1: Assign user and permission-based roles

Modern business software packages usually have the option to assign users under your organisation’s account to different levels of security clearance or access permissions.

These are called User roles or permission-based roles.

User roles can help ensure that sensitive information, like costs or your employee's personal information, can only be accessed by those who need to access it to do their jobs. For example, a Manager user role will be able to see all areas of a system, whereas a Driller or Geologist user role may only have access to daily drill report details.

Permission-based roles can help to enforce approval processes by only allowing a certain level of user to sign off on work or overwrite data (eg approving or editing plods).

As a general rule, the level of user access should typically equal the level of responsibility a user has in the business.

User role and permission settings offer additional protection in the case of staff turnover, disgruntled employees or individual user account hacks, as only the master account has access to everything (and you can rest easy knowing that the master account is secure because you set it up with your password manager!). Plus, it removes unnecessary distractions by removing visual clutter that's not relevant to specific job functions.

2: Turn on authentication or use SSO

If it’s an option, I’d always recommend turning on multi-factor authentication or two-factor authentication (2FA).

Authentication is an additional layer of login security. There are three types of authentication:

knowledge (eg a password or security question)
possession (eg a security key, text message code or google authentication code), and
inherence (eg TouchID or voice ID), otherwise known as “something you know”, “something you have” or “something you are”.

2FA requires two types of authentication at login, and multi-factor requires two or more types.

What’s great about these options is that even if your password were stolen, a cyber criminal would also need to steal or hack your device or know further personal information about you to gain access to your account.

SSO is another login option that offers enhanced security benefits and hazard control by removing the need to create and manage additional account credentials. With SSO, you can use existing credentials like your Microsoft or Google details to log into a range of different software with a single click. This reduces the likelihood of staff using repeat passwords and saves time logging in to different systems throughout the day.

If you’ve worked at an enterprise-level company before, you may have used SSO quite frequently across a range of software. Right now, for the smaller guys, it’s prohibitively expensive. However, you can access benefits free of charge on a growing list of online Software as a Service (SaaS) products that connect to Google or Microsoft, so expect to see this a lot more often in the future.

A quick note: don’t use your social network credentials for work-related software. It’s best practice to keep these separate.

3: Keep your software stack manageable

Your software stack is the set of digital tools you use to run your business. Think Xero, Microsoft Office, Leapfrog, Micromine, AcQuire, Seequent etc.

These are powerful business tools, but like all good things, using software falls on a bell curve. There’s a point where it’s possible to have too much of a good thing, and it gets complicated to keep a handle on who needs to do what, by when and in which system.

There are a few things to consider in building a software stack.

Firstly, from a cyber security point of view, having loads of software tools increases the number of potential access points to your company data. Being diligent with using your password manager will provide some protection, but from a mining risk control perspective, higher-level controls (elimination, substitution) are preferable to lower-level controls (administrative controls).

I recommend looking at software that will help you to streamline and consolidate as many aspects of your workflow as possible into one program. This way, it’s easier for your team to stay on the same page and reduce the number of entry points cyber criminals can exploit to access your data.

Secondly, the more complex the software workflow and the higher the password burden, the more likely people won’t follow through with using it correctly. This can impact cyber security but also the integrity of the data if staff start cutting corners in order to keep up with the workload. Plus, it’s an additional frustration to their day that detracts from more important tasks like drilling or interpreting the data.

Tl;dr?

Depending on what’s offered by the products in your software stack, I’d recommend turning on the following settings:

Delegate user or permission access role so each staff member only has access to the information they need for their responsibilities
Turn on 2FA or multi-factor authentication (if it’s offered)
Use SSO if it’s available

but most importantly: use a password manager.

To finish, less is more when it comes to software. I recommend a minimalistic approach to make it easier to manage security and keep track of your business's online footprint.

Look for products that will help you centralise and consolidate tasks into one system rather than spreading tasks from the same workflow across multiple logins. The bonus of doing this? It’ll be easier and faster for your team to achieve the same outcome, leaving more time for drilling and discovery!

What next?

If you're looking at new software for your small mining business, we've created a series of software buyer's guides for Drilling and Exploration Managers. Each guide includes a dedicated section with examples of questions to ask your software provider about their security options. Use them at your next software demo so you can make an informed decision about how your data is handled.

Download them for free now:

Download the checklist here

Cyber security for small miners: 3 tips for boosting software security

Download the checklist here

Related Articles