Access Control is all about security. And the best approach to security is to have multiple secure layers. Access Control is just one of those layers (albeit the first).
Think about a house: Before you can snoop around the bedroom cupboard you have to get through the front gate - Access is that front gate.
You’ve got lots to protect - customer and business data is your most valuable asset. Investing in great, robust security for your business software should be a priority.
There has very recently been a string of highly publicised security breaches at major global companies such as Sony Pictures Entertainment, Home Depot and eBay (to name a few). These just go to prove that no one is immune.
To help you understand what Access Control is and why it’s so important, we’ve put together a few key facts:
1.You decide who can see what
Access Control is the process of granting specific users access to your business applications. You choose who you grant access rights to - and what those individuals can see. This is most often achieved through a ‘Roles and Responsibilities’ mechanism where each role is entitled to access a different portion of your system.
This ensures that the right people are seeing the right data. This makes their life easier by giving them the info they need without the clutter of stuff they don’t need
Only a few people will have the rights to see everything - fewer eyeballs = lower risk
Access rights are often controlled by a central (or group of) power admin users who are able to grant and deny access to users as requested.
2. Built-in accountability
By granting approved users access rights, you can record their activity log/change log through your system. This creates and auditable trail of recorded activity to trace exactly what an individual has viewed and most importantly, edited.
Users, knowing that all their activity is recorded and available for audit, become 100% accountable for their actions
It is easier to identify users who have incorrectly altered records and those that have made genuine mistakes
Records can be used as evidence should you need to escalate an incident to HR or the authorities
Recording user activity is as much about protecting your employees as it’s about protecting yourself.
3. 2-Factor Authentication Enhancements
A username and password combination grants you access to essential business systems. But we’re human and passwords alone are notoriously insecure. We use easily guessed combinations or silly repeated numbers.
I totally understand why though - we all have to remember multiple combinations for a significant number of websites and software applications. Thankfully apps such as Password Safe and LastPass exist to help us out. There is a real danger to using the same password for everything too, further emphasizing the need for a secure 'password locker'.
The bottom line is this: Passwords alone are not secure enough.
Access control with a form of 2-factor authentication mitigates this risk and is a great way to include an additional layer of security. This is most often achieved through a OTP (One Time Pin) sent as a text message/SMS or email at every login attempt. Users need to include the OTP as a secondary user authentication each time they login. OTP’s can also be used within an application to provide an additional level of security to sensitive operations.
Tip: Make sure your current passwords are not on this list.
Your customer and business data is your most valuable asset and protecting it is essential.
A layered approach to security is the most robust solution and Access Control is the first layer of defence.
You decide who sees what through assigning roles and responsibilities
Built-in accountability where your software records all user activity
Secure yourself even further with 2-factor authentication
Let me be clear though - there is no security solution on the planet that can guarantee 100% success. Protecting yourself in layers makes it harder and more complicated for all but the most professional/determined hackers to gain entrance - and roots out the ‘crime of opportunity’ thieves.
To find out more about Automation and the benefits it can bring toyour business, download our eBook: An Executive's Guide to Automation.