This is based on a post by Mark Rodbert, "Fixing employee access should be your top security priority in 2020" (https://thednextweb-com.cdn.ampproject.org/c/s/thenextweb.com/podium/2019/12/30/fixing-employee-access-should-be-your-top-security-priority-in-2020).
In addition to protecting computer systems against outside hackers, organizations must also guard against internal security breaches. They may be caused by rouge employees, or careless use of passwords and clicking on suspicious attachments.
Since most data breaches require access to, and opportunity to manipulate sensitive data, organizations can reduce their risk by limiting employee access to data or programs not needed to perform their jobs. Unfortunately, this is easier said than done. Fixed entitlement reviews - whether annual or at shorter intervals - can take time to complete for large organizations, and give threat actors time to to operate between reviews. A better strategy is to use software to review and update employee access in real time.
Whatever system your organization uses, remember to have Cyber insurance in place before you have a security breach.