Sys admins have to ensure that the security policies they adopt are sensible and strict without compromising the effectiveness of the business. It is pointless locking down everyone’s access rights too far because users will find ways round it by sharing passwords and work-rounds to avoid the restrictions.
With careful planning and communication with the user base you can create a secure and usable system that will safeguard the integrity of the system without choking a business to death.
System security is a big subject so I’ll take a small example to illustrate how a sensible approach can ensure everyone is (reasonably) happy, directory security.
It’s never been easier to create and share data securely on your network. In doing so it is easy to allow everyone full access to everything when your enterprise is small. As a business grows and the need to restrict access to data increases you can become acutely aware that planning for growth is something that needs to be done from the first time you add a user.
We would recommend:
- Share documents from a server, not between desktop PCs. On a PC they are difficult to back up, impossible to secure and can lead to the creation of multiple copies of documents far more easily than if the documents are stored on a server. Multiple copies of a document each slightly different waste time and money. Indeed if your company is subject to standards such as ISO9002 you may even put your certification in jeopardy.
- Do not let users share user Ids or tell each other their passwords. If a user needs to do a job ensure they have their own identity and password. This is particularly problematic when one user covers another when they take a holiday. Allowing them to share user Ids and passwords means you can not audit their actions with certainty.
- When allowing access to resources like shared files and folders set up groups appropriate to a department or administrative group’s needs. Then add the users to the group rather than giving the user access to the resource directly. When a user moves around or leaves the company you can then change their access by simply changing/removing the groups they belong to.
If you are unsure as to how to do this on your system why not give us a call or email us?