“a special right, advantage, or immunity granted or available only to a particular person or group.” That is the definition of a privilege. In a business setting, the staff members certainly have privileges that others do not, and rightly so. It would be hard for them to work otherwise. When it comes to IT though, sometimes they have some privileges they don’t need. Some they might even be better off without. We are going to take a look at a few classic examples of dangerous staff privileges in business IT environments.
Access to departmental files and folders
Lots of businesses make use of departments. You have accounts, HR, IT, marketing, etc. In most cases, there is no need for all files to be accessible by all employees. In misconfigured environments however, this is all-too-often the case. This causes problems in a number of cases. In the event of a malware infection, improperly secured permissions increases the chance of data loss, for example.
Lack of permissions
On the flip side, sometimes employees don’t have access to the files they need. If an organisation is too draconian with their permissions, it can lead to a situation where whenever somebody needs any file at all, they have to jump through hoops to get access to it. Obviously this is detrimental to time and productivity, and it is best to avoid this sort of setup.
Accidental user deletion.
According to Murphy’s, if it can happen, it will happen. When it comes to catastrophic user error in your IT setup, this is not a good thing. In some cases, businesses set all of their users up with administrative permissions. Maybe to circumvent permission issues in their old, proprietary software. With this decision comes the risk that a single user could accidentally cause irreversible damage to your business if they don’t know what they are doing (and you don’t have properly configured backups)
In most businesses, the server is where the magic happens, or where it is stored after it happens, anyway. Servers are designed to be running pretty much all the time, and a lot of business critical operations depend on them. In the event where a server is shut down at the wrong time, it can have far reaching and expensive consequences. It is important that only the appropriate people have easy access to the power controls for the server, lest someone shuts it down at the end of the day to save power.
In business situations where private data is a cause for concern, it is important to have proper permissions in place to stop people from accessing files which they shouldn’t be looking at. Having a proper permission structure may seem boring and bureaucratic, but it is the first line of defence protecting your data.
In our next articles we will take a closer look at each of these points. Stay tuned to make sure you aren’t making any of these mistakes in your business.