Take Care When Adding to an Employee’s Responsibilities
During a down economy, management may temporarily move employees from one role to another, or have one employee cover two or more roles. This can be an important step in reducing costs and keeping a business viable. However, as roles and responsibilities change, it is not uncommon for employees to gain new information systems privileges while still keeping their old privileges. This can create situations where employees have excessive privileges and can therefore easily commit fraud or conduct other malicious activities. When an employee is transferred to a new role or takes on new responsibilities – even temporarily – it is important to ask questions such as:
Which of the employee’s information systems privileges can be reduced or eliminated because they are no longer needed to fulfill his/her job duties?
These should be immediately reduced or eliminated.
Which of the employee’s information systems privileges, when combined with the employee’s other privileges, create a potential for fraud or other malicious activities?
These should be immediately segregated by transferring incompatible responsibilities and activities to other employees (but be sure to ask these same questions about those employees before transferring).
Of course, these questions should be asked when ever an employee changes roles or has changes in his/her responsibilities or his/her systems privileges.
Watch for another Security in a Down Economy tip soon!