Data access as a limiting factor for employees

Cyber and data security is vitally important to protect your business information assets including customer data from falling into the wrong hands. However, in these times of increased malicious attacks on businesses and increased coverage of these, a lot of companies are locking down their systems extremely tightly to protect them. One drawback of this can be it can limit the ability of staff to do their job.

Here are some tips on how to keep your cyber security stance secure, but without using a sledgehammer approach to locking everything down, and preventing your staff from doing their job, frustrating them, and increasing the workload on your security staff.

Implementing role-based security and access controls will simplify this for your staff, ensuring that they have access to the resources they need, and your IT knows who has access to resources.

Well defined job roles and responsibilities

Defining the responsibilities and roles of your staff will help define what systems they need access to. Doing this allows you to provision your staff access to the resources that they will need, prevent them from inadvertently being given access to information and resources that they will not need.

This will reduce the vulnerability of your systems, by better identifying those who do not need access, and not giving them access. Most importantly, it will mean that staff will not come up against blockers to their doing their job by not having access to the resources and infrastructure that they need to do their job.

Identifying exactly where data is stored

Along with the well-defined roles and responsibilities, identifying exactly where your data is stored, in which systems and on which infrastructure will help ensure your staff have access to the resources, environments, systems that they need to do their jobs. This allows you to properly build an access system based on least privilege principle without the risk of privilege creep.

Simplify authentication where possible

At many companies, staff still must have multiple usernames and passwords to access different systems within the organisation. From experience, this causes confusion and increases the likelihood that staff will need to note down their credentials somewhere, increasing the risk of this data getting breached. Password managers can help with this, but an even better approach is to implement multi-factor authentication (MFA).

MFA has evolved and matured and now is often as simple as a simple code from an authenticator app (text message is not recommended). The use of biometric authentication such as fingerprints or facial recognition, which is now more readily available on laptops, is an even simpler way to identify the user without interrupting them.

One way to help your staff reduce the number of credentials they need to remember, and to reduce the number of ways that a hacker can access your system is to implement either a Single Sign On or Federated Identity Management system, both of which provide staff with a single place where they login to many different services.

Single Sign On

Single Sign On (SSO) is allows users to access multiple web applications at once, using a single set of credentials, making it easier for users to do their job, and reducing the amount of time IT support spend on resetting accounts because staff have forgotten their password.

Federated Identity Management

Federated Identity Management (FIM) is a larger model, of which SSO makes up one part. An FIM is a set of agreements and standards that help companies and applications share identities. This also allows an FIM to operate across multiple organisations. An FIM has a central identity provider (IdP) which controls the authentication of users and identities for different service providers (SP) that a user may be trying to login to. As well as the advantage for users only having to remember one set of credentials and the benefits this brings, an FIM also benefits the business by having a central repository to store authentication credentials and user access authorisation details for multiple systems.

Document and File Sharing

Email is a large vulnerability for both malicious and inadvertent breaches of data. It is often targeted by hackers looking to gain access to your information, and prone to accidental leakage of data by mis-typing of email addresses, or wrong contacts being included. Instead of employees emailing around documents, and other important information, having a collaborative tool for storing and sharing files, such as Microsoft Teams, Slack, or Jira where they can collaborate on the source files directly, or safely share files and communications internally without the threat of it being released to external sources. This allows email to be an “external” communication tool, and “internal” communications to be done using a separate tool.

Conclusion

Security, particularly user access to information need not be a drain for staff or productivity. Investing in consolidating your authentication, knowing who needs access to what data and where that data is located are keys to this.

Having somewhere to collaborate and share documents and documentation rather than having to send it around via email will not only help mitigate risks associated with emails, but also help staff by ensuring they know they are working on the most recent document version and removing one source of inbox distraction!