29 Apr Keeping your data safe: Access Control
Cyberattacks are a commonplace today. Malware such as viruses, worms, and more recently ransomware not only corrupt your data or hold it hostage but also inflict irreversible damage on your brand and business. As a norm, most businesses these days to invest in anti-virus/cybersecurity systems. But, is that really enough? The answer is–NO. Because they often overlook one important aspect–access. Ask yourself, how easy is your data to access? How can you strengthen the walls that keep your data safe? Read this blog to find out.
Always follow a role-based access permission model–meaning people in your organization have access to ONLY the data they REALLY need. Generally, the higher the designation, the deeper the data access permission and stronger the rights. For example, someone at the executive level may not be able to edit your MIS spreadsheet, but a manager should be able to.
Formal password controls
No matter how good your cybersecurity, you need to ensure the protocols are followed at the ground level. Enforce policies regarding passwords strictly and hold violators accountable. Examples include-
- Password combinations – Ensure your staff follows the recommended best practices when selecting passwords so there are no ‘easy-to-crack’ passwords
- Password sharing – Thoroughly discourage password sharing across your organization. No matter who asks for it, passwords shouldn’t be disclosed unless authorized as per the protocols.
Don’t ignore physical security
Virtual security is a must, but so is physical security. Though there is only so much physical access controls can do in keeping your data safe in the BYOD era of today, don’t overlook this aspect. Installation of CCTV cameras on-floor, biometrics/card based access to your workspace/server rooms, etc. also have a role to play in data safety from the access perspective.
Training & reinforcement
Finally, train…train…train. You need to train your employees on the protocols for data security and access so they don’t mess up accidentally. Conduct mock drills, refresher training, follow up with quarterly audits and use positive and negative reinforcements to ensure everyone takes it seriously. Because, at the end of the day, no cybersecurity software is good enough, if the best practices related to data access are ignored.