Setting the appropriate permissions for employees of small and medium-sized business (SMBs) is an important part of any company's security plan, and managed services provider (MSPs) are often the right ones to do the job, but do SMBs agree?

Security solutions vendor BeyondTrust has published a report on how setting the the wrong privileges can negatively impact an organization. The "Privilege Gone Wild" report revealed several challenges associated with proper identity and privilege management.

According to the study, 28 percent of respondents admitted to having retrieved information not relevant to their jobs. That's an alarming percentage for any business owner, but, more importantly, what type of data being data is being accessed?

The answer may frighten many SMB owners, especially those with no monitoring strategy. Nearly one-quarter of respndents said they accessed financial reports and almost half provided written responses specifying salary details, HR data and personnel documents.

Other relevant key findings from the report include the following:

  • 44 percent of employees have access rights that are not necessary to their current role.
  • 80 percent of respondents believe that it’s at least somewhat likely that employees access sensitive or confidential data out of curiosity.
  • More than three-quarters of respondents say the risk to their organization caused by the insecurity of privileged users will increase over the next few years.
  • Customer information is considered most likely at risk if there’s a lack of proper access controls over privileged users.

While SMBs may understand the importance of protecting data, they may not realize that MSPs can help.  These numbers are worth bringing to the table for potential customers negotiating a contract.