Non-personal accounts, or NPAs, are accounts that are not used by human users but rather by automated systems, services, applications, or scripts. These accounts are increasingly common in today’s digital age, as they are often used to facilitate communication and conduct business online. However, NPAs can also be vulnerable to security threats and risks if they are not properly managed and secured. In this paper, we will explore the importance of non-personal account recertification and provide step-by-step instructions for conducting a recertification. We will also discuss the top threats and risks associated with NPAs, as well as relevant regulations and requirements, such as the General Data Protection Regulation (GDPR). We will also provide quotes from reputable sources to support our discussion.
Step-by-Step Instructions for Non-Personal Account Recertification:
- Identify the systems and assets carrying NPAs that need to be recertified. This may include accounts used by automated systems, services, applications, or scripts. In general, those are related to regulated data.
- Create a list of the NPAs that need to be recertified and assign them to a team member or group of team members who are responsible for completing the recertification process. It is a fundamental step, to ensure those have risk ratings or at least protection needs.
- Determine the frequency of recertification based on the sensitivity of the information being shared through the NPA and the level of risk associated with the account. For example, NPAs that handle sensitive information may need to be recertified more frequently than NPAs that handle less sensitive information. Usually, critical NPAs must be recertified at least twice a year and quarterlybis thevusual practice. This must be aligned with the risk strategy of your company.
- Develop a checklist of tasks that need to be completed during the recertification process. This may include tasks such as reviewing and updating account passwords, reviewing account permissions and access controls, and ensuring that all authorized users are still able to access the NPA.Conduct the recertification process by completing the tasks on the checklist and documenting the results.
- Review the results of the recertification process and identify any areas that need improvement. Take steps to address any issues that were identified during the recertification process.Repeat the recertification process at the appropriate frequency to ensure that NPAs remain secure and compliant with relevant regulations.
Top Threats and Risks Associated with Non-Personal Accounts:There are several threats and risks associated with NPAs that organizations should be aware of. These include:
- Cybersecurity threats: NPAs may be targeted by hackers and cybercriminals who seek to gain access to the account in order to steal sensitive information or disrupt business operations.
- Account takeover: NPAs may be taken over by unauthorized users who gain access to the account through weak passwords or other security vulnerabilities.Data breaches: NPAs that handle sensitive information may be at risk of data breaches if they are not properly secured.Compliance issues: NPAs may also be at risk of non-compliance with regulations such as the GDPR if they are not properly managed and secured.
Relevant Regulations and Requirements:One of the key regulations that organizations must consider when it comes to NPA security is the General Data Protection Regulation (GDPR). The GDPR is a set of rules that apply to organizations that handle the personal data of EU citizens. According to the GDPR, organizations must take steps to protect the personal data of individuals and ensure that it is processed in a manner that is transparent, secure, and compliant with the GDPR.
- According to a report by Cybersecurity Ventures, the global cost of cybercrime is expected to exceed $10 trillion annually by 2025. (Source: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2021/)
- A study by the Ponemon Institute found that the average cost of a data breach is $3.86 million. (Source: https://www.ponemon.org/library/2019-cost-of-a-data-breach-report)A survey by the National Cyber Security Alliance found that 60% of small businesses go out of business within six months of a cyber attack. (Source: https://staysafeonline.org/stay-safe-online/resources/small-business-cybersecurity/)
- A survey by the National Cyber Security Alliance found that 60% of small businesses go out of business within six months of a cyber attack. (Source: https://staysafeonline.org/stay-safe-online/resources/small-business-cybersecurity/)
Non-personal account recertification is an important process for ensuring the security and compliance of NPAs. By following the steps outlined in this paper, organizations can protect themselves and their customers from the various threats and risks associated with NPAs. It is essential for organizations to stay up-to-date with relevant regulations, such as the GDPR, and to conduct regular recertification processes in order to maintain the security and integrity of their NPAs.