Here's a piece from SecurityWeek:
IT Workers Believe Employees Would Sell Company Data if Price is Right: Survey
"Fifty-two percent admit their employees have read or seen company documents they should not have had access to, and more than 50 percent of the respondents have experienced situations where terminated employees tried to access company data or applications after they left the organization."
I can't say I find this surprising. This is why it is vital SMB's take the time to discover and audit file shares. The "Principle of least privilege" should always be implemented when determining who has access to a resource. If an employee doesn't require access to a file/folder to perform their duties they should not have access to it. This is also applicable to systems, databases, applications and so on. It is well worth the time to regularly review employee access needs to various company resources.
Another issue this shows SMB's need to be concerned with is user lifecycle management. No matter the size of your organiation you should have a process in place to immediately revoke all access to an employee that has left the company. The last thing you need is a former employee having access to your data for any length of time.
No comments:
Post a Comment