Concerns of Internal Sabotage Issued by Cyber Experts

CYBER security experts are warning Scottish businesses of all sizes about the potential dangers and weak links caused by their own workforce.

With recent data breach cases hitting the headlines, the Scottish Business Resilience Centre (SBRC) is urging organisations to consider the level of access to confidential information their employees are given.

The message comes after electric car company Tesla’s claim that it has suffered ‘significant and continuing’ damage as a result of a former employee passing confidential information to third parties.

Gerry Grant, Chief Ethical Hacker with Curious Frank, a division of the SBRC said: “When a business as successful as Tesla can suffer such a detrimental internal leak, anyone can.

“Businesses must put measures in place to make sure employees are behaving diligently and are not making any careless mistakes when it comes to your company’s private data.

“It’s not about distrusting your staff, but more about being aware of the access they have to confidential information within the organisation.

“We hear about employees from larger corporations complaining that they are restricted from accessing Gmail, but there is always a good reason behind these kinds of precautions.

“Typically, it is larger firms who make the news stories but it is just as important for small businesses to have up-to-date security measures in place and to provide all staff members with data protection training.”

The SBRC is urging businesses of all sizes to reconsider their internal security, with even well-intentioned employees posing a risk should they have a lax attitude to security.

Gerry added: “Businesses should also consider the time frame from when an employee leaves the organisation, to how soon their access to company files is stopped.

“Where the answer is anything but straight away, you are opening yourself up to a possible data breach.

“We don’t want to cause undue panic, as we know the vast majority of staff are honest people. But even if that is the case, the threat exists – through simple negligence, allowing sensitive data to be accessed.

“To combat this, regular staff training and communication is vital – even the most secure system in the world is potentially flawed if a member of staff doesn’t adhere to your standards or isn’t kept up to date with best practice.”

Curious Frank offers a range of services to assist organisations with their cyber security, including assessment and development of cyber security capabilities, crisis response and identification of threats and vulnerabilities in systems.

Established with the objective of creating a secure Scotland for business to flourish, the SBRC is a unique organisation comprised of contributions and secondments from Police Scotland, the Scottish Government, major banks, industries and academia.

For more information on the SBRC and its services, visit www.sbrcentre.co.uk.