27 November 2014
For businesses operating in such a connected society, how you manage to protect your data is arguably the single biggest worry. It takes you years to develop and it’s unique to your business so it stands to reason that it has to be carefully protected. In the past, we’ve had businesspeople come to us asking for help after security breaches, and I’ve seen first-hand how much pain it can cause. I’ve even seen grown men in tears before we were able to help them. For Sony, which was allegedly hacked this week, this is a pain that’s likely to have been exacerbated by the claims that their own employees were involved.
What’s interesting about this is the comment that’s been made, supposedly from one of the hackers involved externally. They have claimed that they wanted to achieve “equality” within Sony and thus worked with “staff with similar interests” to access the company’s servers. Whilst the anonymous group has threatened to release data, I’m not aware of this having happened yet, although I’m told their computers were down for a long time following the attack.
Whether the company’s employees were involved or not, the story does serve as a reminder to us all of why it’s so important to invest in your staff. Whilst you can’t guarantee anything, if you pay people well and do your utmost to make them feel valued, you make insider threats less of an issue. You’ve got to look at the motives behind why people might want to take from you. If you take advantage of your team, you increase the likelihood of this kind of thing happening.
It also reinforces the warning that you’ve got to be very careful on who you recruit. That being said, no-one’s going to turn up to their interview and say, “I stole from my last employer and I’m going to steal from you too!” However, your job is to try to find out as best you can in as short a time as possible whether new recruits are aligned with company culture. Spending time with people in your personal time is valuable if you want to see whether they are genuine.
Ultimately, it also comes down to the systems you have in place as a safeguard in case a disgruntled employee did want to steal or share sensitive data. Businesses are more frequently resorting to anomaly detectors within their systems to make sure any suspicious behaviour is identified. In a perfect world, you could trust the people you had gotten to know and worked alongside, but sadly the threat of one bad apple slipping through the net is very real and protecting customer data is the most important thing.
What do you make of the Sony hack? Is there a fool proof way to guard against insider threats, or is it simply about the way you engage your employees?