What is a break glass account?

Posted on October 27, 2023 by Louise Howland

When you’re creating your business recovery and contingency plans, you may have considered emergency contact numbers and client communications. You’ll have documented who your key point of contact can be, making sure line managers have their employees’ phone numbers as well as how you’ll let your customers know you’re having system issues.

But have you thought about how you can get back into your digital systems during an emergency, like a cyber-attack? That’s where a break glass account, sometimes called an emergency access account, comes in. Like a fire alarm, a break glass account is a global admin account that allows you to gain access to your emails again.

What is a break glass account?

A break glass account is an account that is only accessible in an emergency situation, like a cyber-attack. It’s a global admin account that can help to restore access to your employees and your clients once any threats have been removed. The credentials associated with it are hidden from most users, stored in a safe place and are only available to certain people in case of an emergency.

A break glass account will often use multi-factor authentication methods that aren’t reliant on WiFi access or phone service being available, as well as methods that aren’t linked to any one employee such as a code that is sent to one person’s phone number. You need a method that anyone can use, regardless of where they are in the world.

It’s called a break glass account as a reference to fire alarms that are locked behind a screen saying, “break glass in case of emergency.” Essentially, you only break the glass when it’s necessary to. This name refers to the situations where you would need a break glass account, namely emergency access in the case of a serious situation.

Why do you need a break glass account?

A break glass account is useful when there’s a cell phone tower outage, a natural disaster, such as flooding or a fire, or a cyber-attack. If you cannot access the rest of your accounts on Microsoft 365 or other major platforms, a break glass account with global admin privileges helps you gain access and recover any other affected accounts.

You might also use a break glass account in the case of a global admin leaving suddenly, allowing someone else to access tasks or documents associated with the role. Global admins are ones with access to absolutely everything in Microsoft 365, Google Workspace or a similar system.

No matter the size or industry, a break glass account is essential for any company. For your clients, a break glass account enables business continuity and the levels of customer service you pride yourself on. Just like fire alarms in an office or carbon monoxide alarms in your home, a break glass account helps you to identify issues and fix them quickly without the need for painful recovery processes.

Considerations for a break glass account

There are many things you and your IT and cybersecurity support provider should consider when creating a break glass account. Here are just some of the areas we work through when creating break glass accounts with clients:

1. Don’t associate the account with any one user

Key people within your business can leave suddenly, which could leave you short-handed and without access to important files. Having your entire IT infrastructure reliant on a single person is never a good idea and only leaves you prone to serious issues.

Your break glass should be completely separate from any user. It also shouldn’t follow a standard naming pattern, for example, first name last name email addresses, to avoid a cybercriminal being able to deduce the account pattern and break in.

2. Exclude the account from any organisation-wide policies

Most organisations will have a variety of Microsoft 365 and Azure policies in place designed to help enforce best practices. These are often things like multi-factor authentication, stopping unusual logins, or account timeouts after idle periods. To prevent any issues during an emergency, you should ask your IT provider to exclude the account from any policies that could impact the function of the break glass account.

3. Create more than one

Depending on the size of your organisation, you may want more than one break glass account. This way, you have a fail-safe for the fail-safe, and it can never hurt to be more than prepared. It may seem like overkill but having these two core accounts with shared responsibility across the organisation reduces the risk of you losing considerable data and business time. It’s the same principle as the heir to the throne, Prince William, and his son, George, technically not being allowed on the same plane or mode of travel due to the risk of losing an heir.

4. Have a login monitor

While you don’t want to restrict the logins of a break glass account, it’s a good idea to monitor any logins to prevent unwanted access. If an ex-employee knows the logins and chooses to use them maliciously, you’ll want to know that the break glass account has been accessed. It’s the same as the fire alarm going off when the button is pressed; it alerts everyone to the ongoing issue.

5. Once used, change the password

Once you’ve had to access and use the break glass account, it’s really important to change the password. Just like you’d have to reset an alarm system after it was triggered, the same principles should apply to your break glass account.

Who should have access to your break glass account?

As well as key members of your business, you should share access with your cybersecurity partner or IT support provider so they can help you recover your systems should the worst happen. Break glass accounts should be shared sensibly with senior members of the company, as well as people who are IT savvy or hired IT professionals.

Are you looking to strengthen your business continuity processes?

Here at ramsac, we work with many businesses just like yours that want to create a strong disaster recovery process. We help create a robust recovery plan, as well as aid you in recovery if disaster does strike.

Speak to us today about how we can help you to create a strong disaster recovery process.

Related Posts

  • What is cybersecurity monitoring? How important is it in 2024?
    April 29th, 2024

    What is cybersecurity monitoring? How important is it in 2024?

    Cybersecurity

    Cybersecurity monitoring is the continuous surveillance of digital systems to detect and respond to security threats and data breaches in real-time. Discover how cybersecurity monitoring software can protect your [...]

    Read article

  • Examples of sensitive data in your organisation
    April 26th, 2024

    Examples of sensitive data in your organisation

    Cybersecurity

    Any confidential information that’s stored, processed, or managed by an organisation or individual is classified as sensitive data. Read our sensitive data examples today. [...]

    Read article

  • How to set up a secure password policy in Microsoft 365
    March 6th, 2024

    How to set up a secure password policy in Microsoft 365

    Cybersecurity

    Discover the essentials of a robust password policy for cybersecurity in Microsoft 365. Learn what to include and what to avoid. Read the blog today. [...]

    Read article

  • A guide to sensitivity labels and how to apply them
    March 4th, 2024

    A guide to sensitivity labels and how to apply them

    Cybersecurity

    Sensitivity labels allow you to manage, organise, and protect sensitive emails, files, and documents as part of the Microsoft 365 suite. Read on. [...]

    Read article

  • MFA vs 2FA: What’s the Difference?
    March 1st, 2024

    MFA vs 2FA: What’s the Difference?

    Cybersecurity

    Features like user facial recognition that are difficult to replicate means multi-factor authentication offers more cybersecurity layers than two-factor authentication. Find out more. [...]

    Read article

  • Happy Birthday secure+: How our cybersecurity solution has detected over 8000 cybersecurity alerts in one year
    February 23rd, 2024

    Happy Birthday secure+: How our cybersecurity solution has detected over 8000 cybersecurity alerts in one year

    Cybersecurity

    secure+ has detected and responded to over 8000 security alerts in its first year [...]

    Read article