task. Try breaking it down into small steps, for example, deleting 10, 20 or 50 files each day — or even several times a day.

The main places to look for junk files are:

The desktop. An obvious candidate for where to begin your digital cleanup. Once you’ve cleared your desktop of ancient shortcuts and files, you’ll not only have more storage space, but should also gain a sense of order, which may boost your productivity, lift your spirits, and help you tackle the next steps of your digital cleanup!
The “Old Desktop” folder. Most likely, you have such a folder somewhere on your computer’s SSD (or something similar, like “Old Disk Drive” or “Old Computer Files”). And inside it, there’s often another “Old Desktop”, and within that, another, and so on. It may seem daunting, but time has come to finally deal with this abyss of nested directories.

Get rid of the Old Desktop nested folders

The downloads folder. Ancient documents, installation files from long-deleted programs, saved images dating back a decade, and other digital relics — chances are you no longer need them and can simply delete them all. And, don’t forget to clean the downloads folder not only on your computer but also on your smartphone (and on your tablet if you have one).
Your smartphone’s photo gallery. If you delete all duplicate photos, screenshots taken for unclear reasons, and videos your pocket decided to take all on its own, you might find you can postpone buying a new smartphone with more memory for another year or two. Special apps come to the rescue here, seeking either exact duplicates or similar files — for example, a series of identical shots, of which you only need to keep one or two. Look for them in app stores using the keyword “duplicate”.
Your cloud storage. This similar to the Old Desktop folder, but in the cloud. Sure, you can pay for extra disk space and accumulate files for a few more years. But might it be better to just get rid of them?
Large files and duplicates on your computer. If you need to quickly free up space on your hard drive/SSD, the easiest way is to either delete a few large-sized files or get rid of identical files, thoughtfully scattered across different folders. To automatically search for large files, you can use the Large Files feature on the Performance tab of the Kaspersky app. By specifying the minimum size and search area — the entire computer or selected folders — in a few minutes you’ll receive a complete list of files whose size exceeds the limit. Then, you can choose to delete them either in bulk or individually.

Also on the Performance tab, you can find and remove duplicate files. Used together, these features (available in Kaspersky Standard, Kaspersky Plus and Kaspersky Premium subscriptions) might save you from having to buy a new hard drive or SSD.

Once you’ve finished removing unnecessary files, don’t forget to empty the Recycle Bin — or the “Deleted photos” folder, if it’s your smartphone’s photo gallery.

2. Clean up your email and messengers

The next important stage in your digital cleanup is to sort out your email and messaging apps. This will reduce the amount of space your correspondence takes up and, most importantly, improve your experience of using your email and messengers. What to do first?

Get rid of unread messages. Those scary numbers in red circles hovering above your messenger app icons can really get on your nerves and prevent you from dealing with new incoming messages on time. This could cause you to overlook something important, get your priorities wrong, miss a deadline or meeting, and so on. Like cleaning up files, sorting through unread emails and messages can take some time. That’s why a steady, systematic approach works best here: try to break the process up into small steps. And aim to always have fewer unread items at the end of each day — sooner or later, you’ll hit zero.

Looks familiar? Help yourself: try to gradually sort out all your unreads

Unsubscribe from unnecessary email newsletters and messenger channels. This step can help you with the previous task, too. Weeding out unneeded information feeds will reduce the number of new unread items, so you can reach that golden zero even faster. You need to be decisive here: instead of simply ignoring another uninteresting message or email, unsubscribe immediately.
Delete old messenger chats. Correspondence with a realtor about the apartment you moved out of three years ago, communication with couriers, and other similar priceless messages will some day form the basis of your memoirs. Just kidding, of course: delete all of it without hesitation.
Delete emails with large attachments. Is your email provider sending you annoying messages telling you you’re about to run out of storage space? The easiest way to quickly clean up your inbox is to delete old emails with large attachments. Most providers and email programs allow you to find them without much difficulty. It’s easiest with Gmail — to find all emails bigger than 10 megabytes, just enter “size:10000000” in the search bar.

