While unauthorized users must be prevented from using your equipment and gaining access to your information, controlling which data authorized users can access is also advised. According to the 2014 information security breaches survey, commissioned by the Department for Business, Innovation and Skills, most small-business security breaches were caused by failure to control access.
For example, an employee who is thinking of leaving your business may seek out commercially sensitive information about your customers and suppliers to take with them to a role with another employer. Or a dishonest employee may alter computer records to assist in fraud (or just for purely malicious reasons).