Security Behaviour Database
/
All Behaviours > Reporting unnecessary access

Reporting unnecessary access

Having access to more data or systems than is needed to carry out a role creates unnecessary risk. Notifying a supervisor, the IT team or another relevant person helps ensure better visibility (and management) of this risk.


Why is it important?

Unnecessary access creates risk for a few reasons.

If an account is compromised, attackers may be able to access extra files/folders which normally they wouldn't be able to. Documents may have their classification updated. Some accounts may therefore have access despite being unauthorised to view them. Files or folders may be accidentally modified. This can lead to unnecessary punishment or extra work.

Reporting unnecessary access helps keep data safe and helps avoid breaches.

Priority Tier

Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.

Tier 1

Risk Mitigated

Data Leak

Data Leak

A data leak is when data is accidentally or intentionally disclosed to unauthorised people.

Further reading

https://info.varonis.com/hs-fs/hub/142972/file-2194864500-pdf/ponemon-data-breach-study.pdf https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security/the-10-steps/managing-user-privileges

SebDB is brought to you byCybSafe| © 2022 CybSafe Ltd