Role-Based Access Control (RBAC) is a strategy of limiting network access based on the roles of individual users within a business. RBAC lets employees have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them. An employee’s role in an organization defines the permissions an individual is given and ensures that lower-level employees can’t access sensitive information or perform high-level tasks that could put the company at risk.
In role-based access control, the roles are based on several factors including authorization, job responsibility, and job competency. Businesses can assign whether a user is an end-user or an administrator and determine their privileges. In addition, access to computer resources can be limited to specific tasks, such as the ability to view, create or modify files. The RBAC risk strategy is a similar method to the principle of least privilege, giving a user account only the essential functions on the device needed to do their job.
What does this mean for an SMB?
One of the best ways to protect your SMB from a major security breach is to implement RBAC or the principle of Least Privilege. Removing Administrator Rights from each employee operating a desktop computer can significantly reduce risk. This single action can mean the difference between a major ransomware compromise incident and no incident at all.
When your employee is tricked by a hacker into downloading and running malware on their computer, not having Administrative Rights should prevent the malware from installing. This lack of local computer system rights could prevent the malware from encrypting that user’s files as well as the files they can access on network file servers.