You need to take the following action when giving out access to your network. You must look at who you let have access and what level of access should be granted. You should have all your users’ authenticated using username and passwords. Also you should assign permissions to each user based on their business function. There are essentially three levels of information access: no access, read access, and read-write access. It is critical that you assign the right level of access to each user to ensure that they can perform necessary functions. It is also essential that they only be granted access to shares and systems necessary for them to do their jobs.
Your customers would have read only access to the network’s information. They will also need read-write access to the network shipping or ordering process to be able to create an order. Your employees should have read-only access and some read-write access depending on their function. For example, clerks and entry-level employees would have limited access, while managers would need a greater level of write permissions. Your owners would have read-write access to all business related material or at minimum some way to escalate permissions to get the information they need. . You should also put an AUP acceptable use policy in place that outlines the right uses for the networks information.
Also there should be internal and external access control throughout the network. You need to define the authorization policy to the company it is a high level document that defines how an organization will assign and enforce access control rights. You should have an authorization policy for data it should include these points and you need to specify which data should be encrypted. Also enforce the principal of the lowest possible access. You will need to make sure that when you grant access that you follow all company policies, standards, procedures, and guidelines.