There are always positions in an organization where people come and go alike a revolving door. These high turnover positions are often ones that are critical to the organization but for reasons like high stress or commission bases they tend to be filled and refilled very often. The question for an IT professional is how to deal with the constant turn over in terms of information security. Because sales force and other tools require a certain level of access, having a game plan in place to deal with high turn over positions is a very good idea. Here are some basic ideas to make life a little easier.
Create generic email accounts which can be accessed by a larger group of individuals. This can be done very easily and is a simple way to avoid having to personalize email accounts, and reduces the amount of work required to remove an individual from the system once the position turns. Generic email accounts can include things like email@example.com or firstname.lastname@example.org where the account itself is generic enough for everyone to remember and access is easily granted or denied. In order to facilitate a lack of confusion, when one or more people are using this account folders can be set up with specific mail rules, permitting emails to be directed to a specific folder. When a person leaves the organization it becomes far easier to simply change the one password on the account and have instant access to all their data than to individualize which takes longer and costs more money. Another easy way to do this is to have an outsourced technical services company that can handle this set up and take down for you – with just an email or a phone call.
Use of a cloud server with shared documents is another way to protect information and give high turnover positions access to it as well. Giving certain users limited access to certain documents and ensuring that they only have read access on critical documents makes it far easier to remove the person from the system once they are no longer in place. Use of a cloud server also allows for other users, more permanent ones, to quickly ascertain where the documents are being saved and stored, and download them as needed. Use of a cloud creates a central database that the management or IT professionals can access from anywhere, at any time, giving them the flexibility to ensure that the work being done remains in the company’s possession and property long after the high turnover position has been filled and refilled. Additionally cloud servers can allow the user to edit data in a document without giving them permission to actually download it, increasing the safety measures significantly.
Personalized access to computer systems, including files of a sensitive nature, should never be given to an employee without tenure. In today’s world, with a lot of inexpensive assistance available on the technical side of things, it makes sense to restrict access for employees until they have been in a position for a certain length of time and their tenure is more assured. A good IT professional or outsourced company can easily increase the levels of access granted to a person by stages, based on tenure and the requirements of the job being performed. Having these kinds of protocols in place allows for high turnover positions to never have unlimited or unfettered access to documents until they are no longer high turnover.
A fundamental mistake that many companies, large and small, make is to over train their employees and give them access to way too much information very early on. With a very well educated work force becoming the norm, giving a new employee significant training on company systems can be detrimental. With a little knowledge and a lot of training an employee can access pretty much anything on the company systems that has not been locked down. It becomes essential then, to have a balance between training the new person enough so that they are competent in their job but not so much that they can sell all your company information to the competition. Essential functions like logging on, basic searches, saving, and printing should consist of the core of the early training. For jobs that require more technical skills a detailed training platform, in stages, is a great idea.
Finally one recommendation for all companies is to have a default password reset timer. In other words passwords should expire once every so often, usually every 30 to 90 days, and the user will need to reset their password. This avoids a situation where the same old passwords will be in place for a long period of time, exposing the company to a potential breach.
Security and making sure your data is safe is one of the most important functions of an IT professional. Sometimes getting a quote for an external solution may provide better, cheaper and more nimble options and is well worth the effort of finding the right solutions.