Internal Threat

Electric car manufacturer Tesla has filed a lawsuit accusing a former employee of passing confidential information to third parties. Tesla is claiming that it has suffered “significant and continuing” damage as a result of this employee. The lawsuit follows an internal email to all staff accusing the former employee of sabotage.

This case highlights that it is not always an external hacker that companies need to be wary of. This is just one of many cases, past and present, of someone internal to the company making off with company secrets. Here in the UK an employee of a large supermarket chain was found guilty of leaking employee data back in 2014. This resulted in the supermarket having to make large payouts in fines and compensation to those affected.

Businesses of all sizes need to be aware that sometimes a disgruntled employee can cause as much, if not more damage than an external criminal. This is not to say that you shouldn’t trust your staff, but controls need to be put in place to limit any damage in the worst-case scenario. Organisations need to consider the level of access granted on computer systems to staff. Sometimes the damage can be done not out of malice - a simple mistake could also result in a data breach.

Strict controls should be in place to limit what employees can access and change on the network. Good security policies and staff awareness training can help explain why certain restrictions are in place. Often, we hear staff in large organisations complain that they cannot access tools such as Gmail but there are valid reasons for blocking this kind of activity on a network.

The internal threat can continue once an employee leaves an organisation. How quickly do you remove an employee from the network once they have left? If the answer is longer than immediately then you are opening yourself up to a possible data breach.

To discuss your Cyber Security needs please email [email protected]

Written on 27 June 2018

Back to Main Blog