Off limit: controlling employee information access
In today’s corporate environment, protecting invisible assets such as information is just as important as protecting physical assets. Companies should safeguard sensitive information by investing in a good identity access management system (IAM) that controls employees’ data access rights, whether they are working in the office or remotely. For businesses today, looking after their data means looking after their reputation.
To limit the chances of sensitive information falling into the wrong hands, most companies have IAM systems assigned to their IT networks. IAMs are security systems that give employees access via their computers to job-related resources and applications. Restrictions are also in place to prevent workers from accessing information that has no relevance to their specific roles.
We are moving to a "dual-use environment" in which people use devices, laptops or mobile phones for both corporate and personal use.
We’ve worked with a number of companies that have paid the price for not establishing clear data boundaries.
For example, one human resources (HR) employee created a fictitious worker on his company’s database. He then added his own bank account details to the non-existent staff member’s profile to claim a second monthly salary. The fraudster was authorized to access many company databases, enabling him to carry out the deception.
Some businesses have no choice but to establish IAM systems to satisfy a regulatory requirement. One example is ING Direct Australia, which, in 2011, implemented an IAM system to limit the number of employees with unverified access to core banking networks and applications.*
Some two months after setting out to improve its IAM system, the financial institute was able to control access rights to business policies, manage risk and remove the possibility of a rogue employee gaining access to financial records.
ING’s success illustrates the importance of investing in high-quality IAM software. Not only does it enable companies to comply with regulatory guidelines regarding access rights, it also gives them peace of mind about the security of their data. In an age when information is a company’s most valuable asset, maintaining control over it is more important than ever.
The complete article was written by:
Read the full article817.08 kB