Not everyone will have a key to get into every room. Not everyone should be able to access all the information stored on a server. Reviewing who has access to what information is important and following a need-to-know policy may be the best practice for certain organizations.
- Determine who has access to what information
- Determine what access levels should be set for employees
- Determine how to reduce threats by limiting access to areas
- Determine if two-factor authentication is needed on-site or online