GET A QUOTE
BOOK A CALL WITH US

Half of staff have too much access to data

Half of staff have too much access to data

Here’s a question to make you pause: Do you know exactly who in your business can access your critical data right now?

And more importantly, do they need that access to do their job?

If you’re like most business owners, you probably assume that access is sorted out during setup and that’s the end of it. But new research says otherwise.

It turns out that around half of staff in businesses have access to far more data than they should.

Which is a big problem.

Not just because of the risk of someone doing something malicious, but because mistakes happen. When people can see things they don’t need, it opens the door to accidents, breaches, and headaches with compliance and audits.

This is what’s known as insider risk.

It simply means the risk that comes from people inside your business, whether they’re employees, contractors, or anyone else who has access to your systems.

Sometimes insider risk is deliberate, like when someone steals data.

But far more often it’s unintentional. Someone clicks on the wrong thing, sends information to the wrong person, or keeps hold of access when they leave the business. And that’s when trouble starts.

One of the biggest issues is what’s called “privilege creep”.

That’s where people gradually build up more access than they really need, often because they move roles, get added to new systems, or no one takes a close look at what they can see.

The research shows that only a tiny percentage of businesses are actively managing this properly. And that means huge amounts of data are being left exposed.

Even scarier, nearly half of businesses admit that some of their ex-staff still have access to systems months after leaving. That’s like leaving the keys to your office in the hands of someone who no longer works for you.

The solution is to make sure your people can only access what they need, and nothing more. This is often called “least privilege”.

It means setting up systems so that permissions are limited to what’s necessary. And access is only given temporarily when required. That’s sometimes referred to as “just in time” access.

And just as important, when someone leaves your business, all their access should be removed straight away.

Today’s world of cloud apps, AI tools, and “invisible IT” (where software is used without IT even knowing about it) makes this trickier. But it’s not impossible. It just means being proactive.

Regularly reviewing who has access to what, tightening permissions, and using tools that help automate this can make a huge difference.

The aim isn’t to slow people down. It’s to protect your data, your customers, and your business’s reputation.

If you need help checking how secure your access controls are, get in touch. It’s better to know now than after a breach.   

May I take this opportunity in thanking you for your prompt action in dealing with our hardware problem last week. We were in jeopardy of not being able to pay some clients employees at the end of last month and although we needed to work additional hours we fulfilled our deadlines on time.
Infinity Business Solutions - a company aptly named! They always provide solutions, they're always business like and offer no end of help and advice. It gives us great confidence to know that Infinity are on board.
I just wanted to say thank you for all the hard work put in supporting our systems It is really appreciated that you are on the ball  and I really feel that we can rely on Infinity when it counts.
The staff at Infinity are always cheerful, courteous & helpful and pretty much resolve problems first time. Nothing is ever too much problem and they even are prepared to help outside of hours when urgent help is needed. Keep up the good work...and don't lose the personal touch!
Infinity understand that down time is the most important issue and do all they can to ensure that our staff have minimal down time when experiencing problems.
Infinity understand that down time is the most important issue and do all they can to ensure that our staff have minimal down time when experiencing problems.
You don’t know how good it is not having SPAM arriving every 3 minutes! I’ve received no SPAM since 4pm yesterday ... nothing in my Inbox, Junk Mail folder or caught by the SPAM controls within Exchange. Perfect!
Having benefitted from Infinity’s support since 2013, we remain impressed with their technical ability and focused approach to keeping our IT systems updated and working as they should. After using a larger IT support company we chose Infinity because of their size, with them being big enough to cope, but small enough to care. We made the right choice - the quality of their service has always been excellent, and we’ve come to regard them as part of the team.
Unfortunately our business suffered a ransomware attack however thanks to Infinity’s support we were able to get by with minimal downtime. Rob and the team worked tirelessly throughout Friday and Monday and over the weekend to ensure we weren’t left negatively affected by the event. We were very glad for the great back ups and systems that we had invested in thanks to Infinity’s past recommendations.