As new details emerge about the Sony hack earlier this month, some security experts claim evidence points to an “inside job” possibly committed by a disgruntled ex-employee. Is your company protected against an insider cyber-attack?

The FBI and Sony continue to investigate the hack as it remains unclear exactly who was behind the attack. Read more HERE.

But, the recent article provides a cautionary tale for employers. Insiders have been the cause of many data breaches. Insiders include contract employees, third party on-site vendors, and even current and ex-employees.

When it comes to a company downsizing a group of employees or the firing of a specific employee, employers need to take basic security measures before taking action. Policies and practices need to be in place for a quick elimination of privileges via user names and passwords, as well as physical access to data, software, and hardware including computers, servers, and remote access via company or BYOD systems.

I recently worked with a client who failed to revoke user name and password privileges for an employee who resigned. Three months after leaving the company, the ex-employee was still signing into his old email account and engaging in nefarious activities against the client.

What policies and practices do you have in place for employees departing service voluntarily or involuntarily? Are the policies designed to safeguard customer lists, personally identifiable information that your company is required to protect by law, confidential information about employees, or other valuable information that could be exploited? More importantly, is your company actually following the policies and putting them practice?

Don’t wait to find out if your policies and practices are being followed until it’s too late and your company’s name is in the next hacking headline.

For more information about cyber law and protecting your company against an insider cyber-attack, contact the Goosmann Law Firm at or call 712-226-4000.

Subscribe Our Blog

DISCLAIMER: The information in this blog post (“post”) is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. By visiting this website, blog, or post you understand that there is no attorney client relationship between you and the Goosmann Law Firm attorneys and website publisher. No information contained in this post should be construed as legal advice from Goosmann Law Firm, PLC, or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.