Earlier this week, an employee of business software company Sage was arrested for alleged fraud against the company following a recent data breach. The company was victim of a data breach which may have compromised the personal information of employees at around 280 businesses in the UK. Sage has notified businesses which have been affected.
Following this development, it is essential to recognise the threat that internal leaks pose to businesses – often a greater threat than that posed by external hackers. The data was accessed using an internal login without authorisation. While it isn’t currently clear exactly what information, if any, has been leaked, the data taken reportedly included bank account and salary details.
In the aftermath of the breach, security experts have called on firms to take insider threats more seriously. In some cases, untrained or incompetent staff can even make data available accidentally, or security systems can be easily compromised when companies make sensitive data accessible to a large number of employees. It is important to make sure that access to your company’s software is protected and limited.
The breach was made by a 32 year old female employee at Sage who gained unauthorised access to employee data using an internal log-in. She was arrested at Heathrow Airport and has since been released on bail. Her intentions or motivations are not currently clear.
Matthew Ravden, chief marketing officer at security firm Balabit, said “Too much faith has been placed in password-management systems, which a privileged user just logs into and is given unconstrained access to sensitive data.”
Chief technology officer of security company Centrify, Barry Scott added that “Audit software should be in place to collect detailed records of activity, and to enable replay of sessions for the user across the whole environment leading up to the event.” He went on to say that insider attacks are often avoidable “so long as the right safeguards are in place.”
What We Do
Accentra takes safety and the threat of internal breaches extremely seriously and recognises the importance of keeping sensitive data secure. We take a wide range of measures to protect all of our clients’ personal data, setting up strong security barriers and ensuring access to personal data is extremely limited.
By effectively training your staff and developing highly secure software, we ensure that your employees’ data is fully protected.