This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
A 32-year-old woman employed by recently hacked provider of payroll software Sage was arrested at an airport in London Wednesday and charged with conspiracy to defraud the company, according to news reports.
Based in the U.K., Sage supplies payroll and accounting software to small and medium-sized companies.
Earlier this week, Sage revealed that someone using employee credentials caused a data breach internally when they accessed corporate data without authorization.
SHRM Online that internal data breaches can be mitigated with training, policies and observation of internal systems.
Sage has yet to reveal if the stolen information was leaked or sold—or what data may have been compromised. However, according to news reports, Sage retains a great deal of information about its clients, including their names, addresses and financial data—all of which thieves would find attractive.
The company notified customers, and authorizes are investigating. The arrested employee has since made bail. Between 200 and 300 businesses in the UK may be victims of the breach.
In a statement, Sage said: "Our customers are always our first priority so we are communicating directly with those who may be affected and giving guidance on measures they can take to protect their security. Please note this issue does not affect any customers in other countries."
accidental data breaches and
cyber espionage are not new, as
SHRM Online has reported in the past.
IBM's X-Force security team, 55 percent of all corporate attacks are caused accidentally by human error or done maliciously by employees; 45 percent are performed by outsiders.
In an interview with
SHRM Online earlier this spring, Mark Sangster, vice president and industry security strategist at eSentire, a cybersecurity company based in Cambridge, Ontario, said that he's : "seeing many cases of insider data breaches that involve leaking sensitive data for [financial gain] or more malicious intent. However, quickly, we expect to see hardline compliance rules and fines come to firms with sub-standard cyber security defenses in the future."
David Meyer, vice president of products at San Francisco-based OneLogin said internal breaches "highlight the need for more security awareness training" for employees. OneLogin, provides single sign-on and identity management for cloud-based applications.
"The security [attitude] day to day among the employees is the largest battle," he told
SHRM Online. "Technology is critical as well—you should eliminate passwords in applications, use multiple authentication factors, analyze behavior. Yet, the attitude employees have can circumvent all of that."
Letting unidentified people onto your floor, answering questions about your company casually in a bar—that can be used to gain access later—these are the key gaps in your defenses.
"HR needs to partner with IT to ensure the workplace facilitates security," Meyer said.
He added: "One of our customers has a policy of looking over all activities for the past 90 days when an employee resigns. This is because the intention to leave comes long before the resignation, and with the intention to leave comes a risk of bad behavior," Meyer said, adding that the better manager training is, the better there's trust in an organization, and the better there's a sense of aligned values and common mission mitigate these factors.
"If there is no ill will, then there will be fewer malicious acts," Meyer said.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 10,000 companies