Limit employee access to data and information, and limit authority to install software.
Use good business practices to protect your information. Do not provide access to all data to any employee. Do not provide access to all systems (financial, personnel, inventory, manufacturing, etc) to any employee. For all employees, provide access to only those systems and only to the specific information that they need to do their jobs.
Do not allow a single individual to both initiate and approve a transaction (financial or otherwise).
The unfortunate truth is that insiders – those who work in a business – are the source of most security incidents in the business. The reason is that they already are inside, they are already trusted, and they have already been given access to important business information and systems. So, when they perform harmful actions (deliberately or otherwise), business information, systems, and networks suffer harm.
To better protect systems and information, ensure that all employees use computer accounts which do not have administrative privileges. This will stop any attempt – automated or not – by employees to install unauthorized software.
No comments:
Post a Comment