Risk Management Blog

Is Access to Your Data for Sale?

Written by The ALS Group | May 3, 2016 6:22:43 PM

One of the most significant cyber threats to any company’s security is the Rogue Employee. Who is this person? Someone who has been entrusted with access to the system(s); (i.e. databases, customer records, HR records, confidential email, etc.) and who chooses to hurt the company and fellow employees by intentionally performing a wrongful act or providing another with the ability to do so.

In a Recent Wall Street Journal blog post titled “Survey Roundup: Passwords at a Price”, it was noted that 20% of the 1,100 large company employees surveyed said they would sell their corporate password and 44% of those would sell it for less than $1,000. Obviously, these are frightening statistics.

In most cases, the Rogue Employee or vendor will start by deleting and copying data, since this is more difficult to detect in the earlier stages of a data breach.  Companies must be aware of this type of cyber threat and have a strategy in place to not only protect their IT systems and data, but mitigate or transfer any risks resulting from such a breach that would have significant financial impact on the company.

Here are just a few guidelines for safe-guarding an organization against a Rogue Employee:

  1. Enforce password updates regularly – Passwords to computers, email, databases and other data entry points should be changed at least every 90 days. IT should be enforcing these password changes through policy.
  2. Background checks – Get to know the candidate before bringing them on-board. Speak to former employers and perform background check to ensure you’re hiring a quality individual.
  3. Remove access upon termination – After an employee ends engagement for any reason, IT should be notified to remove their access to all systems. Have a checklist prepared so nothing is missed.
  4. Have defined security groups – Employees should have only enough access to perform their job functions. No more, no less. IT should audit security groups with operations regularly to account for employees who change functions or move through various departments.
  5. Cyber Liability Insurance – Should a data breach occur, a Cyber Liability policy will provide some method of risk transfer and offset costs associated with the breach all the while, providing a cushion for recovery time to return to normal operations.

With cyber breaches being somewhat of a daily news occurrence, be sure to discuss this risk with your IT team and risk advisors to confirm that all available safeguards are in place. To find out more about how The ALS Group can help your company mitigate its Rogue Employee risk contact us today!