Navigating Small Business Security
In small business, relationships are more direct than within larger organisations. Smaller businesses are also likely to have seen greater growth and change in shorter timeframes. Sometimes, these factors can make it hard to implement change designed to secure the business.
Dilemma: Multiple People Have Admin Access to Systems
Removing or reducing privileges to colleagues can make them feel like they’re being sidelined or downgraded. It can easily make them feel like you’ve lost trust in them.
In these scenarios, it’s important before making any changes to define clearly in a policy or plan why these changes are necessary. Share with colleagues the data security plan, intended goals and benefits. Explain that everyone is subject to the same policy or plan and get people on board.
There are two main reasons why you need to always minimise access. 1) the more users that have higher access, the more opportunities for attackers to compromise a user’s account. 2) disgruntled or inept users can do much more damage when they have higher privileges. Point 1 is the go-to when explaining changes to staff. Point 2 probably goes unspoken unless a specific issue comes to light.
Rather than strip everyone of their higher privileges, consider spreading risk and giving higher access to those users with a greater specific knowledge of a system. This maintains the sense of trust and responsibility whilst working towards the goal of minimised access.