Tailor employee access to job role requirements and reduce data theft, writes Brian Cleary, Vice President of Products and Marketing at Aveksa, access governance solution providers.
If a company’s confidential data is available to be read, odds are good that employees will access it. Businesses cannot be surprised if a data breach occurs when they haven’t taken the necessary steps to prevent one. The natural curiosity of employees to view confidential data, such as other people’s salary details, is leading to people losing their jobs or being criminally convicted if exposed. However, most of these workplace incidents are not tied to bad intentions, they may just simply be employees taking advantage of a lack of access policy controls at their companies without realising that they are breaking privacy laws and exposing their organizations to risk.
Employees must be made aware that while snooping at company information may be considered harmless to them it can have great repercussions for the company. The real fault for these problems is not with the natural curiosity of employees, but rather with the poor controls for how user access is governed at these organisations. To be effective and consistently applied, policies must be instantiated as a set of automated controls not just left on a shelf in the corporate security policy three-ring binder.
It is crucial that companies monitor, manage and mitigate access-related risk throughout the enterprise with a fully automated technology platform. An automated system must enable the organisation to adopt the principle of least privileged access to ensure that users have no more access than the minimum required to do their jobs and then instantiate policies through an automated governance platform that enforces them in a consistent manner across the entire enterprise. Business managers should also regularly review and examine user entitlements, within the context of each individual’s role to ensure their access is still necessary to do their jobs or it should be altered.
