As organisations have boldly gone when no enterprise has gone before, meaning out to the far corners of cyberspace, the face of data security has changed significantly.
The traditional firewall model has collapsed as companies store their data in cloud servers they do not own, perhaps even in countries where they have no corporate presence. External threat actors have developed new methods of attack and customer data breaches have become headline news.
While organisations rethink their data security plans and actions, it is however important to remember that another important risk exists, which may need different treatment. It is the risk of employees stealing information about their colleagues.
One of the factors that differentiates this internal threat is the lack of antecedents for such data snooping or theft.
A study from the Association of Certified Fraud Examiners shows that 87% of fraudsters were first-time offenders. Other statistics suggest that employers are more likely to find out about employee theft of any kind through tip-offs from other employees, rather than audits or controls.
In other words, it’s a tough situation for employers to handle, because the problems are difficult to predict. Employees’ email accounts as well as personnel records are at risk.
Organisations can use a number of measures to help protect employees from each other. Simply cordoning off servers with confidential information physically is often a good step. This measure helps solve the problem of a bad internal actor armed with a USB memory stick.
Access to information should be systematically on a need-to-know basis, with a log that stores details of which person asked to or was given permission to consult another’s information.
Employees should also be correctly educated in information security, so that they don’t carelessly leave their own information lying around either. It is well worth making the effort.
Employee data breaches can lead to all the problems of customer data breaches, for example credit fraud and identity theft, as well as possible litigation against the employer.