Managing Staff & Access
95% of cyber attacks succeed because employees make mistakes. Solution: Build a security culture using the AAA framework - control who gets in, what they can access, and track what they do.
The AAA Framework
Three simple rules that protect your business:
Authentication: Prove Who You Are
- Unique login for each person (no shared accounts)
- Strong passwords + two-factor authentication
- Change passwords when staff leave
Authorisation: Control What You Can Touch
- Give minimum access needed for the job
- Only 1-2 people get admin access
- Review permissions every 3 months
Accounting: Track What You Did
- Enable login logs on important systems
- Check logs monthly for unusual activity
- Know who accessed what and when
Building Security Culture
Security culture means everyone automatically thinks about safety. Like locking your car, it becomes habit.
Monthly 10-Minute Security Chats
Month 1: "Why we lock computers" - protect client trust
Month 2: "Spotting fake emails" - protect business money
Month 3: "Verifying requests" - IT never calls for passwords
Month 4: "Physical security" - visitor procedures
Culture Success Signs
- Staff lock computers when stepping away
- People question suspicious emails
- Team reports weird activity without fear
- Security becomes "how we do things here"
Test Your Team's Security Sense
Choose a scenario to test:
Smart Access Rules
Who Gets What
Everyone: Email, basic files, job tools
Managers: Team files, budgets, staff communication
Owners only: Admin access, payroll, banking
Contractors: Project files only, time-limited
Golden rule: When in doubt, give less access. You can add more later.
2-Week Implementation Plan
Week 1: Set Up Controls
- List who has access to what systems
- Remove unnecessary admin privileges
- Set up unique logins for shared accounts
- Enable login logging
Week 2: Build Culture
- Hold first 10-minute security chat
- Explain why controls protect everyone
- Create "it's okay to ask" environment
- Schedule monthly security discussions