An area of weakness that I often see in these setups, is the lack of security regarding whom can access which documents. This may be due to lack of information regarding security measures available, lack of understating about the potential risks, or maybe, just a general trust in the good natures of employees. Any business really needs to ask themselves a question like, do we really want the marketing staff to be able to view or even tamper with your company’s financial documentation?
The most common method in a small business network to manage file security is via Share and File security. These are defined below.
- Share (SMB – for the nerds) security determines who can view and access shared files across the network.
- File (NTFS – for the nerds) security is the security on the files and folders themselves.
A good analogy to how this works is that Share security is the key to a house, and file security determines which rooms you are allowed to enter, once you are in the house.
As a general rule, Shares can be fairly open, with tighter permissions set on files and folders, as file permissions work with share permissions, to further restrict user access. So, as per the above analogy, you can give the keys for the house to a user, and they can enter, but, if they do not have the permission to enter the kitchen, then, they will not be able to access the documents within (or cake, if we were sticking to the analogy).
Another important consideration is that Share security is not enforced on the local server. Therefore, if employees were directly accessing a server (in the case of a Terminal Server/Remote Desktop server), and accessing files on that server, then, Share security is bypassed altogether, and File security is the only means of allowing or preventing access.
All of this access is determined by employee’s user accounts, with which they log onto the network. So, now that you have permissions defined on you file shares, perhaps defined by department, the next consideration is user passwords.
I am aware of situations where user’s passwords are commonly shared amongst staff, or may even be exactly the same. Other staff knowing that password is like having a duplicate key cut, and allows whoever possesses it, to access any location that actual account holder has access to. Effectively, it wouldn’t matter if the finance department’s documents were locked in a steel bank vault, if Dave from marketing has the key, and is free to come and go as he pleases.
Are you concerned about file and folder security within your network? Datawise can assist you to review your file and folder security, and implement security across your shared data.