Protecting The Crown Jewels From Insider Risk for SME’s

Protect Your Critical Assets From Insider Threa

Every time an employee leaves your business, it places your Intellectual Property (IP) and Critical Data at risk.

Intellectual Property refers to your patents, trade secrets, copyright, trademarks and new concepts or ideas. Whereas, Critical Data applies to any function that attributes to the running of your business, including; business plans, sales/customer information (impacted by GDPR), rate plans, financial data such as; revenue, profits, stock price.

This post will focus on the importance of protecting  Personally identifiable information (PII) that is often listed in customer databases and stolen by departing employees. With new GDPR laws, companies have to report breached data to the supervisory authority within 72 hours. And if the security breach is likely to result in a high privacy risk for an individual, the individual will also need to be informed of the breach.

Thus, there has never been a more critical time to protect your data walking out of the door by your departing staff member or disgruntled employee, a failure to protect will result in untold financial and brand damage that may be difficult to recover from.

Here are some tips on what your business needs to consider.

At the outset of your business’s relationship with a staff member, it is important to have the minimum in place:

Your Culture:

Your Legal Agreement:

Your Technical Ability:

  • Implement monitoring tools that track the movement of critical data such as; files emailed to personal email accounts, excessive printing of confidential documents, copying of files containing strings such as bank codes, dates of birth.
  • Encrypt critical files to ensure authorised access only, with the ability to remotely remove access rights should an employee leave or exhibit disturbing behaviour.
  • Monitor compromised emails and passcodes that have been exposed to the dark web.
  • Implement an exit policy to close old accounts, remove access levels and close down redundant web pages.

Your HR Processes:

  • Include a detailed confidentiality clause in employment contracts and ensure staff members understand their obligations before signing the agreement.
  • Implement a data security onboarding process that covers the use and restrictions of managing data and staff members obligations to security.
  • Manage poor performance, weak leadership and disgruntled staff members as revenge, greed and bitterness are the main factors that motivate people to commit theft and destroy data.
  • Apply a process that manages high-risk staff members, including changing access levels due to changes in job role and restricting access levels for departing employees.
  • Implement exit interviews to continuously improve the way you manage departing staff members for continuous improvements in security.
  • When a staff member is terminated, redundant or resigns, instrument a process that ensures critical data is returned back to the company.

Should a data breach occur?

This is not a holistic list, however, for a small to medium business who have limited access to security experts, it highlights some of the basic security processes that will help protect your critical data.

Harrman Cyber operates with a conglomerate of data and security experts who provide cost-effective advice, solutions and outsourced expertise to help small to medium business protect their critical assets from a data breach.

Tanya Harris, CEO, Harrman Cyber and Cyber Security for SME’s

Follow Tanya on Twitter  

Connect with Tanya on Linkedin 

6 Replies to “Protecting The Crown Jewels From Insider Risk for SME’s”

Leave a Reply

Your email address will not be published. Required fields are marked *