August 8, 2025

Review system permissions regularly.

Conducting regular access reviews ensures that users only have the permissions they need to do their jobs, no more, no less. Over time, people change roles, projects evolve, and systems are updated, which can leave behind excessive or outdated privileges. These unnecessary permissions can become a serious security risk, especially if an account is compromised. By reviewing and adjusting access levels on a scheduled basis, ideally quarterly, you reduce the risk of internal misuse and limit the potential damage of cyberattacks. This also helps maintain compliance with data protection standards and supports the principle of least privilege.

Why you should?
Review Permissions, Before They Review You
Unchecked access leads to privilege creep, when users have more permissions than they need. That’s a risk. Here’s how to keep things tight:
1. Audit Quarterly
Review all accounts, active, dormant, and those tied to staff who’ve changed roles. Remove or adjust as needed.
2. Match Access to Role
Users should only have access needed for their current job. Nothing more.
3. Use Role-Based Access Control (RBAC)
Assign access by job function, not by individual. It’s cleaner, faster to review, and reduces human error.
4. Track It Simply
Use a spreadsheet with:
Username
Access Level
Role Justification
Reviewer Notes
Colour code high-risk accounts for easy spotting.
Real Example:
A finance assistant still had access to HR files after switching teams, caught during a monthly review. Quiet fix, big save.
5. Link to People Processes
Tie access reviews to onboarding, role changes, and offboarding.
Bonus: set alerts for privilege escalation.
Think of it as cyber hygiene. Unseen, but essential.

Review system permissions regularly.

Related Posts

Bonus Track: Don’t You (Forget About Me), Simple Minds (1985)

Track 12: Once in a Lifetime, Talking Heads (1980)

Track 11: Crockett’s Theme, Jan Hammer (Miami Vice, 1984)