A failure to enforce unique employee logins for ISO 27001 compliance

The legal and law enforcement sector risks compliance and security issues by failing to provide and enforce unique employee logins.

Our report, Legal and Law Enforcement: Information Access Compliance, found that despite requirements by global regulatory standard ISO 27001, 31% of employees in the U.S. and U.K. legal and law enforcement sectors do not have a unique user login for their employer’s network and 24% do not require a login for access at all.

What's more, only 33% of workers are prevented from concurrent logins on multiple machines, which not only puts information at risk but also narrows the options for investigation should something go wrong.

IS0 27001 and users network access

Pertinent information such as case files, identity profiles and confidential statements can potentially and unknowingly become compromised if there isn’t strong network access controls and monitoring in place. Naturally in order to best manage access to each individual user’s requirement, you need to be able to identify individual users, for which unique logins are an absolute must.

Not only does unique user identification allow you to restrict network and data access on a "need to know" basis, it is also essential in tracking and monitoring. If a breach does occur, you cannot detect how it occurred without being able to identify individuals and their network access activity.

Read more about how to mitigate the risk of network access security breaches for compliance standards such as ISO 27001, FISMA, DPA, and Lexcel compliance.