Manage access and authorization

Employees sometimes have access to more information than they need to perform their job duties, which raises the risk they will unknowingly share that information with others.

This could impact morale if sensitive information is accidentally shared with other employees. You could also lose trade secrets, pricing strategies and other competitive information. On top of that, many organizations are paying for licenses they don’t need.

Next steps

Regularly review access and authorization rights: Review these rights on your network, in your accounting systems and in your ERP systems.
Regularly review licensing: Ensure counts are accurate and only those who need the licenses have them.
Assign a “business owner” to your line of business software: Involve that individual in the approval process for granting access to systems. Have this individual review the list of people who have access at least annually. If individuals need access to new functionality in your systems, involve the business owner in that approval process.

SOURCE: WIPFLI