The threat of inappropriate access

The lack of stringent regulation governing web access in the Middle East region can put enterprises at risk.

  • E-Mail
By  Angela Prasad Published  March 13, 2005

Under the EU privacy legislation, organisations are required to ensure that certain kinds of data is kept private and only used for the purposes that it was initially collected. However, with the current scale of the internet and the lack of stringent regulation governing web access in the Middle East, access spans disparate platforms and operating systems, inevitably exposing businesses to the risks of inappropriate access. Without appropriate access management, misuse can and will occur. For example, a disgruntled member of staff could access the HR records and find out about a colleague's salary package, or a careless employee could accidentally delete critical files, make incorrect financial data transactions, or be given authorisation to change documents they should only be viewing. The administrator account is a particular problem because enterprises need to let some people inside the organisation have access to it to manage the systems and deal with problems like lost passwords. However, these very people can also misuse the administrator account, for example to read confidential data like salaries or customer lists. It is also worth noting the recent research by Vanson Bourne, which says that 79% of companies have 49% of employees accessing remotely, a fact which highlights the importance of the management of dial-up and VPN access. In addition, over half of companies surveyed (56%) acknowledge that other people in the company can get access to documents the respondent creates, but few (12%) admit to inadvertently coming across data on the system that they should not see. Worryingly, this figure increases to 20% in the largest companies (with more than 2000 PC users), and especially within in the commercially sensitive finance department.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code