The easiest way to quickly clean up your inbox: find and delete all large emails

Clear out the spam folder. Individual spam emails typically don’t take up much space. But if you haven’t checked your spam folder in a while, you might have accumulated a ton of messages. Deleting them will push you away from your mailbox limit even further.

3. Close old tabs

Now it’s time to deal with the program we all use the most: your browser. Old tabs left open for months, if not years, not only eat through your device’s memory, but also make it difficult to find the relevant information you actually need. Moreover, an abundance of tabs can pose a serious obstacle to updating the browser — which, by the way, is one of the most important digital hygiene procedures there is.

So try to get rid of unnecessary tabs in all the browsers you use — including on your smartphone. There are two approaches here: either act quickly and decisively, ruthlessly closing all tabs without concern for what they contain; or do it gradually and cautiously, closing tabs in batches of 10–20 at a time and checking along the way if there’s anything important among them. You can add the ones you actually need to bookmarks or tab groups.

Close all unnecessary tabs in your browser — it’ll be easier to find important ones

And while we’re still on about the browser, also clear its cache. If you haven’t done this before, you’ll be surprised at how much space it takes up. Also, it’s a good idea to review all the extensions installed in your browser: if you’re not using something, now’s the perfect time to remove it.

4. Cancel unnecessary subscriptions

Almost every online service nowadays offers some type of paid subscription — if not several. And these subscriptions can start to pile up beyond all reasonable limits. How much does it all cost? Who knows?! Seriously, people often have no idea about how much they pay for all their digital subscriptions, typically underestimating the total expenses several times compared to reality.

So not only does canceling unnecessary subscriptions bring immediate financial benefit — but this benefit is probably greater than you imagine. On the other hand, the task isn’t that simple: you need to remember all your subscriptions, gather and organize information about them, sort out what’s what — and only then will you understand what you should unsubscribe from. There also might be family subscriptions, with duplicates on the various devices of your family members.

The good news is that there’s a special app for managing subscriptions: SubsCrab. It can organize information about all your subscriptions, calculate monthly expenses, show you a handy schedule and warn you about payment days in advance, tell you what needs to be done to cancel a particular subscription, and even propose alternative subscription options or promo codes and discounts for renewals.

The SubsСrab app will help sort out paid subscriptions and cancel unnecessary ones

5. Remove unused applications

You probably have apps on your smartphone that you haven’t used in over a year. Or maybe even ones you’ve never opened at all. Not only do they take up your device’s memory, but they can also slowly consume internet traffic and battery power and, most importantly, they clog up your interface and may continue to collect data about your smartphone — and you.

It’s time to finally get rid of them! If you delete at least one unused app a day, within a month or so they’ll all be gone, and order will be restored on your smartphone’s home screen.

However, there is a way to immediately detect all unnecessary apps — both on Windows computers and Android smartphones — with the help of the Unused Apps feature included in Kaspersky Standard, Kaspersky Plus and Kaspersky Premium subscriptions. It will show you the apps you rarely use and allow you to delete them all in one fell swoop.

There are some protected Android apps which are impossible to uninstall, even if you don’t need them at all — all due to the whim of the smartphone manufacturer. These may include a proprietary browser or an unused social network client. However, there are special methods to uninstall such apps, which we’ve covered in detail in this comprehensive guide.

6. Turn off unnecessary notifications

One of the main obstacles to digital peace of mind can be the endless stream of notifications flowing from almost every app these days — whether it’s a fitness tracker or a calculator. But, fortunately, we’re not at the mercy of our phones in this case. So go through the list of apps that are allowed to send notifications and thin it out.

Notification settings and Focus mode in Android

There are two possible solutions here. The first one is radical: disable notifications for all apps except the most essential ones — banking apps, work tools, and messengers. The second is moderate: identify apps that blatantly abuse notifications — firing them out for no good reason — and disable these pests.

