The Ninja Sensei’s Logbook: Revenge Of An Ex-staff: An Insider Threat To Cybersecurity
Employees are considered the weakest link when it comes to an organisation’s cybersecurity. Provided that employees have access to the personal data that the organisation manages, employee sabotage is the biggest threat that must be addressed before it becomes a problem in the future.
Employees come and go. This is a normal scenario in the workplace. However, not all of them have a simple exit in mind; some will most likely try to sabotage the company when it is least expected. This will now serve as an impending insider threat that no one will see coming, which is why it is important to acknowledge this before hiring the workforce.
The case of Terra Systems is a prime example
Terra Systems was made to pay a whopping fine of S$12,000 after breaching the Protection Obligation of the PDPA. The cause? A disgruntled former employee who made changes in the organisation’s portal that houses personal data after getting the daily common password of the day from other employees.
Hell hath no fury than an employee scorned.
How can you prevent employee sabotage from happening in your organisation? Here are some tips!
✔️ Conduct a thorough recruitment process in hiring dependable employees.
✔️ Limit providing unnecessary access of employees to personal data that they do not need
✔️ Set in place policies and standard operating procedures for employees leaving the company
✔️ Change passcodes and revoke access when staff leave, or sooner if necessary.
✔️ Make sure to have an inclusive and diverse culture in the workplace that promotes employee voice, which keeps you in touch with your workforce’s general well-being.
To help you minimise the possibility of employee sabotage and protect your business, it is also best practice to appoint a Data Protection Officer (DPO), whether in-house or outsourced such as Privacy Ninja. Besides the fact that it is required under the PDPA, the DPO can help organisations with their policies to ensure that they comply with data protection obligations. This officer can also help set the standard operating procedures when it comes to leaving employees to prevent any possibilities of employee sabotage, like in the case of Terra Systems.
P.S. Got questions or do you need help with your cybersecurity and data protection compliance journey? Don’t hesitate to reach out to us. We are always a text/call or email away!
📱 WhatsApp: +65 8750 4250
📧 Email: ninjas@privacy.com.sg
