User Access

Why and how to lock down user access

Last year saw a 29% increase in the number of data breaches. If your business suffers from a data breach, you won’t just face the immediate costs of cleaning up but years of lost profits from the hit your reputation will take.

One of the most important ways to reduce the chances of a data breach is to lock down user access to important data.

1. Set user access on needs, not trust

The most important step to take is to limit what each employee has access to based on what they need to do their job not how much you trust them. This can result in pushback from employees who see restricting their access as a direct sign that you don’t trust them.

However, rogue employees aren’t your only risk. Unintentionally downloaded malware and ransomware can also pose a threat.

Use the latter scenario to explain to your employees why it’s important to restrict what they can access via their login.

2. Have a separate guest network

One of the easiest places for a hacker to gain access to your data is via your Wi-Fi. Your desktop security measures will be useless if a hacker can simply intercept the data out of the air.

Despite this, businesses often leave their networks unsecure to give their customers and other guests convenient access. If you want easy guest access, put it on a separate network with no access to your data.

Your main network should only be accessible to approved users.

3. Use a reasonable password policy

63% of data breaches involve weak or stolen passwords, so it’s important to have a strong password policy. However, if you make your password requirements too complex or require too frequent changes, you end up with employees doing things like writing their passwords on sticky notes even when they know they shouldn’t.

Like anything, it’s a balancing act of security and user convenience. But keep in mind that inconvenience can lead users to bypass security to get back convenience.

4. Rethink BYOD

You may be able to control who and what gets onto your own network, but what about your employees’ personal devices? You can’t realistically control or expect to control what they do with their own devices on their own time. This puts any company data stored on their device at additional risk.

When building your BYOD policy, you need to consider how much employees need to handle sensitive information.

BYOD can work for limited communication such as calls and off-hours emails. However, if your employees routinely need to access databases with key information, you’ll probably want to provide them with a separate, business-only device that you can lock down.

5. Set an example

No matter what security policies you put in place, your employees will follow your lead. That’s true whether you follow them to the letter or ignore your own rules.

If you want your employees to lock their computers any time they step away, they need to see your password screen if they walk into your office when you’ve stepped out. If you don’t want them sharing logins, you need to make sure that you never give or ask for passwords—if someone else needs access, have IT add an account for them.

Remember, your security policy is only as good as your users, and no amount of user access controls can change that. User access simply sets them on the right path towards good data protection habits.