In the hustle and bustle of running a small business, managing who has access to what can sometimes be overlooked. But here's a crucial insight: relying solely on role-based access accounts could be putting your business at risk.

Every user on an information system should be uniquely identified for effective audit controls, and here's why.

What Are Role-Based Accounts

Role-Based Accounts are accounts that are setup to ease access. Instead of being based on a name of an actual person, they’re based on a role. Example: sales; accounting; techsupport; help.

Why Are Role-Based Accounts a Bad Idea

Role-based access accounts are created by managers because they’re easier to delegate. But convenience is the enemy of security. Too often, when someone leaves the firm, these account passwords aren’t rotated (changed). They remain the same because, by their nature, it’s convenient. That convenience leaves a hole where disgruntled employees can attack a company.

Further, the line of accountability becomes blurred, making it difficult to pinpoint who did what and when. If everyone is logging in as “sales,” how do we know who did what? It skews the audit trail. This lack of individual accountability can lead to significant security and compliance issues.

Imagine this scenario: an important file is deleted, and your audit logs show that it was done by someone with access to the “Manager” account. But you have five managers who use this account interchangeably. Now, you’re stuck trying to figure out which one of them was responsible. This isn’t just a headache—it’s a security risk; it’s a compliance risk; it’s certainly not IT “best practice.”

How It Should be Done

Every access control should relate 1:1 to an actual person.

You terminate the person and you lock out their access control.

Access control should never be 1:n — one to many. It’s a logical inconsistency.

By assigning unique user accounts to each employee, you create a clear trail of actions and decisions.

This approach ensures that every change made in your system is traceable to a specific individual. If something goes wrong, you know exactly who to talk to. This level of traceability is not just about enforcing rules; it’s about building a culture of accountability and trust within your team.

Moreover, unique identification is a cornerstone of compliance with regulations like GDPR, HIPAA, and other industry standards that mandate stringent data protection and audit controls. Non-compliance can lead to hefty fines and damage to your business's reputation.

So, take a step today to review your access management strategy. Ensure every user has a unique account. It’s a small change that can make a big difference in your security posture and operational integrity. Protect your business by knowing exactly who has access to your sensitive data and systems at all times.

R

In today's fast-paced digital world, having a solid IT strategy is no longer a luxury—it's a necessity. Yet, many small business owners and managers overlook this critical component, leading to a host of issues that can hinder growth and success. Let's dive into the key pitfalls of not having an IT strategy and how you can avoid them.

1. Security Vulnerabilities

Without a robust IT strategy, your business is like a house without locks. Cyber threats are on the rise, and small businesses are prime targets. From ransomware to phishing attacks, the lack of a strategic approach to cybersecurity can result in data breaches, financial losses, and a damaged reputation.

2. Inefficiency and Downtime

An ad-hoc approach to IT often leads to inefficiencies and unexpected downtime. Imagine your point-of-sale system crashing during peak hours or your team struggling with outdated software. These disruptions not only affect productivity but also customer satisfaction. A well-thought-out IT strategy ensures your systems run smoothly and efficiently.

3. Scalability Issues

As your business grows, so do your IT needs. Without a strategy in place, scaling your IT infrastructure can be chaotic and costly. Proper planning allows you to anticipate growth and ensure your technology scales seamlessly with your business.

4. Missed Opportunities

Technology evolves rapidly, offering new tools and solutions that can give your business a competitive edge. Without an IT strategy, you might miss out on these opportunities, leaving you behind your competitors who are leveraging the latest tech advancements.

5. Cost Overruns

Randomly investing in technology without a clear plan often leads to overspending. An IT strategy helps you budget effectively, prioritize essential investments, and avoid unnecessary expenses.

In conclusion, a well-crafted IT strategy is vital for the security, efficiency, and growth of your small business. Don't wait for a crisis to strike—start planning today and set your business up for long-term success.

R

Google Workspace recently introduced a feature to Archive a user account instead of deleting them. But you’ve always been able to suspend a user, so what’s the difference?

Archiving Google Workspace Accounts

If you wish to retain the user’s data for historical reference but not pay full-price for its storage, Archive is for you. Archiving a Google Workspace Account functionally disables the account from use and access, but, keeps the container around at generally half the price of the Workspace license paid for a full user. It would be used if the company wants to create an online storage pool of data of their former employees indefinitely.

Suspending Google Workspace Accounts

Workspace has always had the ability to suspend an account. Suspension is generally considered a temporary measure, however, which is why it differs from archive. Suspending account prevents end-user access and rejects all inbound mail for the user. Mail sent to that user is returned undeliverable by an NDR (Non-Delivery Report). You pay full-price on the license until the user is either archived or deleted. You’d suspend a user if there’s a temporary event taking place — like an employee termination or investigative leave — for an eventual disposition (archiving the user, deleting the user, or returning the user to active status.)

Deleting Google Workspace Accounts

Destroying a Google Workspace account effectively suspends the account and prepares to destroy the data. When a user is flagged for deletion, their data can be transferred to another user beforehand. When deleted, the user’s data is inaccessible, and their licenses are made available for reassignment. You have roughly 20 days as an administrator to recover the account before it’s deleted permanently.

What’s Not Deleted

It’s important to note what isn’t deleted under Google Workspace when an account is deleted. Their Shared Drive content is not deleted, as the Owner on their documents is the Share Drive itself; their Shared Calendars are not deleted; documents owned by someone else aren’t deleted.

Offline Storage for Archived User Data

In my practice, I’ve used a technique to create a no-cost, long-term storage strategy.

1. Create a Shared Drive for USER ARCHIVES and share it to the managers/principals of the organization as Content Managers; the administrator should be the Manager.

2. Return a Suspended User to Active status. Rotate its password to something you know and disable 2FA. Allow for a 10-minute window to access the account lowering Google’s security checks.

3. Login to this account in another browser window and access Google Takeout. Identify everything you want to preserve for the user; change the container size from 2GB to 10GB; prepare the extract. You can exclude Google Drive if you’re transferring the files to some other user.

4. Takeout will convert their data to flat files and compress the data into a *.zip file.

5. After the *.zip is downloaded, upload it into a folder named for the user under USER ARCHIVES.

6. Delete the user.

This process creates a permanent archive that doesn’t cost a license. If the data’s necessary, it can be accessed by flat files (CSV, ical, MBOX). You can then convert these formats or reimport the data into PST files or another Google Workspace user.

R