Security Hints & Tips: Basics of Access control – Series – Part 1

Access Control

Access control determines how members of an organization may use or access resources within a computer system, network, or physical environment. It combines policies and technologies that manage and monitor access at various levels.

Why is access control important? Think about it like this:

• Should someone who works in sales have access to every employee’s personal details, like salary information?
• Should someone who works in customer support have access to high-level business strategies?
• Should someone who works in marketing have access to IT administration accounts?

The answer in all cases is NO, and the idea here is clear: Access control is intentional.

MGC CYBER
HEROES

Our amazing users help protect our organization daily by identifying and reporting phishing attempts using the Phish Alert Button (PAB). Recently, Terri Noland from the Accounts Receivable team at Manitoulin Transport spotted a deceptive email posting as a legitimate Wells Fargo transaction, designed to steal credentials and credit card information payment details.

Thanks to Terri’s vigilance and quick response, our Cybersecurity team was able to take immediate action, quarantining the threat before it could cause harm. Her commitment to security and adherence to our IT protocols played a vital role in stopping this attack.

A big shoutout to Terri and our Cyber Heroes for their unwavering dedication to keeping our organization safe.

Every member of an organization needs only enough access to do their jobs effectively. This is known as the principle of least privilege. It’s an important concept that enables organizations to control who has clearance to do what and why.

In short, your role and job function will determine what you get access to, both physically and digitally. Sometimes, security concepts are that simple. The reasoning is also simple. Imagine if a cybercriminal hacked the account of a salesperson. If that person had access to every employee’s personal information, the attacker would now have access to all that information. You can do your part by:

• Using strong, unique passwords for every account
• Never sharing your credentials, like passwords or badges, with anyone
• Always following organizational policies

Reference: ISMS 27001 – 05.15 ACCESS CONTROL POLICY