The FBI and Sony continue to investigate the hack as it remains unclear exactly who was behind the attack. Read more HERE.
But, the recent article provides a cautionary tale for employers. Insiders have been the cause of many data breaches. Insiders include contract employees, third party on-site vendors, and even current and ex-employees.
When it comes to a company downsizing a group of employees or the firing of a specific employee, employers need to take basic security measures before taking action. Policies and practices need to be in place for a quick elimination of privileges via user names and passwords, as well as physical access to data, software, and hardware including computers, servers, and remote access via company or BYOD systems.
I recently worked with a client who failed to revoke user name and password privileges for an employee who resigned. Three months after leaving the company, the ex-employee was still signing into his old email account and engaging in nefarious activities against the client.
What policies and practices do you have in place for employees departing service voluntarily or involuntarily? Are the policies designed to safeguard customer lists, personally identifiable information that your company is required to protect by law, confidential information about employees, or other valuable information that could be exploited? More importantly, is your company actually following the policies and putting them practice?
Don’t wait to find out if your policies and practices are being followed until it’s too late and your company’s name is in the next hacking headline.
For more information about cyber law and protecting your company against an insider cyber-attack, contact the Goosmann Law Firm at info@goosmannlaw.com or call 712-226-4000.