Sage, LLC, a British company providing business software solutions for clients around the world, was the latest victim of a data breach. This one, however, came from inside the company itself. This is an increasingly common problem, though not as widely reported as the high profile data breaches from hackers outside the company's firewall.
One of the types of software Sage deals in is payroll software, and the company keeps the payroll data of their corporate clients on their servers. Recently, a 32-year-old woman was arrested for fraud, when evidence surfaced that she had inappropriately accessed the payroll data of upwards of three hundred of Sage's corporate clients. What she ultimately intended to do with the data is unclear, but the potentially impacted clients have been notified.
This is a grim reality faced by companies all over the world. What makes these kinds of breaches so damaging is that since the employees have network access, and often significant levels of access, they're in a prime position to do incredible damage, and possibly make off with large amounts of sensitive corporate data. Worse, it doesn't matter how much you've spent on digital security, very few of the tools you put in place will protect against this kind of attack.
Ultimately, the best defense against internal threats comes from three things:
A robust audit system, that allows for fine-grained tracking of who access what data, when, and for what purpose.
A thorough vetting of all employees, and proper ongoing training to be sure that all employees understand the ramifications of mishandling the data they are entrusted with.
A periodic review of all access rights, designed both to ensure that no one individual has unfettered access to everything (stop-loss control), and to ensure that employees only have access to the data they need to perform their job functions.
If you have any concerns about your company's security policies or protection, contact us today so one of our skilled technicians can help.