A carefree return from holidays?
The final work is completed and important ongoing business and tasks are passed on to the right colleagues. Authorizations are adjusted so that those colleagues have the correct permissions to carry out all activities as desired and as required.
Everything seems so well organised. You can go on holiday with peace of mind.
Authorizations don't go on holiday
During the holidays it turns out that even more people have to replace colleagues. The temporary application manager grants permission sets to the best of his knowledge and belief. People with insufficient knowledge of business try to perform urgent tasks that are normally done by their colleague. This doesn’t always go well.
A few months later, during the audit, the authorizations are also discussed. It appears that during the holiday period, major changes were made to the authorization structure. Also, not all changes and temporary rights were not revoked for all functions. As a result, the authorization structure has been significantly changed and is no longer adequate. This has caused major risks and may have resulted in incorrect data. It takes a lot of work to restore the authorizations and to analyse the log files during the audit.
Temporary rights remain permanent in Dynamics
Restoring the authorization structure is an unnecessary waste of time and money! Too bad, because it wasn’t necessary.
This is simply the result of the lack of (good) authorization management.
Regarding leave, holidays or temporary employees you will often have to (temporarily) adjust the rights of employees. Do you really want to go on holiday and return without any worries? Think about the following.
- Make a clear timeframe. Who goes on holiday when and who is the replacing colleague? What rights does that colleague need? Discuss this with the person going on holiday, so that the replacing colleague has sufficient rights, but not too many.
- During replacement, make sure there are clear working instructions, especially for the incidental processes. It is then immediately clear whether an authorization notification is the result of too few rights or the incorrect execution of a process.
- Give the colleague, who is replacing you, the right permissions in Dynamics NAV under his or her account. NEVER give a password so that a colleague can replace you. Then you will never be able to see who did what according to the log files of monitoring functionality of Authorization Box.
- Adjusting or granting permissions can also cause conflicting rights. This can break through important control measures such as separation of functions. Therefore, in case of replacement always check with the controller whether additional control measures need to be taken. For example detailed analysis of the log files or a 4 eye principle.
- Are the changes in the authorizations properly registered? You want to know who has been granted which permissions and when. This is essential for the audit. In addition to this: is the change log on?
- Finally, temporary rights should be temporary! Plan, at the moment the permissions are granted, an action to withdraw these rights when they are no longer needed. With the Authorization Box this can done fully automated.
Security outside Dynamics NAV
Information security is not only related to the ERP system Dynamics NAV. There is a good chance that there are multiple applications running. For setting up procedures regarding holidays and leave it is wise to consult with the IT manager or application managers to also cover the risks present in other related applications.
And in the meantime on holiday...
And if everything is well organized around replacement, there are many threats to information security on holiday. If an employee brings a laptop, it is often easier to steal it from a hotel than at home. The same applies to a mobile device with confidential email. Ensure that laptops are encrypted, have at least one password on your mobile devices and make sure that these can be deleted remotely.
Wifi networks in hotels and airports are easy and cheap to eavesdrop (even if you need a password for it). Don't get hacked! It is best to not use these connections. If necessary, use a secure VPN connection. Not convinced yet? Take a look at the first 3 minutes of this TED talk and get a look inside the head of a hacker.
Carefree on holiday?
Be aware of the unnecessary risks that your company runs by not paying attention to authorizations and security during holiday periods. Start the next holiday season without worries and with an authorization structure that remains well? Think about the issues above and check out our solution for an efficient design and management of authorizations.
P.S. the next holiday is almost here! ;-)