Why You Should Review Your Staff’s Data Access
As a growing business in a fast-paced industry ourselves, we love a review.
Change is constant. Whether that’s the environment of the industry you’re in, the development in technologies, and even the shift in numbers in your teams.
Having a review simply lays out everything on the matter, allowing you to tie up some loose ends and tighten up your procedures.
When it comes to your IT, one matter that needs to be reviewed is your staff’s access.
Now think about your business for a moment – do you know who has access to which documents? Or can everyone access everything?
If you’re nodding at the latter (or grimacing, as you should be), you may need to make some changes…
Whilst you might trust your teams, one thing you need to understand is that the more people that have access to your business documents, the less secure they are.
We’re not saying that Dave from Sales is going to leak your accounts just because he has access to them. We’re saying that Dave is simply human, and human error is your biggest threat.
Dave vs. Malware
Let’s stick with Dave from Sales (apologies to any Dave’s out there).
Dave opens an email – a very convincing email – supposedly from a supplier.
It’s asking him to download a file which, of course, he does because it’s from a supplier!
What Dave didn’t notice was that the email address was spelt differently, and the email signature was odd. So now the document has downloaded, and malware has infected Dave’s device.
“Surely he has noticed now?!”
Because the email looked ‘normal’ to Dave, he thought nothing of it.
The malware is now slowly working in the background, accessing and copying all of the files Dave has access to. Which, if we didn’t make it clear before, is everything.
Sure, if you have a proactive and quick-thinking IT partner, the malware may be caught early before it reaches your network. However, if the data is available on Dave’s device in the first place, you’re unfortunately already pretty exposed.
Although, it’s not always malware
Again, we must preach, Dave is not a bad guy.
What he did was not done maliciously. It was a simple mistake that caused a huge data breach, all because he had access to things he didn’t need.
Still, that doesn’t mean one day you may have a malicious employee who will steal your valuable data if they have access to it.
By giving everyone too many privileges, you’re making it far too easy for problems like these to occur.
Review it and Write it Down
These are the exact reasons we like to suggest a review.
Sit down with a brew and work out exactly who needs access to what. Give them access to the files, folders and documents they need to do their job, and restrict it for absolutely everything else.
Keep it documented and even have the chat with your IT partner if you’re unsure.
We work alongside businesses with all sorts of workflows and structures. A few simple questions to figure out exactly what your people need to benefit or complete their roles, and you are set.
Once you have your detailed document and stick to regular reviews, there is a lot less to think about meaning that the next time is much simpler and worth your while.
There are many precautions you can take to prevent problems like this from happening, such as implementing security software, email security software and encryption.
Restricting access is a good place to start, though.
So, if you need a hand or any more advice with regards to your access rights or general cyber security, get in touch with the Bespoke Computing team, and we would be happy to go through your options and support you.