Why it’s important to review your operator security policies

Have you checked recently that the right people have the right level of access to the systems you use including Lamplight? And that anyone that shouldn’t have access, doesn’t?

When an employee leaves, you’re probably careful to stop paying them, and take back their keys to the office. But you need to be just as careful to remove their logins to all of your systems as well.

You can start with these simple steps:

  1. Make a list of the systems you use – computer logins, Office, phones, Lamplight etc. This is your first draft of an on-boarding and exit process.
  2. When you have a new starter, go through the list to give them access.
  3. When someone leaves, go through the list and remove or disable their logins.

You’ll want to make this more sophisticated – including different access levels for different types of staff or access to some systems for some but not everyone – you probably don’t all need access to your accounts software, for example. But a written down list of systems, that you keep up-to-date, is a solid first step. 

You can add a note in your calendar to go through all the systems on your list and make sure that everyone who has access, should have access. Remove or disable accounts that shouldn’t be there.  How often you do this is up to you – though at least annually is a good place to start.

A thorough approach to updating who can access your systems is an integral part of keeping data safe and now could be a great time to begin your next review.