Which employee is allowed to access which data and which information is particularly critical to the company? Questions that need to be answered when developing an authorization concept in the company.
Crime in one’s own company will increase in the coming years: around two thirds of the questioned agreed with this statement in a recent study by the auditing company KPMG. About 1,000 companies from different industries were surveyed. The study showed that the theft of in-house data is a major problem for four out of five companies (around 80%). This can be copyright infringement, unauthorized access to financial accounts or the disclosure of trade secrets and confidential information about customers and employees. Even if no company wants to accuse its employees bad intentions, according to KPMG-survey, more than half (56%) of the “violations of trade secrets” can be traced back to their own employees.
80 percent have to adapt their authorization concept
Many companies do not have an overview of the access rights that each employee in the company has to different data because the IT department has no central management system. Furthermore, the right tools to identify risk factors and compliance vulnerabilities are often lacking
In order to prevent unauthorized access to in-house data in the future, the authorization concepts must be revised. It is important to determine who needs access to which areas of the company, so they can do their work properly, and which data are to be classified as particularly critical. For example, access to employee files is only allowed to HR managers, while only the accounting department can review the company’s finances. KPMG advises around 80% of the companies surveyed to urgently adapt their authorization concept. Many companies are already assigning high priority to this issue.
Also see the danger from within
Due to Corona, many topics were left behind and neglected. However, in view of the worrying number of increasing incidents of digital crime, which can certainly originate from within, these must not be postponed. Of course, nobody wants to admit that the danger can also come from their own ranks. Nevertheless, it is an essential task of IT management to uncover security gaps and to promote a corresponding authorization concept.
As an Executive Search consultancy, we constantly work with sensitive data from customers and candidates. Therefore, protecting this information is our top priority. At Horton International Germany, the IT department controls the access rights of all company members. Although we have great trust in our employees, such role management is essential in this digital world.