Introduce concepts of need to know, least privilege and segregation of duties into your policies and business processes

The expression 'need-to-know basis' describes restricting access to information or a system considered sensitive to those that need such access, possibly only for a limited period.

The principle of restriction on a need-to-know basis defines who has access to what type of information. Access is only granted when there is a specific need to know (according to function, role, responsibility).