Not a Member? Get access to HR news and resources that you can trust.
Here is how HR can help prevent the missteps that could cost your company big in court.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Get the HR education you need without travel expenses or time out of the office.
Expand your influence and learn how to become an effective leader -- Join us in Phoenix, AZ, October 2-4, 2017.
A 32-year-old woman employed by recently hacked provider of payroll software Sage was arrested at an airport in London Wednesday and charged with conspiracy to defraud the company, according to news reports.
Based in the U.K., Sage supplies payroll and accounting software to small and medium-sized companies.
Earlier this week, Sage revealed that someone using employee credentials caused a data breach internally when they accessed corporate data without authorization.
SHRM Online that internal data breaches can be mitigated with training, policies and observation of internal systems.
Sage has yet to reveal if the stolen information was leaked or sold—or what data may have been compromised. However, according to news reports, Sage retains a great deal of information about its clients, including their names, addresses and financial data—all of which thieves would find attractive.
The company notified customers, and authorizes are investigating. The arrested employee has since made bail. Between 200 and 300 businesses in the UK may be victims of the breach.
In a statement, Sage said: "Our customers are always our first priority so we are communicating directly with those who may be affected and giving guidance on measures they can take to protect their security. Please note this issue does not affect any customers in other countries."
accidental data breaches and
cyber espionage are not new, as
SHRM Online has reported in the past.
IBM's X-Force security team, 55 percent of all corporate attacks are caused accidentally by human error or done maliciously by employees; 45 percent are performed by outsiders.
In an interview with
SHRM Online earlier this spring, Mark Sangster, vice president and industry security strategist at eSentire, a cybersecurity company based in Cambridge, Ontario, said that he's : "seeing many cases of insider data breaches that involve leaking sensitive data for [financial gain] or more malicious intent. However, quickly, we expect to see hardline compliance rules and fines come to firms with sub-standard cyber security defenses in the future."
David Meyer, vice president of products at San Francisco-based OneLogin said internal breaches "highlight the need for more security awareness training" for employees. OneLogin, provides single sign-on and identity management for cloud-based applications.
"The security [attitude] day to day among the employees is the largest battle," he told
SHRM Online. "Technology is critical as well—you should eliminate passwords in applications, use multiple authentication factors, analyze behavior. Yet, the attitude employees have can circumvent all of that."
Letting unidentified people onto your floor, answering questions about your company casually in a bar—that can be used to gain access later—these are the key gaps in your defenses.
"HR needs to partner with IT to ensure the workplace facilitates security," Meyer said.
He added: "One of our customers has a policy of looking over all activities for the past 90 days when an employee resigns. This is because the intention to leave comes long before the resignation, and with the intention to leave comes a risk of bad behavior," Meyer said, adding that the better manager training is, the better there's trust in an organization, and the better there's a sense of aligned values and common mission mitigate these factors.
"If there is no ill will, then there will be fewer malicious acts," Meyer said.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
New Pro Member Special
SHRM’s HR Vendor Directory contains over 3,200 companies