those limits according to organizational separations. This will ensure that the chief financial officer will ideally be able to access more data and resources than a junior accountant.
That said, rank doesn’t mean full access. A company's CEO may need to see more data than other individuals, but they don't automatically need full access to the system. An individual should be assigned the minimum privileges needed to carry out his or her responsibilities. If a person’s responsibilities change, so will the privileges. Assigning minimum privileges reduces the chances that Joe from design will walk out the door with all the marketing data.
Identify Your Vulnerabilities and Plan Ahead
Not all your resources are equally precious. Some data is more important than other, such as a database containing all accounting information about your clients, including their bank IDs, social security numbers, addresses, or other personal information.
At the same time, not every resource is equally vulnerable. For example, information stored on physically separated storage systems that are not connected with the main network is far more secure than information available on all your employees’ BYOD (Bring Your Own Devices.)
Planning ahead for different types of threats (such as hackers, DDoS attacks, or just phishing emails targeting your employees), also helps you assess the risk each object might face in practice.
Identifying which data is more vulnerable and/or more important help you determine the level of security you must employ to protect it and design your security strategies accordingly. (Read also: 6 Cybersecurity Advancements Happening in the Second Half of 2020)
Use Independent Defences
This is a military principle as much as an IT security one. Using one really good defense, such as authentication protocols, is only good until someone breaches it. When several layers of independent defences are employed, an attacker must use several different strategies to get through them.