Grant McGregor News

The Three Most Common Access Control Issues

April 04 2016

Security is a huge issue for SMBs. Keeping your data secure is essential, especially when you’re collecting customer data that’s highly sensitive. The best way to keep data secure when it’s being stored remotely is through access control measures using authentication.

In recent years, access control has become a much more complicated issue than it used to be. Because so many businesses now have mobile workforces that need to be able to remotely access different systems, it poses a unique challenge to business owners.

For example, you might have strict access control policies in place for your company, such as requiring multi-factor authentication. However most mobile devices only use a 4-digit pin or something similar to unlock. This means that access to systems might not be as secure as you require them to be. These are the kinds of things you have to consider when thinking about how to keep your data safe.


Why access control is so important for information and systems security

As is the case with many advancements in technology: cloud computing and remote access is a double-edged sword. Whilst there’s no doubt that it has made business processes much more efficient; it can also put your data at greater risk, particularly if you don’t have strict security practices in place and ensure they’re adhered to.

The greater reliance on third-party cloud services makes it essential to have a clear structure in place so you know who can access a particular system or type of data. A key aspect of proper access control is to ensure that the information asset owner (IAO) plays a key role in establishing the access control policy. It’s hard to keep your data secure if you’re not 100% sure about which employees should be allowed access to which systems.


Common issues and mistakes

While authentication and access control are great ways to keep data and systems secure, there are often simple errors that are made that compromise the security of your business and prevent access control measures from being effective.

Below are three of the most common access control mistakes found in SMBs:


Appropriate role-based access

Users should only be given access to systems that they need to access, and at a level that’s appropriate to their role. Good practice is to ensure that access privileges (and changes) are approved by a sufficiently senior Director or Manager.

New employees or those changing role should have approved/documented access rights and they should be revoked across all systems for any leavers without delay. Finally, access privileges should be reviewed regularly and amended as part of a process of security governance.  


Poor password management

Password management is one of the most common mistakes when it comes to access control. When there are a lot of different systems that require a password to access then it’s not uncommon for employees and even business owners to use the same password across the board.

Even when employees are required to change their password regularly though, there’s still the problem of using passwords that are weak and easy to crack.  Using the same password across multiple systems is something that many people are guilty of. It’s logical why people would do this since remembering multiple passwords can often be impractical.

A great solution to this problem is to encourage the use of password keeper apps. This allows you and your employees to use unique, strong passwords for each system without the need to have them all memorised. But of course, you need to ensure that your ‘keeper app’ is secure or you open up all the doors to your systems!


Poor user education

One of the most important aspects of improving the security of company data is educating your employees about risk. Your employees could easily be doing things that are putting your data at risk. For example, people will often try to find a quicker and easier way to accomplish something, often not being aware of the risk they could be creating. This is why good training about risk is vital.

Human error is always one of the biggest security risks for any company so you should be very aware of this and take any steps you can to educate your employees, including risk-training programs.



By keeping these points in mind and taking the necessary steps to eliminate risk you can greatly improve the security of your systems and company data.

If you’d like to ensure that your business is taking steps to cover the most common risks where security is concerned, then you can request your free 15 Point Security Checklist by clicking here.



Image source: Got Credit