Blog

Another Inside Job Responsible for a Data Breach

Another Inside Job Responsible for a Data Breach AT&T is the latest company to suffer a data breach. The company has confirmed that a 3rd party vendor it has worked with had accessed confidential information without the proper authorization.

These kinds of news are becoming more and more frequent. The most well-known example previously is, of course, Edward Snowden – although an insider, Snowden also gained access to confidential information without proper authorization. A recurring theme in a lot of data breaches nowadays seems to be the improper access that a “trusted” insider has to confidential information.

The previous thinking (and perhaps the current thinking in some places) was that insiders, the people with access to sensitive company information already, can be trusted to maintain the confidentiality of that information. The mentality was that these are people you can trust since you know them personally, whereas the more commonly thought of threat, hackers (outside the organization), are unknown entities trying to gain access to information they shouldn’t have in the first place.

The real world examples, however, illustrate a different story. Insiders can be and are real threats to an organization’s data security. They can even be more of a potential threat than outside threats because they already have some level of trust and access to confidential company information. In these kinds of situations where the threat is someone who already has some level of access to confidential company information, securing the data and controlling the level of access is crucial. An organization’s employees can’t have the same level of access to all the company files – this would be unwise and increase the risk of an insider misusing or abusing their access. By limiting access to information to an appropriate level per employee, it can decrease the risk of insider threats for your organization and ensure your organization’s data security.

Is your company or business protected? Learn more about the data breach services Fasoo can customize for any business. These kinds of real world examples are only going to increase. Take the steps now to make sure you don’t become one of them.

Tags
Book a meeting