These days, at least part of the data most SMEs use is mission-critical to run their business. Still, this valuable data –   including Personally Identifiable Information, such as customer and employee data – is often easily accessible for everybody in the company.

This is a risky situation. Maybe not so much because your employees have bad intentions, but rather because every single account that has access to sensitive data enlarges your attack surface and increases the risk for a data breach. A first step to counter this, is the ‘least privilege’ approach. This means that access to specific data and/or applications is strictly limited to what an employee actually needs to do his job. However, if you want to significantly reduce the risk of a data breach, you need more than that…

Hackers target small businesses

SMEs tend to believe that hackers are much more interested in large companies. However, this is a wrong assumption. In most cases, hackers use tools which autonomically search the internet for weak points in the defense systems of organizations’ IT systems – without making a distinction based on the size of the organization – and try to work their way in. The fact that smaller organizations’ security systems are often less sophisticated than those of large companies, makes those smaller organizations more vulnerable.

$ 3,533 per employee 

Apart from that, the cost of a data breach is relatively higher for a smaller company when compared to a larger enterprise. According to a recent IBM report, the cost of a data breach for smaller companies is on average $ 3,500 per employee. So this adds up pretty fast.

Not 100% sure about the current security state of your Active Directory?
Protect the keys to your IT kingdom! Try out our SaaS solution for free and understand all identified risks, their impact and why it is important to remediate. Ideal fuel for an awareness campaign or increased cybersecurity budget!

Data protection: A moral duty?

In addition to the direct costs, data breaches cause other problems as well. It is a well-known fact that the public expects companies – whether they are large or small – to have certain moral values, such as gender neutrality and care for the environment. Quite rightly, of course. But not all entrepreneurs are already aware that the care for personal data now belongs in the same row and is in fact integrated in CSR (Corporate Social Responsibility).

Elizabeth Denham, Information Commissioner at the GDPR regulator’s office in the UK states: “People’s personal data is just that – personal. When an organization fails to protect it from loss, damage or theft it is more than an inconvenience.”

Is identity governance the right solution?

It depends. First of all, it’s a fact that the risk for a data breach can be reduced considerably by installing a solid identity governance solution. Simply put, identity governance technology allows to monitor and manage user rights and permissions to access software applications and data for each individual in an organization. However, most identity governance solutions are complicated and expensive. They also tend to have a long time to value. This is why those solutions are in fact not that suitable for SMEs.

Identity governance on an SME scale

Fortunately, the market has responded to this, resulting in a string of cloud-based SaaS solutions that are specifically targeted towards the needs of SMEs. The most effective of those are based on a powerful identity/data analytics engine. This way, you can quickly get valuable insights in the current situation.

A clear, complete and up-to-date overview of who can access what, who needs access to what and a comparison of the two is of key importance here. That is because this overview gives you the insights you need to take the next steps to improve the information security of your company. Of course, the other aspects of identity governance are important as well, but it takes a longer time to implement those and will therefore give you less value in the first six to twelve months.

Why Elimity Insights is worth a closer look

Simply put, Elimity Insights ticks all the boxes. It’s a powerful and comprehensive SaaS identity analytics solution that is specifically suitable for SMEs. It is built upon a high-performance identity/data analytics engine allowing quick and trustworthy insights. Furthermore, the flexible ‘price per seat’ approach means that Insights is affordable for smaller companies as well.

Don’t know where to start? Elimity can help you to set priorities and focus your efforts. Get your user access screening now.


I'm in charge of the content marketing