Information Access: Avoiding Lax Controls in Your Business Environment

The Need for Management Information Systems

Our Information Age appears to be entering a midlife crisis with many of us suffering from TMI… Yes, “too much information.” No, we’re not addressing that awkward issue of #peopletalktoomuch. As a technology company, we try to stay in our lane. Our focus is dealing with the vast amounts of data produced in nearly every area of our lives, especially in our businesses. So how do we keep track of it all?

According to Wikipedia, a Management Information System (MIS) is used for “the coordination, control, analysis, and visualization of information in an organization.” In other words, MIS focuses on organizing a businesses’ data so it can be used to make informed decisions. At least that’s the way it should work in a perfect world.

Many people don’t realize that they already have an information system, however informal it may be. This would be true of many small companies. We often ask business owners and employees how sensitive information is stored, such as: passwords, financial information, or employee records. It’s not uncommon for this kind of information to be stored in super convenient places (desk drawers, sticky notes, unlocked filing cabinets, etc.) with the false hope that the data will not get lost, or even worse, accessed improperly.

In addition, many businesses depend on their staff to figure out how information is managed… often with little support or guidance. Long term, this laissez-faire system strangles growth and profitability. A better solution is to build the information system and map out internal workflows. It’s worth the effort. In fact, it will give you peace of mind. Here’s how:

Restrict Access to Vital Information

Companies protect information for a reason. The failure to do so can be quite devastating to the financial health of a business. No doubt, it can take years to fully understand the true cost of information leaks and data breaches.

While most people can understand the potential costs of breached credit card information or social security numbers, they may not fully realize the value of other types of data:

• Pricing lists
• Business processes
• Business relationships
• Employee lists
• Policies
• Schematics, blueprints, and diagrams

For instance, malicious actors could use this information to craft very detailed and convincing malware campaigns that target your organization. Information is power, and in the wrong hands, destructive.

Allow Job Roles and Responsibilities to Determine Access to All Layers of Information.

Every company begins their journey through the maze of security issues with good intentions. Usually, access to systems and information is based on perceived trust. And in many cases, job responsibilities are often based on the same criteria. While these practices may seem noble, they’re not scalable or safe. In fact, they can land your business in hot water! We can all learn a lesson from the military here… randomly assigned duties without a functional or streamlined plan of action is no way to win a war.

Consider this scenario. The owner XYZ Widget Manufacturing gave Lori, the office manager, access to the online banking portal so she could transfer funds for the office rent every month. But when she abruptly resigned a few months ago, her supervisor didn’t give the new office manager the same access. He decided to give that access to Jim instead. Why? Because Jim had seniority, and their kids are in the same Boy Scout troop. Ironically, Jim is also the warehouse supervisor!

Other than personal preference, there was no valid reason to grant Jim company access to the online banking portal! Consequently, there is now an irrational workflow where the accounting department handles all the bills. But Jim, the warehouse supervisor, pays the rent. The plot thickens…

Information Privileges Should Align with HR Policies and Procedures.

Let’s consider how the management decisions above might continue to haunt XYZ Widget Manufacturing. Jesse, the new office manager has been loyal and dedicated to the company. She’s also part of a minority race. She wonders why Jim was given special treatment. Is the owner a racist? Or a sexist! The decision made no sense to her or her colleagues. Perhaps, these were the reasons the previous office manager left the position. Water-cooler gossip circulates throughout the company.

Full stop… these situations can be avoided when access to information is guided by HR policies and procedures. Businesses should implement these standards if they wish to mitigate against legal issues regarding discrimination. Job responsibilities and access to vital information should be strictly controlled by the demands of the position to fulfill assigned duties. As you have seen, handing out access on the fly can become quite problematic.   

People with Random Access to Random Information Often Ends Badly.

In many small businesses, the owner(s) are running hard to make sure that all the loose ends are tied up. They are motivated to scale and grow operations. And if they could just get up that next mountain, maybe things will be a little easier on the other side. But when tasks, job roles and information access are randomly assigned, they have no way to draw clear lines between a person’s job role, duties, and the expectations of the position. The inefficiencies this creates are draining to productivity.

In some cases, a company may survive these management faux pas. However, it does so because employees understand the culture and work around the fragile system. But if one of the pieces of that choreographed ballet ever falls out of place, disaster may strike. When talented employees jump ship out of frustration and fail to train their replacement, the business will suffer. Ultimately, the real costs will be measured in heightened stress levels and financial loss. These are never trivial. It’s never a bad time to make a good change. SUURV can help you implement technology that manages the flow of information in your business. Give us a call today at (210) 874-5900 or contact us by clicking here.