Which employee may access which data and which information is particularly critical to the company?
Crime in your own company will increase in the coming years. Around two thirds of respondents agreed with this statement in a recent study by auditing firm KPMG. A total of 1,000 companies from various sectors were surveyed. The study showed that the theft of internal company data is a major problem for four out of five companies (around 80%). Whether it is a breach of copyright, unauthorized access to financial accounts or the disclosure of business secrets and confidential information about customers and employees. Even if no company wants to accuse its employees of bad intentions, according to the KPMG survey, more than half (56%) of “breaches of trade secrets” are attributable to the company’s own employees.
80 percent have to adapt their authorization concept
Many companies do not have an overview of the access rights that each individual in the company has to different data, as the IT department does not have a central management system. Sensitive information and internal data are not adequately protected. In addition, the right tools to identify risk factors and compliance vulnerabilities are often missing.
Revised authorization concepts help to prevent unauthorized access to internal company data in the future. It is important to determine who needs access to which areas of the company in order to carry out their work properly and which data should be classified as particularly critical. For example, only HR managers have access to employee files, while the accounting department has sole access to the company’s finances. KPMG advises around 80 percent of the companies surveyed to urgently adapt their authorization concept. Many companies are already assigning the topic a high priority.
Seeing the danger from the inside
“Due to corona, many issues have been left unaddressed and neglected. However, in view of the worrying numbers of increasing incidents of digital crime, which can also come from within, these must not be postponed. Of course, nobody wants to admit that the danger can also come from within their own ranks. Nevertheless, it is an essential task of IT management to uncover security gaps and promote an appropriate authorization concept, “, emphasizes Martin Krill, Managing Partner of HAGER Executive Consulting. “As a recruitment consultancy, we are constantly working with sensitive client and candidate data. Protecting this information is therefore a top priority for us. At HAGER, the IT department controls the access rights of all company members. Although we have great trust in our employees, such role management is essential in this digital world,” says Krill.
