Sometimes we share too much!!!
Today we are looking at permissions and access to company resources/data.
Sounds riveting right?
Well, it’s something that as a business owner or manager you MUST be on top of and here’s why.
Giving too much access to your team runs you at a higher risk of data breaches, privacy breaches and data destruction.
Here’s an example of something we see in small businesses.
To make things easier for their team data has been pooled into a single shared drive. This drive has been shared with all staff.
The drive contains:
- Client contact details
- Accounting files
- Design files
- Product details and media
- HR / personnel files.
When a staff member’s account is ‘hacked’ or their laptop is stolen, that business has not just had a smaller contained amount of data being stolen, they have now lost the lot!
They will now have to notify their clients of a privacy breach and seriously hope that it doesn’t put them out of business due to reputation damage – it has happened!!
The ironic part is that mitigating these risks is actually very easy.
All you have to do is:
- Have a clear understanding of what data/resources are in your organisation.
- Know who needs access to what resource.
- Structure your data in a logical way.
- When setting up a user account only share the relevant files.
This is exactly what larger organisations do – they group people into departments and the IT Team puts a structure place to restrict access only to relevant data.
Accounting team has accounting access, HR team has HR access and Design team has Design access so on.
It’s not a question of trust, it is a risk mitigation 101.
So, next time you are setting up an account for a new staff member have a think about what is at stake.
If you would like any advice about how to better control your company’s resources and security, we’re here to help.
Get in touch.
