What we want to talk about is reviewing who in your business has access to which documents. Do you know who has access to your documents? Or can everyone access everything?
You may need to make some changes. You see, the more people that have access to your business documents, the less secure they are. Let’s imagine for a moment, that one of your people opens a very convincing email, supposedly from a supplier. The email contains a document to download, which they do, because it’s from a supplier, right? They can trust it. What your employee didn’t notice was that the email signature was missing, or that the email address wasn’t the same as it usually is. And the document they downloaded has now installed malware on their device. They don’t notice the malware because it all looked legit and nothing obvious has happened. They continue their working day unaware. While they’re working, the malware is working too, in the background. It’s accessing and copying all of the data that your employee has access to. You might get lucky and stop this malware before it enters your network and takes everything, but if your employee already has access to everything, well, it’s gone.
Although this isn’t a malicious act on behalf of the employee, they’ve essentially caused a huge data breach that could kill your business. And this scenario doesn’t even need the malware to become a reality. One day a member of your team might decide they’d like to make a little money by stealing your valuable data. By giving everyone access to everything, you’re making it too easy for them.
So, if you haven’t already done this, I suggest that this week you make it a priority to sit down and work out who needs access to which files and documents and restrict access to absolutely everything. Keep your own document detailing who has access to what. And update it whenever anyone joins the business or changes roles. This is also a great way of protecting your data when somebody leaves, because you can see exactly what you need to revoke access to.
If you already restrict access, when was the last time you reviewed it? Are people able to access files they no longer need? And are there people who could benefit from access to more documents to complete their role?
Yes, that’s a lot to think about. But once you have a detailed document to work from, regular reviews are pretty simple and definitely worth your time.