Data security and privacy is not just a concern for large companies as it is crucial item for every business to consider. Imagine a scenario where a simple slip-up with sensitive information could lead to significant financial loss, damage to your reputation and / or legal issues. This can be scary, but do not worry, because you can safeguard your business by turning your employees into human firewalls. Here are some ways on how to do this: Continue reading
Shiny new technology can be exciting for some people but can scare others! In todays world, new tech can be a must to stay competitive and it increased efficiency, happier employees and a competitive edge. That promise can turn into a financial nightmare if employees can’t use their technology. This can then cause productivity to drop, mistakes and customer service to fall. This blog shows the common staff technology issues as provides solutions. Continue reading
Prioritize data security when employees leave Businesses need to expect that one in five of their employees to leave in an average year. You can be doing all you can to retain your people, but what are you doing to protect company data when some do leave? Our eBook, 8 Steps Protect Your Company Data when People Leave explores:
Our latest eBook shares strategies to help fight employee turnover in the first place and also .
Click here to download our eBook on “8 Steps To Protect Company Data When People Leave”.
It is a sad but true fact that your employees are your number one cyber-security threat.
They are often the main gateway through which hackers gain their way into your business. All it takes, is one staff member clicking on one wrong link in an email, for cyber-criminals to get in. Continue reading
When considering IT threats to your business many articles focus on external sources such as hackers. While these dangers are real, in many cases, the largest threat to a firm comes from inside the business itself.
Staff often have trusted access and a detailed working knowledge of the organisation from the inside. Employees therefore deserve the largest security consideration when designing a safe and secure business system.
It is important to first distinguish the type of employee we want to defend against. For this article we do not mean a model employee accidentally opening a malicious email or attachment (that relates to a different kind of threat). Rather, a disgruntled employee seeking to do damage to your business. An employee who may wish to destroy services or steal clients and files from your firm.
Security Policy
A lot of firms grant employees system-wide permissions. While this can make things appear simple, it is opening the business to future risks.
Private and confidential information relating to the business should be restricted. Many types of files need to remain confidential, often as a legal or privacy requirement. Human resource files, salary information, and employee documents should be limited to only a select few employees. Yet many businesses keep confidential information in public places on the network.
Granting system-wide read and write access can appear to save time in the short term. It is, however, opening up your business for potentially legal troubles in the future.
The Principle of Least Privilege
The principle of least privilege is a vital tool in helping you to handle internal IT security. It defines a security policy which ensures your staff can access only the resources, systems and data they require to carry out their job.
The policy protects the business from many different types of threats. Even where malicious attachments have been opened by accident, the damage is limited only to the areas that employee has access to. This results in contained damage, less time needed for data restoration and reduced downtime for the firm.
Along with limiting accidental damage, employees looking to destroy or steal data are limited. With restricted access, an employee with a grudge or profit motivation can only damage or steal from their own area of operation. This helps to ensure that no single employee can damage the entire firm’s operations.
Security Policy In Practice
A member of staff within Human Resources, for example, may have access to the employee database (as it relates to their job). This will likely include payroll information and other sensitive data. But this same member of staff would have no need to access sensitive client data, such as sales information in normal working conditions.
Likewise, a staff member from the sales department should have no need for accessing sensitive HR records.
Using the principle of least privilege, each employee will only have full access to systems that are directly related to their role. Similarly, some systems may be visible to a wider group of staff members even if they can only be edited or deleted by one or two people.
In some cases, a security policy may be defined by finer details than a person’s role within the business. For example an HR employee should not be able to edit their own file to change salary information. An employee file might only be edited by their superiors in such a case.
Additional parameters can be used to assign privileges to enable the business hierarchy to work within the IT network. Seniority, physical location, and time are all examples of factors that can restrict access to critical systems and secure data.
We can tailor your network to your business, locking down your data to ensure data is only accessed on an “as needed” basis. Contact us now on 08 8326 4364 or su*****@dp*********.au.