Conversations
Ransomware
Don't Login on Untrusted Computers
You Are a Target
Never Give Your Password Over the Phone

powered by zFeeder

File/Folder Permissions

Type: data threat prevention security

Configuring file and folder permissions is the network area of access control, controlling access via file and folder permissions is an essential part of data security. Very few individuals in a company need access to all data, for example the finance department don’t need access to specific product details and the design team do not need access to customer details. Access should always be distributed on a ‘need to access’ basis, therefore all individuals accessing the network should be placed into a predetermined group(s) that can be configured on the network server. Below is a simple example of some groups a company could setup:

Folder Layout

While group controlled permissions are a simple and obvious area of security, it is rarely implemented correctly. The key is defining what an individual needs to use in order to complete their work and if it is not clear then it is better to provide them with too little than too much, further permission can be granted at a later time. There is an inclination to place trusted individuals in privileged positions despite the privileged positions being impractical as the individuals have no need to access most of the data available. This is essentially creating vulnerabilities in a network that needlessly increase potential for internal security incidents.

By controlling file/folder access, a company can seriously reduce the amount of security vulnerabilities that the network has even before any further security is added. Overlooking the importance of configuring file/folder access permissions correctly would be extremely unwise, groups and permissions should be strategically planned out and created so that every potential network user has the correct level of access available.

Configuring Permissions

However, file/folder permissions are not enough to guarantee security of data as it is possible that individual’s accounts can be compromised or impersonated and thereby the attacker gains the privileges of that account. File/folder permissions will however reduce the amount of foolish or accidental damage to data as it will reduce the amount of access to sensitive and critical data thereby reducing potential threats to the data.