Introduction
File permissions within your organization are an important topic you need to have a general understanding of.
In the event of a data breach, you can quickly pinpoint the potential failure, or limit the damage a breach has on your network.
It’s also important to plan out access across the company data to your employees on a need-to-know basis.
There are two methods of managing access: permission based access, and role based access.
Permission Based Access
This gives individual users access to individual areas of the company data.
For example, user A needs read access to the operations and sales area but have complete control in the HR area.
Role Based Access
This is generally the go-to method most IT providers choose and allows groups of users to be controlled using security groups built into Microsoft’s active directory or Azure services.
The main benefit of role-based access is the ability to enforce strict file permission policies across large groups of users, which will help stop the potential for employees to access sensitive data.
When new employees join, it’s just a simple case of telling the IT provider what type of role the new user has, and there’s no lengthy email chain or request on what folders/files that need to be provisioned.
Sharepoint & Teams
Role-based access can be applied to standard network shares and modern file systems like Sharepoint and Teams.
There are some other security considerations you need to make when setting up file access within Teams and Sharepoint, including if external sharing is permitted on the file share.
One of the most used features of both these systems is the ability to share files with a URL that can be shared in an email; however, it’s wise to detail and enforces strict security in regards to external users and what they can access.
Guest Access and Anonymous User Access are two features that are automatically turned on in each Team. This can create external cybersecurity risks. Imagine if a user were added to a Team as a guest accidentally, and they begin editing folder structures and projects – or worse, deleting them altogether.
You can edit the settings in each individual Team or Channel to limit the individual permissions of guest users. These settings can be turned off from the settings option in each Team.
Create a Clear Policy
Establishing a standardized process for granting access, naming groups, adding new directories etc., helps to put everything in writing. Clear documentation ensures that you always have a reference point when you are unsure of the proper way to handle a particular case and is especially helpful for getting larger teams of administrators on the same page.
Final Thoughts
Most businesses we work with have grown organically over time, and so have their data and folder/file structure. We can offer you a high-level analysis of who has access to what files and help you migrate your data to a more secure and transparent system.
Get in touch if you would like to discuss this.
Get in touch with us
Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.
Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.
Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.
