Separation of Duties SHOULD be implemented for workflows involving access to confidential/restricted data and access to sensitive business operations/environments.
Separation of Duties is a workplace control that helps mitigate insider threats. While the usefulness of separation of duties is more apparent in larger organizations, there are still many scenarios in small and medium-sized environments where the control is beneficial. Separation of Duties ensures that no large-scale task is entirely left under the control of one individual. This provides checks and balances for sensitive business assets and helps strengthen accountability. As a business owner, you may be tempted to place full trust in your employees, especially when they have been part of your team for a long time. Unfortunately, you cannot do this and also take cybersecurity seriously.
Separation of Duties is especially recommended for tasks involving any kind of finance. Your business finances are ripe for fraud and misuse. If your business consists of a handful of employees, you could task one employee with recommending supplies, another with determining the required and available budget for the supplies, and a third with actually purchasing the supplies. As the business owner, you yourself could end the chain by verifying the purchase orders and ensuring the arrival of the appropriate supplies.
Carefully review the most sensitive operations in your business environment, as well as the individuals responsible for carrying them out. Further context can be obtained by conducting a risk assessment on the specific tasks. If you determine that a large impact would result from the compromise of any task, then you should begin looking into splitting up the task into smaller ones delegated to multiple different individuals in the appropriate department.