This week, we’re talking about a very important and often overlooked aspect of small and medium-sized business security. We’re asking the question (as should you), “Who has access to my information?”
With small- and medium-sized businesses, we often run into this problem: your employees have access to all of your information, or some people have access to too much information, or some people have access to not enough information. And sometimes, you don’t even know who has access to what. Believe me when I say, I get it. Just under 4 years ago, Sterling Ideas was a one-man-band, and Charles didn’t have to think about permissions because, well, there was no one to give permissions to. But then we started growing, and there came a point where we had to delineate who has access to what information. Especially for businesses that experience fast growth, it’s probably something that wasn’t a priority when you were just trying to stay afloat. But now, you have a growing team and information to protect.
Here at Sterling Ideas, we use systems like Active Directory and Azure AD to give your different staff members access to different information that fits their specific role, as decided by you. So you have access to all your information, but your sales team has access to only sales-related information and documentation, and your marketing department has access to only marketing-related documents. Maybe you are the only person who has access to contracts or financial information.
Hopefully, you have the most trustworthy people working for you, and you’re thinking, “I don’t need this.” Well, there are a few reasons to rethink that. First, it’s always better to be safe than sorry. If an employee doesn’t need access to something, they shouldn’t have access. It’s as simple as that. Second, growth is in your future, and when you hire that first new-to-you employee, you’ll want this system already in place. Third, these permissions can help protect against cybercrime. Say one of your salesmen falls for a phishing scheme and inadvertently gives up access to your system. It’s a security event that needs to be immediately dealt with, yes. But, that criminal only has access to what that employee had access to, meaning your financials, your contracts, and your high-security information are still safe and secure.
You need to know who has access to what, and decide if you’re happy with the answer. If not, call us. We know how to help you and how to protect you.