• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Best practices for restricting access

February 12, 2015 by Secure360 and UMSA

Copyright: / 123RF Stock Photo

Copyright: / 123RF Stock Photo

According to the latest research from Ponemon, employees are data security enemy number one. The study, derived from interviews with 2,276 employees in the U.S., U.K., France and Germany, reports that 67% of IT professionals say their organization experienced the loss or theft of company data over the past 2 years and 74% of IT professionals believe that employee mistakes, negligence or malice are frequently the cause of data loss.

It is not just the IT professionals noticing a problem, either; 71% of employees believe they have access to data they shouldn’t.

Best practices for restricting access

A majority of security experts agree – IT professionals need to restrict employee access to data. There is no reason for every employee to have access to all company data. It is dangerous and illogical. The following are the best practices for restricting and controlling data access.

Practice the principle of least privilege

Too many companies operate on an “open all” policy. This policy makes data available to everyone unless you restrict access to certain documents. The policy of least privilege is the opposite. It functions like the CIA – people only have access to what they need to know or have clearance to access.

Remove privilege a needed

Employees frequently move positions within a company, so make sure their access changes with their move. In addition, don’t forget to restrict ex-employee access. According to the 2014 Intermedia SMB Rogue Access Study, 45% of former employees retained access to “confidential” or “highly confidential” data and 49% could log into ex-employer accounts.

Have a written policy

While information security rules may seem like common knowledge to you, that is not that case for many people. You need a written (and enforced) policy that spells out security restrictions so employees are not giving restricted data to those without the clearance to see it.

Give the people what they want

Your employees want an easy way to access files on multiple devices and to collaborate with their coworkers; this desire is leading to the use of personal services like Dropbox or Google Docs. To protect your data from public clouds and personal accounts, you must provide a file sharing service that’s as user-friendly but also gives IT full control over access privileges. It needs to be really user-friendly, though; employees are going to choose to use the easiest tool, whether or not it is the safest.

These are just a few security options; leave a comment below with your best data-restricting advice.

 

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Marketing Envy
    Marketing Envy: [New Blog] 2020 saw in-person conferences evaporate, but with vaccines rolling out, 2021 could be different. H… https://t.co/4YONwZNsDa
    about 6 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.