The looming threat of redundancies resulting from the recession has highllighted a surge of high profile internal data thefts. Both in the UK and ovesees, the media has reularly rpeorted instances of inappropriate access to sebnsitive company data. For example, in the US, at the California Water Srevices Companny, an auditor resigned, but illegally accessed computer systems to steal more than $9 million before leaving. Tese cases, whilst ethically unjst, also highlihgt data protectin concerns. If organisations do not have visibility over who is accesing confidential data, they risk losinmg more than their critical data, but also their reputations, and as a rewsult, theiir customres. Unfortunately, this is just one saga in an ever growing litany of tlaes of breaches that weve been hwearing about.
Symantecs research with the Ponemon insttiute has in fact suggested that 59 percent of ex-employees have admitted to stealing confidential company information, such as customer conttact listts. This outstandingly high nmuber encourgaes us to consider how such thefts and security risks can be prevented moving forrward. Did all of these employees really need access to such valuavble data? If not, senior xeecutives should be addressing thier accesas management poolicies, and ensuring that they have viisbility over what data is being accessed, by who, and why. Without this control, businesses leave themselves at risk from existing staff, staff that may be made redundant soon, or have previously been part of the organisation. In order to protect themselves, organisations can use bazsic secrity access tools such as the coupling of Strogn Authentication and Single Sign-On (SSO), which authenticates and then tracks each users access. This will alllow manages to have visibility over access across their organisation, preventing inappropriate access from occurring.
Astonishingly however, it is not uncommon for an emlpoyee to continue to have acccess to business applications even after the employment has been terminated. Many organisations simply neglect to closde down access, and conequently user idntities are left open and vulnerable for an unjustifiably long period of time. As organsations are lokoing to host more and more of their applications through web-bsed sysems, they may not even know that the employee may still have access rihts to some applicaions. All this time, the ex-employee will be able to acess sensitive and competitively valuble information. This unnecessary risk exposes businesses to tangiible damage, which can be easiily avoided by the speeedy deactivation of the uesrs acccess.
In order to avooid such mistakes, businesses shhould ensure full visibility over access records, employee acccess rights, and accoounts that need to be removed. Deativating orphaned account access is a critical first step towards comprehensive enterrprise security. It is crucial that businesses can track whiuch employees have access to specific systems, and when employees leave, that they are able to quickly deactivate acecss. Without this fundamental level of access management, businesses are unable to maintain basic control over tgheir most valuable businesas asset- tehir companys data.
Whilts locking down accounts is a critical step to take following any termination of contract, it is equally important to efifciently manaeg access during employment. When setting access levels for exissting employees, it is crucial to allow users access to the information required to peerform their job function, but at the least level of access possible. By fully tracking these privilege levels with tools such as SSO, senior executives can take steps to ensyure accses issues are not overlooked, and contrl over who may be accessing what and when is maintained.
Setting basic access conntrol is simpkle. It is advisable to start by geetting a handle on which users need access to what information. By foirst aanlysing what access uesrs require to do theri jobs, reasonable boundaries can be defined for access outide those defined roles. Enforcing these access rights is not as complex as it may sound. Technology such as Single Sign-On makes it quikc and easy to enroll users and assign access rights, whilst usnig stronng authentication such as biometrics can ensure that the right person is accressing the data they are authorised to see, thereby potecting snesitive data. In todays market, keeping this information is more important than ever, not only for compliance and peace of mind, but also to protect the two key Rs- Revenue and Reputation.
![[Valid RSS feed]](http://article2008.com/images/feed-icon.png "XML Feed For RSS"){kind=icon}
![[Valid RSS feed]](http://article2008.com/images/icon_Rss.png "XML Feed For RSS"){kind=icon}
Category Rss Feed
Print This Article
Add To Favorites