My ex-employee is setting up shop down the road! How?
So you have been in business for a few years now and are starting to hire more people. The business you started with the hopes of eventually growing is starting to bear fruit after all the blood, sweat and tears. Now you can finally delegate some tasks to employees, contractors and vendors. While being able to work on your business, as opposed to in your business, is the dream, now there are some risks associated with this progression. A lesser-spoken about cybersecurity problem we encounter often goes by the name of “Insider Risk”. The increased concern regarding this threat is that the more people you hire or engage, the higher your risk of a potential incident.
Below we will review two unrelated scenarios businesses have fallen victim to and are much more common than one would like to believe.
The first story begins with a business owner in the medical field looking to expand their business by bringing on another practitioner to generate more revenue. The new staff member was issued a laptop previously used by the owner; the device was sufficient to complete work, and they already had everything pre-loaded to hit the ground running. The business was booming until the two parties disagreed internally, ending the previous arrangement swiftly. Unbeknownst to the owner, the ex-employee had copied all the company data off the laptop before returning it. The act caused an undisclosed six-figure amount of information to be stolen from the owner, which was unrecoverable and essentially lost forever.
Our next scenario concerns a real estate agency renting houses to the general public. The rental process requires the prospective tenants to submit banking information, driver’s licenses, Medicare card/s, and information about their previous living situation. This data type is commonly known as PII (Personal Identifiable Information). The basic process was effective, and all the information was saved to a shared mailbox for easy access and convenience for their staff. This company was too busy with the daily grind, with the mindset that insider threats are a risk for enterprise business, and ran with very relaxed information security controls. Data was stored on computers that didn’t automatically lock after a certain period of time, and all the emails with the PII would sit in the inbox and never be purged or archived securely. On this particular day, an intern was using the computer and decided to clone years of company information while the property manager was out. The intern then decided to supplement their income via nefarious means by selling the information on the dark web, effectively causing a major breach from inside the organisation with little technical prowess other than plugging in the USB, copying and pasting the data.
Now that we have demonstrated two examples of insider risks, you must ask yourself if your organisation is doing its best to keep company data and, more importantly, client records safe. If you want to hear more about how insider risk can threaten your business, let’s schedule a call today.