Skip to main content

Access Management & Authentication at Ernst & Young

Bob McMahon
ernst-young-2.svg

Overview

Access management and authentication are critical components of EY’s cybersecurity framework. They ensure that only authorized personnel have access to our systems and sensitive information, protecting EY and our clients from unauthorized access, data breaches, and cyber threats.

This article outlines the key principles, policies, and best practices related to access management and authentication that every EY employee must follow.

What is Access Management?

Access management is the process of controlling who can enter EY systems, what resources they can use, and what actions they can perform. Proper access controls help ensure sensitive information remains confidential and secure.

Authentication Explained

Authentication is the verification process used to confirm your identity before granting access—typically through usernames, passwords, and additional security measures such as multi-factor authentication.

Key EY Access Management Principles

1. Least Privilege Access

Employees are granted the minimum level of access necessary to perform their job functions. This reduces the risk of accidental or intentional misuse of systems or data.

2. Role-Based Access Control (RBAC)

Access rights are assigned based on job roles, ensuring that employees have appropriate permissions aligned with their responsibilities.

3. Regular Access Reviews

Managers and system owners must periodically review and certify employees’ access rights to confirm they remain appropriate.

Authentication Requirements

Strong Password Policies

  • Create passwords that are at least 12 characters long, combining uppercase and lowercase letters, numbers, and special characters.
  • Avoid using easily guessable information such as birthdays or common words.
  • Change passwords regularly and do not reuse old passwords.

Multi-Factor Authentication (MFA)

EY requires all employees to use MFA wherever possible. MFA adds a second layer of security by requiring an additional verification step (e.g., a mobile app code or biometric verification) besides your password.

Protect Your Credentials

  • Never share your login credentials with anyone, including coworkers or managers.
  • Do not write passwords down or store them in unsecured locations.
  • Use only EY-approved tools (such as password managers, if provided) to store and manage credentials securely.

Best Practices for Secure Access

  • Log out or lock your device when leaving it unattended.
  • Avoid accessing EY systems from public or unsecured Wi-Fi networks without VPN protection.
  • Report any lost or stolen devices immediately to IT Security.
  • Notify Security immediately if you suspect your credentials have been compromised.

How to Request or Change Access

Access to EY systems is managed through the official access request process via your manager and the IT service portal. Always use these channels for requesting new permissions or modifying existing access.

What Happens if Access Is Misused?

Unauthorized use or sharing of access credentials violates EY policies and may result in disciplinary action, including termination. Protect your access rights carefully to safeguard yourself and the company.

Need Help?

If you have questions about access management or experience issues with authentication, contact the EY Security Awareness Team or IT Support for assistance.

Remember: Proper access management and strong authentication are your first line of defense against cyber threats. Stay vigilant and protect your login credentials to help keep EY secure.

 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk