IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Protect Your Employees From Becoming A ‘Single Point of Failure’
Wed, 17th May 2023

Unintentionally opening an email attachment containing malicious code or connecting to corporate resources via an unprotected network can result in widespread disruption and costly damage. According to the latest Office of the Australian Information Commissioner's Notifiable Data Breaches report, one in four reported data breaches were due to human error. 

Given the sophisticated systems and processes many organisations have today, it's hard to believe that they – knowingly or unknowingly – rely on systems that have a single point of failure created by a design flaw, implementation, or configuration of a process that could bring down the whole operation. It's certainly never intentional, and yet recent global headlines have shown that even some of the world's most innovative companies are not immune to these kinds of disruptions. 

And this single point of failure can often rest with a human being which, as a result, leads to scapegoating when things go wrong – intentional or otherwise. Organisations must remember they are responsible for protecting both their employees and the overall business from developing these single points of failure. 

There are three key ways organisations can protect their businesses and employees and still maintain an excellent employee experience: 

1. Take care when assigning access permissions

Today's consumers and IT business users face a digital sprawl which makes it tough to manage permission and can result in data breaches, many of which result from human error. According to the latest Business at Work report from Okta, large enterprises have, on average, 187 business applications deployed. It is no surprise that there is a lot of work being done in disparate systems and applications, so managing permissions of each application, and within each application, is essential.  

Indeed, hackers are well aware that many people use the same passwords on multiple applications, many of which can easily be guessed, resulting in an individual falling victim to a phishing scam.  

IT departments need to work closely with HR to ensure employees' roles – and their subsequent access levels – are clearly defined. An identity management system or single sign-on technology, such as Okta, is one example of achieving this level of management which not only improves users' overall experience but also results in a net win for security when conducted correctly.     

2. Ensure there are detailed internal communication policies in place

Employees should understand which applications they have access to and how to use them. While onboarding is the best place to communicate these policies, companies should also have an accessible knowledge base that explains types and levels of access to its systems and data. 

All employees will utilise this process, which has the added advantage of being familiar to them as they change roles in the company. In an ideal world, there should be no exceptions to stated permission policies as they are standard best practices for enterprises and should also be applied to organisations of all sizes. 

However, we don't live in an ideal world. Not every application allows admins to assign permission for very specific actions within it, and there are many reasons why certain employees may need to access only certain functions within applications. 

For example, product development and marketing teams may desire access to a company's procurement platform to review approved suppliers, but they should not be able to add new unauthorised suppliers which may not have undergone due diligence.

Access privileges don't need to be an exercise in frustration. Companies don't want employees getting frustrated by applying for access, getting rejected and not understanding why. This wastes time and breeds distrust. Think of how much better the experience is to receive a personalised message, with the guidelines provided in the flow of work on why you don't have access and what you can do to request that particular access.

3. Improve stability and security through an effective digital adoption strategy:

Forward-thinking companies have identified how complex digital workflows and administrative tasks are eating away productivity gains from technology and negatively impacting the employee experience. 

This so-called digital friction also induces errors. When toggling between applications and context, switching back and forth, employees are ever more likely to make mistakes. Fortunately, business leaders and IT professionals can create the environment to improve the overall experience and mitigate mistakes. 

They do this by turning to a digital adoption platform (DAP) as a key element of their digital adoption strategy. DAPs address human-induced errors head-on by utilising customised on-screen guidance and automation to walk employees through workflows across applications.

At the same time, DAPs provide aggregate user analytics to continuously improve the user experience. They improve stability and security by ensuring that users are actually using their digital applications and platforms the right way while also providing built-in safeguards against application misuse and mistakes. For example, DAPs can hide certain information and functionality from certain users or display warning messages before completing important tasks across applications. 

The pace of change in the business world shows no sign of slowing, and the risk associated with unintended human error has never been greater. However, by taking care when assigning permissions, having detailed communications policies, and following an effective digital adoption strategy, organisations can be best placed to take advantage of growth opportunities and prosper.