When it comes to Network Security Systems, often employees are considered the weak link in the chain. Sometimes the cause is human error, but in some cases, disgruntled employees are wreaking havoc.Take the case of the Desjardins Group. The Canadian Financial company suffered a data breach when one of its employees collected personal information and sold it to a third party. The leaked information includes names, addresses, birth dates, social insurance numbers, email addresses and information about transaction habits. The breach had such an effect on Canadian customers that an emergency parliamentary meeting was held.
Sadly, insider breaches are nothing new. Inc.com posted a 2016 story about the case of Voova, a marketing and software company based in the U.K. and an employee named Steffan Needhan, who was let go due to "poor performance" after only four weeks on the job. Needhan was an IT employee, and after 4 weeks on the job, knew how to bring Voova down to its knees. Prior to his termination, Needhan stole another employee’s credentials, and then set upon torching the company’s Amazon Web Services computers. “As a result, the company lost "big contracts with transport companies" to the tune of £500,000 (about $700,000 at the time). Unfortunately, the company was unable to recover the deleted data.”
Needhan was eventually arrested and is serving two years in jail. So how could have Voova avoided this whole fiasco?
According to Inc.com, a two-factor authentication system would probably have stopped Needhan. By implementing this system, when Needham logged into the system a text message would've been sent to the other employee’s smartphone asking for permission to login. Since the employee knew he wasn’t requesting access, he would've alerted management of the intrusion. Unfortunately, that didn’t happen in this case.
So, what best practices has your company implemented to prevent an insider breach? Check our Uzado to learn how they can help you protect yourself from a breach.