Glossary
Access Control
Access control is making sure people can only get into the rooms they need for their job. The janitor has keys to closets, not the safe. The accountant can see financial records, not HR files. It's about giving everyone the minimum access they need - and nothing more.
What is Access Control?
Access control is the security practice of regulating who can view, use, or modify resources in a computing environment. It ensures that users only have access to the data and systems necessary for their job role - a principle known as "least privilege."
Why Should You Care?
Poor access control is behind many breaches and insider threats. When everyone has admin access or can see all files, a single compromised account becomes catastrophic. Proper access control limits the damage any single account can cause and makes it easier to detect unauthorized access.
Is your business exposed?
Real-World Example
A company gave all employees full access to shared drives "for convenience." When one employee's credentials were stolen via phishing, the attacker could access everything - including executive emails, financial projections, and customer data. If access had been properly restricted, the damage would have been limited to that employee's department.
How to Protect Against Access Control
- 1.
Audit who has access to sensitive systems and data
- 2.
Implement role-based access control (RBAC)
- 3.
Remove admin rights from everyday user accounts
- 4.
Review access quarterly and remove unneeded permissions
- 5.
Immediately revoke access when employees leave
- 6.
Require approval for access to sensitive data
Related Terms
Two Factor Authentication, Insider Threat, Least Privilege, Identity Management
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required