According to a survey of U.S. security industry professionals, 14% of former company employees still have access to proprietary data and information—a fact that highlights critical deficiencies in company security policies. Once considered the exclusive worry of large enterprises, the proliferation of security incidents is forcing small- to midsized businesses to address vulnerabilities as well.
Whether looking at IT professionals, entrepreneurs, or employees, one thing is clear: There’s an overabundance of misappropriated access, especially when it comes to a company’s privileged, business-critical information. We’ve found that on average, companies have approximately three to five times the number of privileged accounts as they do employees, which makes managing passwords and access credentials a sizable challenge.
By taking these three simple steps, small business owners can employ a proactive approach to prevent breaches and protect vital information assets, avoiding the devastation and havoc that just one rogue employee can inflict. 1. Know who has access to privileged information. Assess who has access to what data so you can understand and manage access as appropriate. 2. Apply appropriate policies to protect sensitive information. Create an actionable plan and put it into place, applying privileged passwords and access management controls throughout each level of information. 3. Update security and access credentials regularly to monitor and maintain control. Implement a regimented program to automatically update access management and passwords so you can ensure that the right people have the right amount of control over critical information.
According to many research findings, data breaches perpetrated by insiders are approximately three times as expensive and harmful as external attacks. By adopting the right security practices, procedures, and tools, small businesses can better protect themselves, their IT systems, and their vital information.
Robert Grapes Chief Technologist Cloakware Vienna, Va.