News

Do you lock the bathroom door, even when there’s no one else home?

Do you lock the bathroom door, even when there’s no one else home?

I’m betting that you do, but only because those of us involved in Information Security tend to be careful “belt and braces” sort of people. I’d expect you to be just as careful regarding your passwords: not writing them down, never “lending” them to a colleague or using the same password for all your accounts. But can you say the same about all your employees?

How quickly do you cancel the access rights for employees who are leaving? As soon as they hand in their resignation? On the day they leave? Within a month or two (who cares they are not actually in the building so cannot access anything anyway)?

When someone starts work, how carefully do you study what rights they are granted? Only on a case by case basis, and only if they definitely need that access to do their job? Do you copy across the rights their predecessor had? Do you copy the standard for their whole department?

When someone moves job role or department, do you reassess their access rights? Add the additional ones they will need, but leave their existing rights so they can assist their replacement for the next few weeks/months/years?

You see where I’m going with this. There are so many changes required every week in any large organisation, just to keep everything ticking along, enabling everyone to continue doing the jobs they need to do and controlled by quite a few people in different locations and departments. My question now changes. Do they lock the bathroom door when there’s no one else home?

If you want to see a brilliant way of analysing the access rights across your entire organisation, that can be up and running within days, able to re-evaluate every week or month to keep on top of the situation and give you peace of mind, then contact me to request a 20-minute web-demo of Idax Analytics.