While the facts of the case are both interesting and alarming, the real story, and lesson to all business owners, is the danger that your employees, both current and former pose.
The simple truth is that no matter how much you spend on your company’s digital security system, it can all be undone by one careless (or disgruntled) employee. They are your firm’s greatest asset, and its biggest weakness.
Unfortunately, too many firms consider employee security training to be an afterthought at best, and what training employees get tends to be nonspecific, and according to many employees, not very helpful.
Obviously, the even larger concern here is the issue of employee terminations and how they are handled.
In the Expedia case, while the company’s Network Administrators were quick to disable his accounts, he retained access to the laptop he was issued by the company for several months, and using it, he was able to access a variety of non-public information. This was how he continued to pilfer and ultimately profit from sensitive information.
This is a simple case of improper asset tracking. Had a thorough equipment audit been conducted when their employee was let go, the missing piece of equipment would have been quickly identified and collected.
Unfortunately, with so many companies using a BYOD (Bring Your Own Device) policy, this gets even more complex, because an employee could easily download a variety of proprietary information onto his or her personal device in advance of leaving. Unless there are protocols in place to check and prevent such actions, your company could be at serious risk.
The question, then, is whether you have measures in place to prevent a disgruntled employee from causing your company serious financial harm. If you’re not sure, contact us today, and one of our talented team members will be happy to review the current state of your digital security and make recommendations to keep your business safe.