It’s also helpful to disable notifications in messengers for less important contacts, channels, and chats. Also, take a closer look at the focus mode settings. They’re available in all modern operating systems — such as Android, iOS/iPadOS, Windows and macOS — and allow you to limit the number of notifications and other digital noise for a set period.

Notification settings and Focus mode in iOS

Also, don’t forget that these days it’s not just apps sending notifications; many websites use browser-integrated notification systems for this purpose, too. So make sure to disable all unnecessary notifications there as well. By the way, we have a separate guide on how to stop browsers from bothering you with trivial stuff.

7. Delete unused accounts

Accounts with online services — even the less important ones — always pose a potential risk. If an account gets hacked, it could be used for fraud, laundering stolen goods, attacks on other users, and more — and all in your name. And if a bank card is linked to such an account, there could be damaging consequences.

It’s therefore best not to leave your accounts to fate: if you no longer need a particular account, it’s wise to delete it. This part of the cleanup might be especially challenging: first, you’ll need to recall which accounts you’ve created, then remember your login credentials, and only then can you delete them. But it’s really worth doing!

To avoid getting overwhelmed, try deleting at least one unnecessary account per week. And while we’re at it, I recommend adding all your accounts to a password manager. That way, they’ll all be in one place, their passwords will be securely stored, and you’ll be able to log in with just a few clicks — so the next time you’re cleaning up, it won’t be such a hassle.

Plus, if any of the services you use is compromised, you’ll receive a notification from the password manager and can promptly take action — either by changing the password or by deleting the account.

8. Change unsafe passwords

If you enter your account details into Kaspersky Password Manager, the application shows you any passwords that might be unsafe, either due to data breaches, or because you use these passwords across multiple accounts at once.

Kaspersky Password Manager tells you which passwords are unsafe and need to be changed

The danger of the first scenario — when a password has already been compromised — goes without saying: if malicious actors know your password, the security of the corresponding account is directly threatened.

As for using the same password for different platforms, the risk here is that if one of these services is breached and attackers find out the password, they’ll certainly try to use it to access other accounts — a technique known as credential stuffing. Thus, using the same password everywhere puts you at risk of having multiple accounts hijacked at once — most unpleasant.

Unsafe passwords need to be changed, and the sooner the better. Passwords that have already been compromised should be replaced immediately. When changing passwords that you’re using in multiple places, you can afford to take the process step-by-step, editing a couple of accounts at a time.

By the way, Kaspersky Password Manager helps you create truly secure and unique character combinations using a random password generator (so you don’t have to come up with new complex passwords yourself), and stores them safely in encrypted form — synchronizing passwords across all your devices. The only password you’ll need to remember in this case is the main password for Kaspersky Password Manager: it encrypts the entire password database and isn’t stored anywhere except in your head.

And to streamline all these digital cleanup processes, we recommend using Kaspersky Premium, which includes comprehensive protection, productivity enhancement tools, a password manager, and many other features necessary for effective digital housekeeping across all your family’s devices.

Kaspersky official blog – ​Read More

Crimeware server used by NetWalker ransomware seized and shut down

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back…

Naked Security – Sophos News – ​Read More

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

It took six months for notifications to start, and we still don’t know exactly what went down… but here’s our advice on what to do.

Naked Security – Sophos News – ​Read More

S3 Ep149: How many cryptographers does it take to change a light bulb?

Latest episode – listen now! Full transcript inside…

Naked Security – Sophos News – ​Read More

Using WinRAR? Be sure to patch against these code execution bugs…

Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead…

Naked Security – Sophos News – ​Read More

Smart light bulbs could give away your password secrets

Cryptography isn’t just about secrecy. You need to take care of authenticity (no imposters!) and integrity (no tampering!) as well.

Naked Security – Sophos News – ​Read More

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

WYSIWYG is short for “what you see is what you get”. Except when it isn’t…

Naked Security – Sophos News – ​Read More

S3 Ep148: Remembering crypto heroes

Celebrating the true crypto bros. Listen now (full transcript available).

Naked Security – Sophos News – ​Read More