SOLID Business
Automation Blog

Filter by Category
Filter by Category

3 Things About Access Control You May Not Have Known

Access Control is all about security. And the best approach to security is to have multiple secure layers. Access Control is just one of those layers (albeit the first).

Think about a house: Before you can snoop around the bedroom cupboard you have to get through the front gate - Access is that front gate.

You’ve got lots to protect - customer and business data is your most valuable asset. Investing in great, robust security for your business software should be a priority.

There has very recently been a string of highly publicised security breaches at major global companies such as Sony Pictures Entertainment, Home Depot and eBay (to name a few). These just go to prove that no one is immune. 

To help you understand what Access Control is and why it’s so important, we’ve put together a few key facts:

1.You decide who can see what

Access Control is the process of granting specific users access to your business applications. You choose who you grant access rights to - and what those individuals can see. This is most often achieved through a ‘Roles and Responsibilities’ mechanism where each role is entitled to access a different portion of your system. 

  • This ensures that the right people are seeing the right data. This makes their life easier by giving them the info they need without the clutter of stuff they don’t need

  • Only a few people will have the rights to see everything - fewer eyeballs = lower risk

Access rights are often controlled by a central (or group of) power admin users who are able to grant and deny access to users as requested.

2. Built-in accountability

By granting approved users access rights, you can record their activity log/change log through your system. This creates and auditable trail of recorded activity to trace exactly what an individual has viewed and most importantly, edited.

  • Users, knowing that all their activity is recorded and available for audit, become 100% accountable for their actions

  • It is easier to identify users who have incorrectly altered records and those that have made genuine mistakes

  • Records can be used as evidence should you need to escalate an incident to HR or the authorities

Recording user activity is as much about protecting your employees as it’s about protecting yourself.

3. 2-Factor Authentication Enhancements

A username and password combination grants you access to essential business systems. But we’re human and passwords alone are notoriously insecure. We use easily guessed combinations or silly repeated numbers.

I totally understand why though - we all have to remember multiple combinations for a significant number of websites and software applications. Thankfully apps such as Password Safe and LastPass exist to help us out. There is a real danger to using the same password for everything too, further emphasising the need for a secure 'password locker'. 

The bottom line is this: Passwords alone are not secure enough.

Access control with a form of 2-factor authentication mitigates this risk and is a great way to include an additional layer of security. This is most often achieved through a OTP (One Time Pin) sent as a text message/SMS or email at every login attempt. Users need to include the OTP as a secondary user authentication each time they login. OTP’s can also be used within an application to provide an additional level of security to sensitive operations.

Tip: Make sure your current passwords are not on this list.


Summary

Your customer and business data is your most valuable asset and protecting it is essential. 

A layered approach to security is the most robust solution and Access Control is the first layer of defence.

  1. You decide who sees what through assigning roles and responsibilities

  2. Built-in accountability where your software records all user activity

  3. Secure yourself even further with 2-factor authentication

Let me be clear though - there is no security solution on the planet that can guarantee 100% success. Protecting yourself in layers makes it harder and more complicated for all but the most professional/determined hackers to gain entrance - and roots out the ‘crime of opportunity’ thieves. Here's a great post on How to Reduce Business Data Risk & increase data security & compliance.

To find out more about Automation and the benefits it can bring to your business, download our eBook: An Executive's Guide to Automation.

 

Download | An Executive's Guide to Automation

9 Signs You Need Help With Efficiency
11 Things We All Hate About Customer Portals

About Author

Annette Gardner
Annette Gardner

I’m a Marketing lover that believes in affecting inbound marketing with great content and beautiful design. I also love Pizza and Coffee - in no particular order.

Related Posts
How to Reduce Business Data Risk & increase data security & compliance
How to Reduce Business Data Risk & increase data security & compliance
Two-Factor Authentication: Why You Should be Using It
Two-Factor Authentication: Why You Should be Using It
The Essential Role of Employee Training in Data Security (+practical tips)
The Essential Role of Employee Training in Data Security (+practical tips)

Comment

Subscribe To Blog

Subscribe to Email Updates