Data integrity and security must begin with solid data privacy principles and practices designed to improve internal processes and protect the small enterprise's critical information assets. Some of the recommendations in this research note are better suited for larger enterprises that have the resources to put more stringent controls into place. However, smaller enterprises can also benefit from the compensating controls laid out. Topics discussed include:
- How disgruntled IT staff can cause more damage to the enterprise's data assets than regular line workers.
- The legislative requirements of data privacy and related laws.
- A three-pronged plan of attack for delineating access control, including segregation of duties, least privilege, and identity management software.
Align the small enterprise's employee access controls with a privacy mindset to mitigate threats of data loss or theft.