You’ve conducted an information “census” to identify and locate the confidential data in your company’s possession. Then you determined what you need to hold on to for business purposes. What’s the next step? According to Start with Security, it’s time to put limits in place to control access to data sensibly.
It’s not a novel concept. You have a lock on the door to prevent after-hours access to your business and people can’t just stroll onto your factory floor. You also protect your company’s proprietary secrets from unauthorized eyes. That’s why you don’t post the recipe for your “secret sauce” on your website.
Are you exercising the same care with sensitive customer or employee data? Not everyone on your staff needs unrestricted access to all confidential information you keep. The better practice is to put sensible controls in place to allow access to employees who need it to do their jobs, while keeping others out. It’s also wise to grant administrative access – the technical ability to make system-wide changes to your network or certain changes to desktop computers (for example, installing new software) – only to a limited number of trusted employees. We’ve created a series of examples based on FTC settlements, closed investigations, and questions we’ve heard from businesses to provide tips on controlling access to data sensibly.
Restrict access to sensitive data.
If employees don’t have to use personal information as part of their job, there’s no need for them to have access to it. For confidential paperwork, a reasonable access control could be as simple as a locked cabinet. For data on your network, separate user accounts that limit who can view sensitive files or databases is an effective option.
Example: Staff members at an employment agency review personnel files that sometimes include Social Security numbers. The employment agency makes sure that all employees have a locking desk drawer. In addition, the agency has a “clean desk” policy that requires workers to secure all sensitive paperwork when they leave at the end of the day – a policy the company monitors with periodic walk-throughs. Because the employment agency takes steps to see that employees keep documents that contain personal information under lock and key, it’s less likely that an unauthorized person could access the data.
Example: Employees of a small company share one workstation. The staff member in charge of payroll has password-protected access to a database of employee information. The staff member in charge of shipping has password-protected access to a database of customer accounts. By limiting access based on a business need, the company has reduced the risk of unauthorized use.
Example: A company offers an app that allows users to create profiles that include personal medical information. The system gives all employees – IT staff, sales representatives, HR personnel, and support staff – access to customer profiles. By giving access to sensitive data to staff members who don’t need it for the performance of their duties, the company has created a situation that could put highly confidential information at risk.
Limit administrative access.
System administrators can change your network settings and it’s essential that someone on your staff has the authority to make necessary modifications. But just as a bank gives the combination to the central vault only to a few people, companies should limit admin rights accordingly. The risk is apparent: An untrustworthy administrator – or too many employees with admin rights – can undo the steps you’ve implemented to keep your system secure.
Example: A tech company uses the same login for all employees. The login has administrative rights that enable designated IT staffers to make system-wide changes. But that same login is used by the company’s receptionist, a sales assistant, and a summer intern. The wiser approach is for the company to require different logins with only those privileges necessary for that employee to do his or her job.
The lesson for business is to restrict “backstage passes” to confidential information. Limit access to sensitive data to staff members who need it for the performance of their duties.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.